Chapter 28. LDAP

IN THIS CHAPTER

• Configuring the Server

• Configuring Clients

• Administration

• Reference

The Lightweight Directory Access Protocol (LDAP, pronounced ell-dap) is one of those technologies that, although hidden, forms part of the core infrastructure in enterprise computing. Its job is simple: It stores information about users. However, its power comes from the fact that it can be linked into dozens of other services. LDAP can power login authentication, public key distribution, email routing, and address verification and, more recently, has formed the core of the push toward single sign-on technology.

Tip

Most people find the concept of LDAP easier to grasp when they think of it as a highly specialized form of database server. Behind the scenes, Fedora uses a database for storing all its LDAP information; however, LDAP does not offer anything as straightforward as SQL for data manipulation!

OpenLDAP uses Sleepycat Software's Berkeley DB (BDB), and sticking with that default is highly recommended. That said, there are alternatives if you have specific needs.

This chapter looks at a relatively basic installation of an LDAP server, including how to host a companywide directory service that contains the names and email addresses of employees. LDAP is a client/server system, meaning that an LDAP server hosts the data and an LDAP client queries it. Fedora comes with OpenLDAP as its LDAP server, along with several LDAP-enabled email clients, including Evolution and Mozilla Thunderbird. We cover all three of these applications in this chapter.

Because LDAP data is usually available over the Internetor at least your local networkit is imperative that you make every effort to secure your server. This chapter gives specific instruction on password configuration for OpenLDAP, and we recommend you follow our instructions closely.