The ABCs of LDAP

How to Install, Run, and Administer LDAP Services

2004 by CRC Press LLC

OTHER AUERBACH PUBLICATIONS

The ABCs of IP Addressing Gilbert Held ISBN: 0-8493-1144-6 The ABCs of LDAP Reinhard Voglmaier ISBN: 0-8493-1346-5 The ABCs of TCP/IP Gilbert Held ISBN: 0-8493-1463-1 Building an Information Security Awareness Program Mark B. Desman ISBN: 0-8493-0116-5 Building a Wireless Office Gilbert Held ISBN: 0-8493-1271-X The Complete Book of Middleware Judith Myerson ISBN: 0-8493-1272-8 Computer Telephony Integration, 2nd Edition William A. Yarberry, Jr. ISBN: 0-8493-1438-0 Electronic Bill Presentment and Payment Kornel Terplan ISBN: 0-8493-1452-6 Information Security Architecture Jan Killmeyer Tudor ISBN: 0-8493-9988-2 Information Security Management Handbook, 4th Edition, Volume 1 Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-9829-0 Information Security Management Handbook, 4th Edition, Volume 2 Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-0800-3 Information Security Management Handbook, 4th Edition, Volume 3 Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-1127-6 Information Security Management Handbook, 4th Edition, Volume 4 Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-1518-2 Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management Thomas R. Peltier ISBN: 0-8493-1137-3 Information Security Risk Analysis Thomas R. Peltier ISBN: 0-8493-0880-1 Interpreting the CMMI: A Process Improvement Approach Margaret Kulpa and Kurt Johnson ISBN: 0-8493-1654-5 IS Management Handbook, 8th Edition Carol V. Brown and Heikki Topi ISBN: 0-8493-1595-6 Managing a Network Vulnerability Assessment Thomas R. Peltier and Justin Peltier ISBN: 0-8493-1270-1 A Practical Guide to Security Engineering and Information Assurance Debra Herrmann ISBN: 0-8493-1163-2 The Privacy Papers: Managing Technology and Consumers, Employee, and Legislative Action Rebecca Herold ISBN: 0-8493-1248-5 Securing and Controlling Cisco Routers Peter T. Davis ISBN: 0-8493-1290-6 Six Sigma Software Development Christine B. Tayntor ISBN: 0-8493-1193-4 Software Engineering Measurement John Munson ISBN: 0-8493-1502-6 A Technical Guide to IPSec Virtual Private Networks James S. Tiller ISBN: 0-8493-0876-3 Telecommunications Cost Management Brian DiMarsico, Thomas Phelps IV, and William A. Yarberry, Jr. ISBN: 0-8493-1101-2

AUERBACH PUBLICATIONS
www.auerbach-publications.com To Order Call: 1-800-272-7737 Fax: 1-800-374-3401 E-mail: orders@crcpress.com

2004 by CRC Press LLC

The ABCs of LDAP

How to Install, Run, and Administer LDAP Services
REINHARD E. VOGLMAIER

AUERBACH PUBLICATIONS
A CRC Press Company Boca Raton London New York Washington, D.C.

2004 by CRC Press LLC

Library of Congress Cataloging-in-Publication Data

Voglmaier, Reinhard E. The ABCs of LDAP : how to install, run, and administer LDAP services / Reinhard E. Voglmaier. p. cm. Includes bibliographical references and index. ISBN 0-8493-1346-5 (alk. paper) 1. LDAP (Computer network protocol) I. Title. TK5105.5725.V64 2003 004.62--dc22

2003057821

This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the consequences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe.

