Thursday, October 29, 2009

Getting LDAP Ready.

If you've never installed a LDAP server don't worry, its very easy. I like to install via source instead of grabbing packages from repos. You can find the directions for getting started here.

Just so you know, the rootdn (owner the root user for LDAP) can be named anything, in fact I suggest you use something other than cn=Manager, since a lot of people look for that in new LDAP installs.

Also please read up on the Access Control chapter before you go off leaving your LDAP server running for any length of time. Understanding the ACL of LDAP is a little tricky at first so go over it a couple of times just to make sure you have it. It should be understood that most users will need to connect to your server to get login information. Crazy enough, LDAP supports a type of permission called "auth". This allows an unknown client to query the LDAP server but only receive a connection or nothing from the server. This way a client can transmit a query with user name and password and hope that a connection is returned.

If the idea of having unknown people query your LDAP server bugs you, you can always setup a Kerberos server to handle the authentication of users, I'll get to that when I cover SASL. If fact, in some contract jobs with the government, you are legally required to have an external authentication service.

Well I'll fire up VirtualBox and begin doing some LDIF entries into LDAP and then some python code.

No comments: