Previous Topic
|
Next Topic
Home
|
Catalog
OpenLDAP Software 2.4 Administrator's Guide
The OpenLDAP Project <
http://www.openldap.org/
>
7 September 2007
Table of Contents
Preface
1. Introduction to OpenLDAP Directory Services
1.1. What is a directory service?
1.2. What is LDAP?
1.3. When should I use LDAP?
1.4. When should I not use LDAP?
1.5. How does LDAP work?
1.6. What about X.500?
1.7. What is the difference between LDAPv2 and LDAPv3?
1.8. LDAP vs RDBMS
1.9. What is slapd and what can it do?
2. A Quick-Start Guide
3. The Big Picture - Configuration Choices
3.1. Local Directory Service
3.2. Local Directory Service with Referrals
3.3. Replicated Directory Service
3.4. Distributed Local Directory Service
4. Building and Installing OpenLDAP Software
4.1. Obtaining and Extracting the Software
4.2. Prerequisite software
4.2.1.
Transport Layer Security
4.2.2.
Simple Authentication and Security Layer
4.2.3.
Kerberos Authentication Service
4.2.4. Database Software
4.2.5. Threads
4.2.6. TCP Wrappers
4.3. Running configure
4.4. Building the Software
4.5. Testing the Software
4.6. Installing the Software
5. Configuring slapd
5.1. Configuration Layout
5.2. Configuration Directives
5.2.1. cn=config
5.2.2. cn=module
5.2.3. cn=schema
5.2.4. Backend-specific Directives
5.2.5. Database-specific Directives
5.2.6. BDB and HDB Database Directives
5.3. Access Control
5.3.1. What to control access to
5.3.2. Who to grant access to
5.3.3. The access to grant
5.3.4. Access Control Evaluation
5.3.5. Access Control Examples
5.3.6. Access Control Ordering
5.4. Configuration Example
6. The slapd Configuration File
6.1. Configuration File Format
6.2. Configuration File Directives
6.2.1. Global Directives
6.2.2. General Backend Directives
6.2.3. General Database Directives
6.2.4. BDB and HDB Database Directives
6.3. The access Configuration Directive
6.3.1. What to control access to
6.3.2. Who to grant access to
6.3.3. The access to grant
6.3.4. Access Control Evaluation
6.3.5. Access Control Examples
6.4. Configuration File Example
7. Running slapd
7.1. Command-Line Options
7.2. Starting slapd
7.3. Stopping slapd
8. Database Creation and Maintenance Tools
8.1. Creating a database over LDAP
8.2. Creating a database off-line
8.2.1. The
slapadd
program
8.2.2. The
slapindex
program
8.2.3. The
slapcat
program
8.3. The LDIF text entry format
9. Backends
9.1. Berkeley DB Backends
9.1.1. Overview
9.1.2. back-bdb/back-hdb Configuration
9.1.3. Further Information
9.2. LDAP
9.2.1. Overview
9.2.2. back-ldap Configuration
9.2.3. Further Information
9.3. LDIF
9.3.1. Overview
9.3.2. back-ldif Configuration
9.3.3. Further Information
9.4. Metadirectory
9.4.1. Overview
9.4.2. back-meta Configuration
9.4.3. Further Information
9.5. Monitor
9.5.1. Overview
9.5.2. back-monitor Configuration
9.5.3. Further Information
9.6. Null
9.6.1. Overview
9.6.2. back-null Configuration
9.6.3. Further Information
9.7. Passwd
9.7.1. Overview
9.7.2. back-passwd Configuration
9.7.3. Further Information
9.8. Perl/Shell
9.8.1. Overview
9.8.2. back-perl/back-shell Configuration
9.8.3. Further Information
9.9. Relay
9.9.1. Overview
9.9.2. back-relay Configuration
9.9.3. Further Information
9.10. SQL
9.10.1. Overview
9.10.2. back-sql Configuration
9.10.3. Further Information
10. Overlays
10.1. Access Logging
10.1.1. Overview
10.1.2. Access Logging Configuration
10.2. Audit Logging
10.2.1. Overview
10.2.2. Audit Logging Configuration
10.3. Chaining
10.3.1. Overview
10.3.2. Chaining Configuration
10.4. Constraints
10.4.1. Overview
10.4.2. Constraint Configuration
10.5. Dynamic Directory Services
10.5.1. Overview
10.5.2. Dynamic Directory Service Configuration
10.6. Dynamic Groups
10.6.1. Overview
10.6.2. Dynamic Group Configuration
10.7. Dynamic Lists
10.7.1. Overview
10.7.2. Dynamic List Configuration
10.8. Reverse Group Membership Maintenance
10.8.1. Member Of Configuration
10.9. The Proxy Cache Engine
10.9.1. Overview
10.9.2. Proxy Cache Configuration
10.10. Password Policies
10.10.1. Overview
10.10.2. Password Policy Configuration
10.11. Referential Integrity
10.11.1. Overview
10.11.2. Referential Integrity Configuration
10.12. Return Code
10.12.1. Overview
10.12.2. Return Code Configuration
10.13. Rewrite/Remap
10.13.1. Overview
10.13.2. Rewrite/Remap Configuration
10.14. Sync Provider