Visit the Auerbach Publications Web site at www.auerbach-publications.com

2004 by CRC Press LLC Auerbach is an imprint of CRC Press LLC No claim to original U.S. Government works International Standard Book Number 0-8493-1346-5 Library of Congress Card Number 2003057821 Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Printed on acid-free paper

2004 by CRC Press LLC

Preface
With the enormous expansion of the World Wide Web over the past decade, internetworking has become widely diffused. Nearly all business enterprises have access to and a presence on the Internet. Beyond that, the number of intranets, private networks, and extranets has also grown exponentially. Getting connected has become as routine as having a telephone. Where we once exchanged telephone numbers and mailing addresses with friends and associates, we now routinely include an e-mail address too. Even children in elementary school are now communicating via e-mail and getting information about their favorite toys from the Internet. As this distributed computing environment continues to grow, so does the storehouse of information, which makes locating the required information an increasingly challenging task. Sophisticated search engines have been created as a tool to help in locating information. Some of these search engines are specialized to provide information on particular topics. To locate persons on the Internet or intranet in a fast and easy way, a particular tool is being used that is very similar to a telephone directory, commonly referred to as white pages or yellow pages. This tool is called a directory server. If you want to get the news from CNN, you simply connect your Web browser to CNNs Web server by typing in the address (http://www.cnn.com) using the Hypertext Transfer Protocol (HTTP). Likewise, if you want to send e-mail, you use your mail client to transfer the mail to a mail server using the Simple Mail Transfer Protocol (SMTP). Similarly, if you want to look up information stored in a directory server, you would use a directory client that speaks with the directory server using the Lightweight Directory Access Protocol (LDAP), which is the subject of this book. These three protocols HTTP, SMTP, and LDAP have something in common. All are standard protocols running over the widely used Transmission Control Protocol/Internet Protocol (TCP/IP) stack. This preface to the book will briefly review what you can do with LDAP. First we will learn what type of information you can store on a directory server.

2004 by CRC Press LLC

Then we will see some of the advantages that directory servers have over similar data stores such as, for example, relational databases.

Typical Usage of Directories

The concept of a directory server is much the same as the concept of a telephone directory, but it can also be used in a variety of other useful applications:
n Directories are frequently used to store information about persons. This could be for the company phone book, or it could be used to store information about the company organization. It could also hold information about customers and the enterprises for whom the customers work. n Directory servers can handle security-related information, such as the public keys of your users of certificates. n Directory services can be used to provide naming services, so you can store all your DNS (domain name system) maps in a directory. DNS resolves the human-readable computer names (such as www.cnn.com) into the sequence of dotted numbers that computers use to locate each other. You can also use directory services to resolve the names of databases to computer names. n Directory servers can hold information about users and groups of your computer network and work as an NIS (network information system) server. NIS was created by Sun Microsystems to store information about users, such as their home directory, group memberships, and other important information. n Directory servers can hold information such as e-mail addresses and further e-mail related information. This information can be shared by many e-mail clients or servers. An e-mail server can share such information as e-mail aliases, forwarding rules, and other mail-delivery information that the server needs to work properly. n Directory servers can hold information for software packages disributed over the intranet or Internet. The configuration procedures can use this data that is centrally maintained by the directory server.

It is clear that directories can hold many types of information. Let us now briefly review the advantages provided by directory servers.

Advantages of Directories
You have seen a number of cases where it is advantageous to use directories. In each of these cases, however, there are other technologies that perform the same function. You may wonder why you should use a new technology instead of continuing to work with a technology that you know very well. You would not consider making such a change unless directory services offered some

2004 by CRC Press LLC

significant advantages over the technology you are already using. The following is a list of advantages:
n Growing diffusion: Because LDAP is a standard protocol, more and more software suppliers are adopting it in their products. For example, Microsoft uses LDAP to maintain configuration information in Win2000; Sun uses it to hold NIS maps in its Solaris 9 operating system; and Oracle uses it to resolve database names. n Low cost of ownership: Because LDAP is a standard protocol, you can write your own clients to connect to directory servers. If you use a proprietary solution, you have to pay license fees every time you install a new client on your network. n Low training costs: Because most LDAP servers are easy to install, configure, and maintain, the cost of training LDAP administrators is low. n Distributed solution: Because LDAP is a protocol, it is natively networkenabled. Moreover, the LDAP protocol is natively enabled for a distributed architecture, allowing you to distribute information across the entire network for use in all applications. You can even replicate a part of your directory in the intranet and push it out to a server on the Internet. n Platform independence: Because LDAP is a standard protocol, there is a wide choice of implementations of LDAP servers, ranging from important suppliers such as Star Alliance (SUN + Netscape) to open-source solutions such as the OpenLDAP implementation of the University of Michigan. From this large choice of vendors, you will find the one that best fits the platform you are using. Furthermore, client and server can run on completely different operating systems. n Easy client implementation: The large number of LDAP application programming interfaces (API) for nearly every programming language you can imagine allows you to easily add LDAP support to a great many applications. Consequently, a large number of commercial applications have already been LDAP-enabled or will become LDAP-enabled in the near future. Home-grown applications are also easily LDAP-enabled. n Built-in security in the repository: The access information is stored in the repository itself and can be very fine grained. Some products also give you the ability to control access rights to external factors, such as the IP number the client is connecting from, the time that a connection is requested, the type of data that is requested, and so on. Because these controls are executed centrally by the server, they are easy to maintain. Clients therefore do not have to worry about these details.

