Topic 6

Date: 3/26/2014

Lightweight Directory Access Protocol (LDAP)

Practical guide to Linux systems administration

LDAP over SSL/TLS

SSL and TLS are based mainly on two protocols:
- Handshake Protocol: negotiates connection parameters, authenticates the server/client, establishes the server/client session.
- Record Protocol: provides encryprted secure connection and integrity for data during the server/client session.

OpenLDAP server with SSL support:
- Generate a server private key and a certificate.
- Specify their location in slapd.conf

TLSCertificateFile /etc/ldap/ldap.example.crt
TLSCertificateKeyFile /etc/ldap/ldap.example.key
TLSCipherSuite HIGH:+MEDIUM:!LOW

/etc/ldap.conf for a client with SSL support:

port 636 
ssl on

/etc/ldap.conf for a client with TLS support:

ssl start_tls

Reference: SSL/TLS explanation

Unix Authentication and Naming services
What is LDAP
LDAP heirarchy
Addressing in LDAP
Data tree with dn
Schema
Accessing LDAP
OpenLDAP installation steps
Server Config file
Exercises: Server installation
Exercises: Client installation
Outline of LDIF
LDIF example
Frequent LDAP commands
Exercises: LDAP commands
Performance
Access Control List
LDAP over SSL/TLS
LDAP Applications
Exercises: LDAP user authentication
Take me to the Course Website