[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RFC: New Admin Guide Layout
Dear All,
We all know the docs weaknesses, I've started this to try and
address them, as more and more people are using our docs as
an excuse not to use OpenLDAP. We all know that is wrong, but
my goal is to equal or surpass the quality of the software with
the docs.
Details:
Changes:
* Deeper TOC
* When to use LDAP and age old question of LDAP vs RDBMS
* Incorporated many FAQ-O-MATIC topics (for above also)
* Answers to Common mailing list topics and IRC #ldap topics
* Generic TLS Cert Generation Methods
== Maybe create an Advanced section for below? (currently in same heading
level as the rest) ==
* Included all Overlays and Backends
* More Replication discussions/strategies, include N-Way MultiMaster and
MirrorMode (no sublevels yet)
* Re-ordered layout
* New sections: Maintainence, Tuning, Troubleshooting and Example
Configuration Files in the Appendix (light on sub-levels).
This is obviously just the start, but a good place to be in I think. It's
a lot easier to write peices once we have a topic list to tick off.
Feel free to chop and change ordering etc. It's a start.
Now we need to delegate! ;-)
New version:
Table of Contents
Preface
1. Introduction to OpenLDAP Directory Services
1.1. What is a directory service?
1.2. What is LDAP?
1.3. How does LDAP work?
1.4. What about X.500?
1.5. What is the difference between LDAPv2 and LDAPv3?
1.6. When should I use LDAP?
1.7. When should I not use LDAP?
1.8. LDAP vs RDBMS
1.9. What is slapd and what can it do?
2. A Quick-Start Guide
3. The Big Picture - Configuration Choices
3.1. Local Directory Service
3.2. Local Directory Service with Referrals
3.3. Replicated Directory Service
3.4. Distributed Local Directory Service
4. Building and Installing OpenLDAP Software
4.1. Obtaining and Extracting the Software
4.2. Prerequisite software
4.2.1. Transport Layer Security
4.2.2. Simple Authentication and Security Layer
4.2.3. Kerberos Authentication Service
4.2.4. Database Software
4.2.5. Threads
4.2.6. TCP Wrappers
4.3. Running configure
4.4. Building the Software
4.5. Testing the Software
4.6. Installing the Software
5. Configuring slapd
5.1. Configuration Layout
5.2. Configuration Directives
5.2.1. cn=config
5.2.2. cn=include
5.2.3. cn=module
5.2.4. cn=schema
5.2.5. Backend-specific Directives
5.2.6. Database-specific Directives
5.2.7. BDB and HDB Database Directives
5.3. Access Control
5.3.1. What to control access to
5.3.2. Who to grant access to
5.3.3. The access to grant
5.3.4. Access Control Evaluation
5.3.5. Access Control Examples
5.3.6. Access Control Ordering
5.4. Configuration Example
6. The slapd Configuration File
6.1. Configuration File Format
6.2. Configuration File Directives
6.2.1. Global Directives
6.2.2. General Backend Directives
6.2.3. General Database Directives
6.2.4. BDB and HDB Database Directives
6.3. The access Configuration Directive
6.3.1. What to control access to
6.3.2. Who to grant access to
6.3.3. The access to grant
6.3.4. Access Control Evaluation
6.3.5. Access Control Examples
6.4. Configuration File Example
7. Running slapd
7.1. Command-Line Options
7.2. Starting slapd
7.3. Stopping slapd
8. Database Creation and Maintenance Tools
8.1. Creating a database over LDAP
8.2. Creating a database off-line
8.2.1. The slapadd program
8.2.2. The slapindex program
8.2.3. The slapcat program
8.3. The LDIF text entry format
9. Backends
9.1. Berkeley DB backends
9.1.1. Overview
9.1.2. back-bdb/back-hdb Configuration
9.1.2. Further Information
9.2. LDAP
9.1.1. Overview
9.1.2. back-ldap Configuration
9.1.2. Further Information
9.3. LDIF
9.1.1. Overview
9.1.2. back-ldif Configuration
9.1.2. Further Information
9.4. Metadirectory
9.1.1. Overview
9.1.2. back-meta Configuration
9.1.2. Further Information
9.5. Monitor
9.1.1. Overview
9.1.2. back-monitor Configuration
9.1.2. Further Information
9.6. Relay
9.1.1. Overview
9.1.2. back-relay Configuration
9.1.2. Further Information
9.7. Perl/Shell
9.1.1. Overview
9.1.2. back-perl/back-shell Configuration
9.1.2. Further Information
9.8. SQL
9.1.1. Overview
9.1.2. back-sql Configuration
9.1.2. Further Information
9.9. Senarios
10. Overlays
10.1. Access Logging
10.1.1. Overview
10.1.2. Access Logging Configuration
10.2. Audit Logging
10.2.1. Overview
10.2.2. Audit Logging Configuration
10.3. Constraints
10.3.1. Overview
10.3.2. Constraint Configuration
10.4. Dynamic Directory Services
10.4.1. Overview
10.4.2. Dynamic Directory Service Configuration
10.5. Dynamic Groups
10.5.1. Overview
10.5.2. Dynamic Group Configuration
10.6. Dynamic Lists
10.6.1. Overview
