LDAP from scratch.

Tom Buskey tom at buskey.name
Wed May 10 10:14:01 EDT 2006


On 5/10/06, Ken D'Ambrosio <ken at proximatech.net> wrote:
>
> I'm about to set up an LDAP install, I believe from scratch, for a
> friend's company.  I've done it before, and am familiar enough with LDAP
> from a systems standpoint that I don't think I'll need help there.  The
> part of LDAP that continues to flummox, me, however, is its nomenclature;
> for example, in the previous install I did from scratch, I assigned some
> of the values to the wrong DNs because I couldn't find any that seemed to
> fit.
>
> Is there, somewhere, a list of what things like (say) inetOrgPerson
> actually *are*?  And, perhaps, a good subset of appropriate DNs for an
> install that's going to replace NIS?



I'm going through this myself on Solaris systems & recently took Sun's LDAP
as a Naming Service class.

Sun's Java Directory Server 5.2 has all the schemas, etc for it in LDIF
format.  It's also free for a certain number of entries (though that limit
may be gone) and it's available for other OS including Linux and (shudder)
windows.

It's the Netscape Directory Server/iPlanet code base that Red Hat's server
is based on.  Well, Red Hat's missing the 3 years of work Sun has done on
it.

OpenLDAP is the UMich reference spec.

Ok, much of the schemas and names are in standard RFCs.  This lets LDIFs
from Red Hat, Novell, Sun and others exchange because they all use the same
names.  A certain 800lb gorilla didn't follow these and has different
names.  Sun has something that will let you work with AD.  So does PADL
below.

There's even a tool to import all your NIS and /etc stuff: ldapaddent.
NIS stuff will be in posixAccount objectClass

Some websites:

http://www.padl.com - lots of PAM modules
http://web.singnet.com.sp/~garyttt - various LDAP HOWTOs (Gary T's)
http://www.iana.com - standard object class oids
http://docs.sun.com/sources/816-5613-10/index.html - Sun schema definitions
http://www.ldapbrowser.com - a GUI LDAP browser

There's also 12 RFCs dealing with LDAP but I'm not sure what they are right
now.


--
A strong conviction that something must be done is the parent of many bad
measures.
  - Daniel Webster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20060510/95dc7307/attachment.html


More information about the gnhlug-discuss mailing list