LDAP Server Configuration

Introduction

Configuration of the LDAP server involves several steps. The steps you need to follow depend on the software you are using. Most of the commercial software packages let you configure the server during installation. Indeed, you need configure only a few parameters to start a directory server. Appendix E describes the configuration file of OpenLDAP in more detail.

Configure the Root DN

In this step, you control whether the server knows just about the root of the DIT or the root DN. The root DN is also often called a suffix. In the installation procedure for most commercial products, you have just been asked about the root DN of the DIT. However, it may be that your directory-server installation has more than one root entry. It depends on the product you are using.

Configure Administrator and Operator

There is a special user in most LDAP implementations who has administrative rights. She can modify the schema and add/modify/delete entries. This user is called the administrator. There also may be other special users who have particular roles in the life of a directory. These roles are, however, implementation dependent.

The DN and the password for these users have to be configured.

For the open-source product OpenLDAP, you configure the document root and the DN and password of the administrator in the configuration file "slapd.conf." In the case of the Sun One directory server, the installation procedure asks you to input this information and then writes it into its configuration files. You can also directly access the configuration files if you wish.

Configure the Directory Schema/Schemas

Now you have to check the schema of your directory. You need to understand which object classes and attribute types to include in the schema. Most servers ship with a number of schema files that allow you to select the object classes and attribute types that you need. During this step, it may become apparent that you need to extend the schema.

Configure the Indexes

If you know which attributes will need indexes and you only have to insert a few thousand records, you can configure the indexes before loading the data. If you have a greater data volume, you should first load the data and then configure and build the indexes.

Conclusion

These four steps are the very basic configuration you need in order to be ready to run the LDAP server. It still has no data in it, but we will discuss this in the next section. Here are a few concluding words about the configuration of an LDAP server. The configuration of the directory server is very implementation dependent. SUN ONE, for example, holds most of the configuration data in the directory self, hosted in a special subtree. It offers a well designed GUI to administer these data. The GUI allows you to configure security features, replication, partitioning, user and group administration, and log management — just to mention the most important. A description of all these features would exceed by far the scope of this book. Furthermore, the administration tools are very different from implementation to implementation; therefore you need to read the documentation shipped with your LDAP server. The SUN ONE implementation, for example, offers a number of books delivered in PDF format. They are worthwhile to study if you want to get the most benefit from this product. The books you should read in any case are the "Administrator's Guide" and the "Configuration, Command and File Reference."

OpenLDAP has a configuration file holding the configuration data. Those of you who wish to know what you can configure in addition to the basic concepts mentioned previously should have a look at Appendix E, where I more fully describe the configuration file of OpenLDAP.