OpenLDAP Workshop Training Course

OpenLDAP overview

• Comparison with web and relational databases
• Entry structure
• Tree structure
• Simple searches
• Attributes Syntaxes and Object Classes
• RootDSE and subschema subentry
• LDAP Operations
• LDIF
• Command-line tools
• GUI tools
  • Phpldapadmin - Installation and Configuration

Basic configuration and maintenance

• Installation from source code and decisions to be made at the build time
• Installation from packages
• Server structure: front-end, overlays, back-ends
  • Evolution of disk-based backends
• Building test servers
• Differences for production servers
• Static configuration using slapd.conf
• Dynamic configuration via cn=config
• Conversion from slapd.conf to cn=config
• Monitoring via cn=monitor
• Backup and restore procedures
• Conversion from hdb to mdb backend
• Upgrading between OpenLDAP versions

Authentication and Authorisation using LDAP

• Bind methods: simple, SASL, public-key, Kerberos
• Security of passwords: ldap:/// ldaps:/// ldapi:///
• Representing groups in LDAP
• Using LDAP for Authentication and authorisation of other services
  • Apache - Basic Auth configuration mechanism
• Management of system users with OpenLDAP
  • RFC2307 / RFC2307bis / DBIS
  • Configuration of NSS and PAM
  • nss-pam-ldapd vs SSSD

SSL/TLS

• Certificate hierachies
• Using TLS with OpenLDAP: Server certs, Client certs and SASL EXTERNAL

Access Control

• Basic ACLs
• Limits
• Access Control Policy
• Testing ACLs

Distributed directories

• Replication, Chaining, and Referral
• Master-slave
• Mirrormode

Extending the schema

• Simple Schema Design
• OIDs
• Schema definition files
• Designing the Directory Information Tree

Working with existing applications and services

• Directory synchronisation and transformation tools
• LDAP proxies, firewalls and entry mapping