Topic 6

Date: 3/26/2014

Lightweight Directory Access Protocol (LDAP)

Practical guide to Linux systems administration

Access Control List

If not explicitly specified, the default access control policy is allow read by all clients. The rootdn always has full access to the database.

ACL defines what, by who and how can be accessed in LDAP database.

access to < what >	by < who >	< Access level >
Directory tree level or objectclass attribute	LDAP user specifier	none, auth, compare, search, read, write

Example of the ACL in slapd.conf:

# lock down passwords
access to attr=userPassword
       by self write
       by anonymous auth
       by dn="cn=Manager,dc=example,dc=com"  write

# everything else is read-only
access to *
       by dn="cn=Manager,dc=example,dc=com"  write
       by * read

The default access in end of the statements is meant:

by * none

Examples of ACL

Unix Authentication and Naming services
What is LDAP
LDAP heirarchy
Addressing in LDAP
Data tree with dn
Schema
Accessing LDAP
OpenLDAP installation steps
Server Config file
Exercises: Server installation
Exercises: Client installation
Outline of LDIF
LDIF example
Frequent LDAP commands
Exercises: LDAP commands
Performance
Access Control List
LDAP over SSL/TLS
LDAP Applications
Exercises: LDAP user authentication
Take me to the Course Website