Directory Server Implementations

At the time of this writing, there are a number of directory server implementations. Please note that the following list is not exhaustive and that there may well be implementations I am not aware of. The fact that I am ignorant of a particular implementation does not imply anything about its quality. Note also

2004 by CRC Press LLC

that this section does not contain any comments. Many products have been developed during the writing of this book, and the list is constantly changing.
n Star Alliance: This is a collaboration between Sun Microsystems and Netscape Corporation. The product offered is the Sun One server. The previous products were called i-Planet directory server and Netscape directory server. n IBM: IBM directory server n Novell: eDirectory available for Win2000/NT, Linux, Solaris, AIX, and Novell Netware (more information is available from the Web site of Novell) n Oracle: Oracle Internet directory n Critical Path: Directory server n Computer Associates: eTrust, the former OpenDirectory n Microsoft Corporation: Support of LDAP in active directory service n Lotus: Directory server for use with the Lotus name and address book n University of Michigan: The OpenLDAP project has replaced the Umich server, which is now obsolete.

Why This Book?

If you want to learn more about LDAP, you can buy a book or search the Internet. Before writing this volume, I searched in bookstores and online using Amazon for a book explaining LDAP without being product specific. However, the ones I found were all product specific. If you search the Internet for information about LDAP, you will find a lot of general documentation, but you will get too much information. It would take a lot of time to put all of this very useful information together. In the end, I concluded that no one had yet written a book offering a comprehensive view of LDAP. This volume combines all of the relevant information available on the Internet along with a number of arguments treated in the various books that are available. This volume is intended for readers who want to start using LDAP. It provides a theoretical background so that the reader has a general understanding of how LDAP servers work. It avoids speaking about one particular implementation. This book provides many examples of LDAP code. Most of these examples will work with any LDAP server implementing the LDAP standard. It is impossible to discuss the installation of an LDAP server without using a concrete implementation. For this purpose, I chose a commercial product (SUN/Netscape server) and an open-source project (OpenLDAP server). Both are available for a number of operating systems. Furthermore, the Sun/Netscape server is available for evaluation purposes for free, so if you want to try it out, you can download it. Now that I have said what this book is, I will also mention what it is not. It is not an in-depth treatise on the nuts and bolts of LDAP, so the level of detail is not sufficient to enable you to write your own directory server. If you want to do so, please have a look at the Web site where you can also download

2004 by CRC Press LLC

OpenLDAP, i.e., http://www.openldap.org. This book also cannot serve as a substitute for the documentation that is normally shipped with servers, such as users guide, administrators guide, and so on. If you use a particular LDAP server, please read the documentation shipped with the product.

A Little Road Map

This section provides an overview of the book so that you can, if you wish, go directly to the chapter of your major interest. I have tried to isolate each chapter as a stand-alone discussion of a particular topic. However, there is inevitably some overlap. For example, if you would like to understand the LDAP API, it is good to have some knowledge of the operations that the LDAP protocol knows about and how the LDAP protocol itself behaves when executing these operations on the server. Wherever possible, I briefly repeat the important information from the relevant chapter. However, this cannot substitute for a deeper discussion of the argument, and in many cases the reader will be referred to another section of the book.

