Overview
This is a 3 day hands-on training course covering LDAP and OpenLDAP from the ground up.
Course Outline
OpenLDAP overview
- Comparison with web and relational databases
- Entry structure
- Tree structure
- Simple searches
- Attributes Syntaxes and Object Classes
- RootDSE and subschema subentry
- LDAP Operations
- LDIF
- Command-line tools
- GUI tools
- Phpldapadmin – Installation and Configuration
Basic configuration and maintenance
- Installation from source code and decisions to be made at the build time
- Installation from packages
- Server structure: front-end, overlays, back-ends
- Evolution of disk-based backends
- Building test servers
- Differences for production servers
- Static configuration using slapd.conf
- Dynamic configuration via cn=config
- Conversion from slapd.conf to cn=config
- Monitoring via cn=monitor
- Backup and restore procedures
- Conversion from hdb to mdb backend
- Upgrading between OpenLDAP versions
Authentication and Authorisation using LDAP
- Bind methods: simple, SASL, public-key, Kerberos
- Security of passwords: ldap:/// ldaps:/// ldapi:///
- Representing groups in LDAP
- Using LDAP for Authentication and authorisation of other services
- Apache – Basic Auth configuration mechanism
- Management of system users with OpenLDAP
- RFC2307 / RFC2307bis / DBIS
- Configuration of NSS and PAM
- nss-pam-ldapd vs SSSD
SSL/TLS
- Certificate hierachies
- Using TLS with OpenLDAP: Server certs, Client certs and SASL EXTERNAL
Access Control
- Basic ACLs
- Limits
- Access Control Policy
- Testing ACLs
Distributed directories
- Replication, Chaining, and Referral
- Master-slave
- Mirrormode
Extending the schema
- Simple Schema Design
- OIDs
- Schema definition files
- Designing the Directory Information Tree
Working with existing applications and services
- Directory synchronisation and transformation tools
- LDAP proxies, firewalls and entry mapping