10.6.2. Dynamic List Configuration
10.7. The Proxy Cache Engine
10.7.1. Overview
10.7.2. Proxy Cache Configuration
10.7.1.1. Setting cache parameters
10.7.2.1. Defining attribute sets
10.7.3.1. Specifying cacheable templates
10.7.4.1. Example
10.8. Password Policies
10.8.1. Overview
10.8.2. Password Policy Configuration
10.9. Referential Integrity
10.9.1. Overview
10.9.2. Referential Integrity Configuration
10.10. Return Code
10.10.1. Overview
10.10.2. Return Code Configuration
10.11. Rewrite/Remap
10.11.1. Overview
10.11.2. Rewrite/Remap Configuration
10.12. Sync Provider
10.12.1. Overview
10.12.2. Sync Provider Configuration
10.13. Translucent Proxy
10.13.1. Overview
10.13.2. Translucent Proxy Configuration
10.14. Attribute Uniqueness
10.14.1. Overview
10.14.2. Attribute Uniqueness Configuration
10.15. Value Sorting
10.15.1. Overview
10.15.2. Value Sorting Configuration
10.16. Overlay Stacking
10.16.1. Overview
10.16.2. Example Senarios
11. Schema Specification
11.1. Distributed Schema Files
11.2. Extending Schema
11.2.1. Object Identifiers
11.2.2. Naming Elements
11.2.3. Local schema file
11.2.4. Attribute Type Specification
11.2.5. Object Class Specification
11.2.6. OID Macros
12. Security Considerations
12.1. Network Security
12.1.1. Selective Listening
12.1.2. IP Firewall
12.1.3. TCP Wrappers
12.2. Data Integrity and Confidentiality Protection
11.2.1. Security Strength Factors
12.3. Authentication Methods
12.3.1. "simple" method
12.3.2. SASL method
13. Using SASL
13.1. SASL Security Considerations
13.2. SASL Authentication
13.2.1. GSSAPI
13.2.2. KERBEROS_V4
13.2.3. DIGEST-MD5
13.2.4. Mapping Authentication Identities
13.2.5. Direct Mapping
13.2.6. Search-based mappings
13.3. SASL Proxy Authorization
13.3.1. Uses of Proxy Authorization
13.3.2. SASL Authorization Identities
13.3.3. Proxy Authorization Rules
14. Using TLS
14.1. TLS Certificates
14.1.1. Generic Certificate Generation Methods
14.1.2. Server Certificates
14.1.3. Client Certificates
14.2. TLS Configuration
14.2.1. Server Configuration
14.2.2. Client Configuration
15. Constructing a Distributed Directory Service
15.1. Subordinate Knowledge Information
15.2. Superior Knowledge Information
15.3. The ManageDsaIT Control
16. Replication
16.1. Replication Strategies
16.2. Replication types
16.2.1. slurpd replication
16.2.2. syncrepl replication
16.2.3. delta-syncrepl replication
16.2.4. N-Way Multi-Master
16.2.5. MirrorMode
16.3. Replication with Slurpd
16.3.1. Overview
16.3.2. Replication Logs
16.3.3. Command-Line Options
16.3.4. Configuring slurpd and a slave slapd instance
16.3.4.1. Set up the master slapd
16.3.4.2. Set up the slave slapd
16.3.4.3. Shut down the master server
16.3.4.4. Copy the master slapd's database to the slave
16.3.4.5. Configure the master slapd for replication
16.3.4.6. Restart the master slapd and start the
slave slapd
16.3.4.7. Start slurpd
16.3.5. Advanced slurpd Operation
16.3.5.1. Replication errors
16.3.5.2. One-shot mode and reject files
16.4. LDAP Sync Replication
16.4.1. The LDAP Content Synchronization Protocol
16.4.2. Syncrepl Details
16.4.3. Configuring Syncrepl
16.4.3.1. Set up the provider slapd
16.4.3.2. Set up the consumer slapd
16.4.3.3. Start the provider and the consumer slapd
16.4.3.4. Delta SyncRepl Replication Configuration
16.5. N-Way Multi-Master
16.6. MirrorMode
17. Maintenance
17.1. Directory Backups
17.2. Berkeley DB Logs
17.3. Checkpointing
18. Monitoring
18.1. Monitor configuration via cn=config(5)
18.2. Monitor configuration via slapd.conf(5)
18.3. Accessing Monitoring Information
18.4. Monitor Information
18.4.1. Backends
18.4.2. Connections
18.4.3. Databases
18.4.4. Listener
18.4.5. Log
18.4.6. Operations
18.4.7. Overlays
18.4.8. SASL
18.4.9. Statistics
18.4.10. Threads
18.4.11. Time
18.4.12. TLS
18.4.13. Waiters
19. Tuning
19.1. Performance Factors
19.1.1. Memory
19.1.2. Disks
19.1.3. Network Topology
19.1.4. Directory Layout Design
19.1.5. Expected Usage
19.2. Indexes
19.3. Tuning Logging
19.4. BDB/HDB database cache size
20. Troubleshooting
20.1. Checklist
20.2. User or Software errors?
20.3. How to contact the OpenLDAP project
20.4. How to present your problem
20.5. Commercial Support
A. Configuration File Examples
A.1. slapd.conf
A.2. ldap.conf
A.3. a-n-other
B. Glossary
A.1. Terms
A.2. Related Organizations
A.3. Related Products
A.4. References
C. Generic configure Instructions
D. OpenLDAP Software Copyright Notices
C.1. OpenLDAP Copyright Notice
C.2. Additional Copyright Notice
C.3. University of Michigan Copyright Notice
R. OpenLDAP Public License
Thanks,
Gavin.
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/