Chapter 1, The LDAP Protocol

This chapter introduces the concept of a directory and a directory server. Because LDAP is a communication protocol, the chapter also provides a brief introduction to protocols, focusing on the TCP/IP protocol stack and how the LDAP protocol fits in the picture. Finally, the chapter explains the LDAP protocol itself.

Chapter 2, LDAP Basics

Here we begin to play around using the LDAP command line tools. To try out the examples in this chapter, you need a working LDAP implementation. You can download and use the Sun One LDAP server or the open-source OpenLDAP server, both available for Win32 and UNIX. A good workbench would be Linux with OpenLDAP. Most Linux implementations arrive with a ready-to-use LDAP implementation. In any case, this chapter gives you a number of examples so that you can become somewhat fluent with LDAP.

Chapter 3, LDAP Models

Theory. This chapter gives you the basics to better understand LDAP. LDAP can be described better with the help of four models: the information model, the naming model, the functional model, and the security model. The information model describes how LDAP holds the information. The naming model shows how LDAP organizes this information using a naming convention. The functional model defines the operations the LDAP protocol knows about. And

2004 by CRC Press LLC

the security model shows how to control access to the information held in the directory.

Chapter 4, LDAP: Some Practical Details

The previous chapter described the underlying theory and standards of LDAP. This chapter addresses the practical details of implementation. It helps you explore by yourself the points previously shown. It goes into details of the search process in a directory, explaining what a search filter is and what it should look like. It speaks in greater detail about the schema of the directory, how to explore it, and how to extend the standard schemas. It also shows how to speed up your directory server with indices and shows more details about the import/export format of LDAP directories.

Chapter 5, Distributed Architectures

This chapter addresses the issues of replication and partitioning. Replication mirrors all or one part of the directory on another directory server. Partitioning allows you to distribute your directory over several servers. Both methods can be combined to facilitate load balancing while ensuring the availability of directory services.

Chapter 6, LDAP APIs

This is another chapter focusing on practical issues. We speak about APIs. For nearly every programming language, there is an API implementing the operations defined by the LDAP protocol. In this chapter, we have a look at the most prominent APIs. We speak in this context also about the command-line tools as an LDAP client distributed with nearly every LDAP implementation. You can write your own. Because the OpenLDAP implementation is shipped with the command-line tools in source code, you can have a look at how these are implemented and change them to fit your personal taste and needs.

Chapter 7, LDAP Directory-Server Administration

This chapter discusses the fundamentals of LDAP administration. Here you will see the activities involved in maintaining an LDAP implementation.

Chapter 8, LDAP and Web Services

Here we see how LDAP fits into your existing environment. It shows you how to integrate it into your UNIX environment, i.e., how you can define users, groups, and other system information in LDAP instead of traditional UNIX

2004 by CRC Press LLC

files. It also shows you how the Microsoft world can be integrated and how you can Web-enable your LDAP server.

Chapter 9, The Design of Directory Services

The concluding chapter briefly reviews how to design a directory. This chapter provides only an introduction into the design of a directory, which is a very complex activity and requires a certain level of experience. The design hints suggested here should reduce the probability of making a catastrophic design error. A project can recover from smaller design errors, which happen even to experienced specialists.

2004 by CRC Press LLC

The Author
Reinhard Voglmaier studied physics at the University of Munich in Germany (TUM) and graduated from the Max Planck Institute for Astrophysics and Extraterrestrial Physics in Munich. After working in the Information Technology (IT) Department at the German University of the Army in the field of computer architecture, he was hired as a hardware specialist for automation by Honeywell. He then moved on to Siemens Nixdorf, where he worked for several years as a UNIX systems specialist for performance questions in database/network installations. For the past six years, he has worked at Glaxo Smith Kline in the field of Web and LDAP services. He is currently a member of an international team developing a companywide LDAP implementation for Glaxo Smith Kline.