10.14.1. Overview
10.14.2. Sync Provider Configuration
10.15. Translucent Proxy
10.15.1. Overview
10.15.2. Translucent Proxy Configuration
10.16. Attribute Uniqueness
10.16.1. Overview
10.16.2. Attribute Uniqueness Configuration
10.17. Value Sorting
10.17.1. Overview
10.17.2. Value Sorting Configuration
10.18. Overlay Stacking
10.18.1. Overview
10.18.2. Example Scenarios
11. Schema Specification
11.1. Distributed Schema Files
11.2. Extending Schema
11.2.1. Object Identifiers
11.2.2. Naming Elements
11.2.3. Local schema file
11.2.4. Attribute Type Specification
11.2.5. Object Class Specification
11.2.6. OID Macros
12. Security Considerations
12.1. Network Security
12.1.1. Selective Listening
12.1.2. IP Firewall
12.1.3. TCP Wrappers
12.2. Data Integrity and Confidentiality Protection
12.2.1. Security Strength Factors
12.3. Authentication Methods
12.3.1. "simple" method
12.3.2. SASL method
13. Using SASL
13.1. SASL Security Considerations
13.2. SASL Authentication
13.2.1. GSSAPI
13.2.2. KERBEROS_V4
13.2.3. DIGEST-MD5
13.2.4. Mapping Authentication Identities
13.2.5. Direct Mapping
13.2.6. Search-based mappings
13.3. SASL Proxy Authorization
13.3.1. Uses of Proxy Authorization
13.3.2. SASL Authorization Identities
13.3.3. Proxy Authorization Rules
14. Using TLS
14.1. TLS Certificates
14.1.1. Server Certificates
14.1.2. Client Certificates
14.2. TLS Configuration
14.2.1. Server Configuration
14.2.2. Client Configuration
15. Constructing a Distributed Directory Service
15.1. Subordinate Knowledge Information
15.2. Superior Knowledge Information
15.3. The ManageDsaIT Control
16. Replication
16.1. Replication Strategies
16.1.1. Push Based
16.1.2. Pull Based
16.2. Replication Types
16.2.1. syncrepl replication
16.2.2. delta-syncrepl replication
16.2.3. N-Way Multi-Master
16.2.4. MirrorMode
16.3. LDAP Sync Replication
16.3.1. The LDAP Content Synchronization Protocol
16.3.2. Syncrepl Details
16.3.3. Configuring Syncrepl
16.4. N-Way Multi-Master
16.5. MirrorMode
17. Maintenance
17.1. Directory Backups
17.2. Berkeley DB Logs
17.3. Checkpointing
17.4. Migration
18. Monitoring
18.1. Monitor configuration via cn=config(5)
18.2. Monitor configuration via slapd.conf(5)
18.3. Accessing Monitoring Information
18.4. Monitor Information
18.4.1. Backends
18.4.2. Connections
18.4.3. Databases
18.4.4. Listener
18.4.5. Log
18.4.6. Operations
18.4.7. Overlays
18.4.8. SASL
18.4.9. Statistics
18.4.10. Threads
18.4.11. Time
18.4.12. TLS
18.4.13. Waiters
19. Tuning
19.1. Performance Factors
19.1.1. Memory
19.1.2. Disks
19.1.3. Network Topology
19.1.4. Directory Layout Design
19.1.5. Expected Usage
19.2. Indexes
19.2.1. Understanding how a search works
19.2.2. What to index
19.2.3. Presence indexing
19.3. Logging
19.3.1. What log level to use
19.3.2. What to watch out for
19.3.3. Improving throughput
19.4. BDB/HDB Database Caching
19.4.1. Berkeley DB Cache
19.4.2.
slapd
(8) Entry Cache
19.4.3.
IDL
Cache
20. Troubleshooting
20.1. User or Software errors?
20.2. Checklist
20.3. 3rd party software error
20.4. How to contact the OpenLDAP Project
20.5. How to present your problem
20.6. Debugging
slapd
(8)
20.7. Commercial Support
A. Changes Since Previous Release
A.1. New Guide Sections
A.2. New Features and Enhancements in 2.4
A.2.1. Better
cn=config
functionality
A.2.2. Better
cn=schema
functionality
A.2.3. More sophisticated Syncrepl configurations
A.2.4. N-Way Multimaster Replication
A.2.5. Replicating
slapd
Configuration (syncrepl and
cn=config
)
A.2.6. Push-Mode Replication
A.2.7. More extensive TLS configuration control
A.2.8. Performance enhancements
A.2.9. New overlays
A.2.10. New features in existing Overlays
A.2.11. New features in slapd
A.2.12. New features in libldap
A.2.13. New clients, tools and tool enhancements
A.2.14. New build options
A.3. Obsolete Features Removed From 2.4
A.3.1. Slurpd
A.3.2. back-ldbm
B. Upgrading from 2.3.x
B.1. Monitor Backend
B.2.
cn=config
olc* attributes
C. Configuration File Examples
C.1. slapd.conf
C.2. ldap.conf
C.3. a-n-other.conf
D. Glossary
D.1. Terms
D.2. Related Organizations
D.3. Related Products
D.4. References
E. Generic configure Instructions
F. OpenLDAP Software Copyright Notices
F.1. OpenLDAP Copyright Notice
F.2. Additional Copyright Notice
F.3. University of Michigan Copyright Notice
G. OpenLDAP Public License