2004 by CRC Press LLC

Contents
1 The LDAP Protocol Directories and Directory Server Network Protocols The TCP/IP Protocol Stack The OSI Protocol Stack Internet Standards: RFCs DAP: X.500 Standard Finally LDAP LDAP: How It Works Under the Hood: The Database Holding Information Conclusion References 2 LDAP Basics Example: An Enterprise with a Few Departments Objects in LDAP: Object Classes, Attributes, and Schema Server Configuration First Steps with LDAP Updating a Directory with a Batch Process The LDIF Standard Ldapsearch Revisited: Search Filter LDAP: Is This a Protocol? Your Favorite Browser Speaks LDAP Conclusion 3 LDAP Models Introduction Information Model

2004 by CRC Press LLC

Introduction Object Classes Formal Definition of Object Classes Some Words about Object-Class Inheritance Some Examples of Object-Class Definitions Object-Class Types Object Identifiers Attribute-Type Definitions Formal Definition of Attributes Attribute Types Matching Rules Syntaxes Conclusion for Information Model Naming Model The Directory Information Tree Distinguished Name Examples of Distinguished Names Directory Suffix Aliases Referrals Distinguished-Name Syntax Last but Not Least, Information about the Server Conclusion for Naming Model Functional Model Overview of LDAP Operations Interrogation Operations Update Operations Authentication and Control Operations LDAP Operations in Detail Interrogation Operations: Search Interrogation Operations: Compare Update Operations: Add Update Operations: Delete Update Operations: Modify Update Operations: ModifyDN Authentication Operations: Bind Authentication Operations: Unbind Control Operation: Abandon Conclusion for Functional Model Security Model Authentication and Authorization Authentication Anonymous Access

2004 by CRC Press LLC

Basic Authentication LDAP over SSL/TLS Kerberos SASL Concluding Authentication Authorization 4 LDAP: Some Practical Details Search Revisited Query Filters equalityMatch Substring greaterOrEqual, lessOrEqual Present approxMatch Boolean Operators: And, Or, Not Examples extensibleMatch Directory Schema Revisited Schema Descriptions ASN.1 Schema Format slapd.conf Schema Format LDAP (v3) Schema Format Checking the Directory Schema Exploring the Directory Schema Extending the Directory Schema Indexes LDIF File Format Description of Directory Entries Update of Directory Entries The Add Function The Delete Function The modifyDN Function The Modify Function LDIF: Conclusion, an Example in Perl LDAP URLs Differences between LDAP (v2) and LDAP (v3) Conclusion: Work in Progress LDAP Duplication/Replication/Update Protocols (LDUP) LDAP Extensions (LDAPext) LDAP (v3) Revision (LDAPbis)

2004 by CRC Press LLC

5 Distributed Architectures Introduction to Replication and Partitioning Data Distribution between LDAP and Non-LDAP Systems Partitioning What Is Partitioning? Gluing the Directories Together Referrals Examples And Now from the Client Point of View Chaining Security Aspects Using Chaining Difference between Chaining and Referrals Replication Replication Scenarios Schema Information and ACL Single Master versus Multimaster Replication Agreements Supplier- or Consumer-Initiated Replication Frequency of Replication Unit of Replication Incremental or Total Replication Replication Account Load Sharing Security Aspects Work in Progress Data Distribution between LDAP and Non-LDAP Systems Broker Metadirectory DSML DSML Tools Castor Conclusion 6 LDAP APIs LDAP Command-Line Tools Selected Commands ldapmodify Some Examples of ldapmodify ldapsearch Some Examples of ldapsearch Command-Line Tools: Conclusion

2004 by CRC Press LLC

LDAP and Programming Language Support LDAP and PHP First Steps with PHP-LDAP Authentication and Control Operations ldap_connect ldap_bind ldap_unbind ldap_close More about Authentication in a Web Environment Search and Associated Commands ldap_search ldap_read ldap_list ldap_compare Working with the Result Identifiers ldap_get_entries ldap_count_entries ldap_sort ldap_parse_result ldap_get_attributes ldap_first_entry ldap_next_entry ldap_first_attribute ldap_next_attribute ldap_get_dn ldap_get_values, ldap_get_values_len Conclusion: An Example Adding, Deleting, and Modifying Entries ldap_add ldap_delete ldap_modify ldap_rename What Remains? Perl and LDAP Our First Perl LDAP Program Perl Objects The LDAP Object Authentication/Control Methods Interrogation Methods Update Methods Schema Exploring (LDAP [v3]) Callback The Search Object

2004 by CRC Press LLC

The Entry Object The Message Object The Reference Object The Schema Object Conclusion Scripts The C LDAP API LDAP SDK v2 versus v3 Our First LDAP Program in C Structures Overview of LDAP Functions Authentication and Control Operations Interrogation Operations Iteration Commands through Results Sets Update Operations: Add, Delete, Modify DN, Modify Conclusion The Java LDAP API Our First Java Class Authentication and Control Operations Connect and Bind Unbind Clone Search and Compare Operations Search Compare Working with Search Results Working with Search Constraints Update Operations Add Delete Modify Rename LDAP URLs JNDI Java Naming and Directory Interfaces Enterprise JavaBeans Conclusion What Is Missing Active Directory and ADSI Other Languages 7 LDAP Directory-Server Administration Open-Source Software

2004 by CRC Press LLC

Getting the Directory Server Up and Running Software Installation OpenLDAP Installation UNIX WIN32 Sun One Installation Securing Your LDAP Server Setting Up Security in Sun One Setting Up Security in OpenLDAP LDAP Server Configuration Introduction Configure the Root DN Configure Administrator and Operator Configure the Directory Schema/Schemas Configure the Indexes Conclusion Load the Data Log Files Starting and Stopping the Server Backup and Recovery Service-Level Agreement Backup Methods Classical Backup Logical Backup of the Directory Backup via Replication System Monitoring Why Monitoring SNMP Home-Grown Solutions Use of SNMP Use the LDAP Protocol Log-File Analysis User Administration LDAP Users, Groups, and UNIX Administration Utilities 8 LDAP and Web Services Introduction LDAP URLs Application Servers Accessing an LDAP Server via CGI Scripts Accessing an LDAP Server via an Application Server Gateways

2004 by CRC Press LLC

Web Server Authentication Example: The auth_ldap Module for Apache The Authentication Phase The Authorization Phase LDAP Authentication Using CGI Scripts LDAP Authentication Using the PHP Preprocessor LDAP and the Web: A Case Study Requirements LDAP Internet Environment LDAP Directory LDAP Authentication and the Web Server Control if the User Is Known by the System Accept Only Members of Particular Groups Accept Only a Particular User LDAP-HTTP Gateway LDAP Application Broker Conclusion 9 The Design of Directory Services Introduction Directory Life Cycle Planning of Directory Services Goal of the Project Benefits of the Project Objectives of the Project Target of the Project Analysis of the Actual Situation Analysis of the Data to Be Held in the Directory Steps to Perform Project Plan Design of Directory Services Data Design Schema Design Tree Design Partitioning Design Replication Design Security Design Data Design Schema Design Tree Design Choosing a Root for the Directory Information Tree Branching the Directory Tree

2004 by CRC Press LLC

Partitioning Number of Entries Is Too High Network Traffic to the Directory Is Too High Not All of the Data Is Equally Used Some Line Segments Become Overloaded Partitioning and Namespace Replication Network Traffic to the Directory Is Too High Some Line Segments Become Overloaded Replication and Namespace Security Design Authentication Authorization Protection of the Data Conclusion Appendix A Acronyms Appendix B LDAP Requests for Comments and Drafts LDAP RFCs Comments about the Most Important LDAP RFCs List of LDAP RFCs Work in Progress LDAP (v3) Revision (ldapbis) LDAP Duplication/Replication/Update Protocols (ldup) Appendix C Useful Links General LDAP Clients OIDs and Standards Tutorials and How-Tos Security SNMP LDAP API LDAP Server Implementations Free Implementations Commercial Implementations Appendix D Standards Object Classes Attribute Types Appendix E Configuration of OpenLDAP

2004 by CRC Press LLC

Configuration Files Configuration File of the OpenLDAP Server The Global Section Access Control Information Schema Information Log Information Resource Limitations Referrals Back-end and Database Sections Appendix F Playing with Replication in OpenLDAP Appendix G Playing with OpenLDAP Proxy Server The Back End What We Will Need Compiling the OpenLDAP Proxy Running the OpenLDAP Proxy Further Capabilities The Meta Back End

2004 by CRC Press LLC