图书详情-享·阅读

图书信息：

0次推荐

4次浏览

0次下载

书名：	Mastering OpenLDAP Configuring, Securing and Integrating Directory Services
作者：	Butcher, Matt
出版时间：	2007-08-31
ISBN：	9781847191021(P-ISBN) ，9781847191038(O-ISBN)
摘要：
摘要：

书目详情：

Mastering OpenLDAP Table of Contents Mastering OpenLDAP Credits About the Author About the Reviewers Preface What This Book Covers What You Need for This Book Conventions Reader Feedback Customer Support Downloading the Example Code for the Book Errata Questions 1. Directory Servers and LDAP LDAP Basics What is a Directory?The Structure of a Directory Entry A Unique Name: The DN An Example LDAP Entry The Object Class Attribute Operational Attributes The Directory Information Tree What to Do with an LDAP Server The History of LDAP and OpenLDAP A Technical Overview of OpenLDAP The Server Clients Utilities Libraries Summary 2. Installation and Configuration Before Getting Started OpenLDAP Binaries for Operating Systems Commercial OpenLDAP Distribution Source Code Compilation A Quick Note on Versions Installation Dependencies Installing OpenLDAP Configuring the SLAPD Server Basics Schemas More Directives Module Directives Database Configuration ACLs Verifying a Configuration File Starting and Stopping the Server Using the Init Script Running SLAPD Directly Configuring the LDAP Clients A Basic ldap.conf File Size and Time Limits Testing the Server Summary 3. Using OpenLDAP A Brief Survey of the LDAP Suite LDAP from the Server Side SLAPD The Binding Operation The Search Operation More Operations: Additions, Modifications, and Deletions The Addition Operation The Modification Operation The Delete Operation Infrequent Operations The ModifyDN Operation The Compare Operation The Extended Operation SLAPD Summary SLURPD Creating Directory Data The LDIF File Format Anatomy of an LDIF File Representing Attribute Values in LDIF Example.Com in LDIF Defining the Base DN Record Structuring the Directory with Organizational Units Theory 1: Directory as Organizational Chart Theory 2: Directory as IT Service Expressing the OUs in LDIF Adding User Records Adding System Records Adding Group Records The Complete LDIF File Using the Utilities to Prepare the Directory slapadd When Should slapadd be Used?What Does slapadd Do?Loading the LDIF File Stopping the Server Running ldapadd in Test Mode Importing the Records Using slapadd Restarting the Directory If Something Went Wrong...Destroying and Recreating the Directory Files slapindex slapcat Operational Attributes slapacl slapauth slapdn slappasswd Storing and Using Passwords in OpenLDAP Generating a Password with slappasswd slaptest Performing Directory Operations Using the Clients Common Command-Line Flags Common Flags Setting Defaults in ldap.conf ldapsearch A Simple Search Restricting Returned Fields Requesting Operational Attributes Searching Using a File ldapadd Adding Records from a File ldapmodify Adding a Record with ldapmodify Modifying Existing Records Modifying the Relative DN Moving a Record with modrdn Deleting Entire Records ldapdelete ldapcompare ldapmodrdn Modifying the Superior DN with ldapmodrdn ldappasswd ldapwhoami Summary 4. Securing OpenLDAP LDAP Security: The Three Aspects Securing Network-Based Directory Connections with SSL/TLS The Basics of SSL and TLS Authenticity Encryption StartTLS Creating an SSL/TLS CA Creating a Certificate Creating a New Certificate Request Signing the Certificate Request Configuring and Installing the Certificates Remove the Pass Phrase from the Key Relocate the Certificates Install the CA Certificate Optional: Clean Up Configuring StartTLS Configuring Client TLS Configuring LDAPS Debugging with the OpenSSL Client Using Security Strength Factors The security Directive A Fine-Grained security Directive Authenticating Users to the Directory Simple Binding Using an Authentication User for Simple Binding SASL Binding Configuring Cyrus SASL The SASL Configuration File Setting a User Password Configuring SLAPD for SASL Support Using a Replacement String in authz-regexp Using a Search Filter in authz-regexp A Note on ACLs and Search Filters Failure of Mapping Removing the Need to Specify the Realm Debugging the SASL Configuration Using Client SSL/TLS Certificates to Authenticate Creating a New Client Certificate Configuring the Client Configuring the Server Testing with ldapwhoami Going Further with SASL Controlling Authorization with ACLs The Basics of ACLs Access to [resources]Access using DN Access using attrs Access using Filters Combining Access Specifiers By [who] [type of access granted] [control]The Access Field The who Field The * and anonymous Specifiers The self Specifier The users Specifier The dn Specifier Groups and Members Member-Based Record Access Network, Connections, and Security Advanced Step: Using the set Specifier The control Field Getting More from Regular Expressions Debugging ACLs A Practical Example Summary 5. Advanced Configuration Multiple Database Backends The slapd.conf File Creating and Importing a Second Directory Performance Tuning Performance Directives Global Directives Time Limits Idle Timeouts Size Limits Threads Directives in the Database Section Limits Read-only and Restrict Directives Index BDB/HDB Backends Only)Controlling the Cache BDB/HDB Only)Reducing Disk I/O Latency BDB/HDB Only)The DB_CONFIG File Setting the Cache Size Configuring the Data Directory Optimizing BDB/HDB Transaction Logging Tuning Lock Files More about Berkeley DB Directory Overlays A Brief Tour of the Official Overlays Configuring an Overlay: denyop Loading the module Adding the Overlay Adding Overlay-Specific Directives Referential Integrity Overlay Configuring the Overlay Modifying the Records Drawbacks A Useful Note The Uniqueness Overlay Summary 6. LDAP Schemas Introduction to LDAP Schemas Why Do They Look So Complicated?Schema Definitions Object Classes and Attributes Object Class Definitions Attribute Definitions Object Identifier Definitions DIT Content Rules Retrieving the Schemas from SLAPD The ObjectClass Hierarchy Attribute Hierarchies Subordinate Attributes and Searching Object Class Types: Abstract, Structural, and Auxiliary The Object Class Hierarchy: An Overview Abstract Classes Structural Object Classes Auxiliary Object Classes Moving Onward Schemas: Accesslog and Password Policy Overlays Logging with the Accesslog Overlay Loading the accesslog Module Configuring the Access Log Backend Creating A Directory for the Access Log Files Enabling Logging for the Main Backend The Log Records Implementing a Complex Overlay: Password Policy Setting the Global Directives in slapd.conf: Schema and Module Creating a Password Policy Configure the Overlay Directives Test the Overlay Password Policy Operational Attributes Summary of ppolicy Operational Attributes Creating a Schema Getting an OID Giving Our OID a Name Creating Object Classes Creating Attributes Loading the New Schema Troubleshooting Schema Loading A New Record Summary 7. Multiple Directories Replication: An Overview SyncRepl Configuring SyncRepl Configuring the Master Server Creating a SyncRepl User Configuring the Shadow Server The syncrepl Directive Configuring a Referral Starting Replication For Larger Directories...Delta SyncRepl The Master Servers Configuration The Shadow Servers Configuration Debugging SyncRepl Starting Over Strategic Logging A Few Common Mistakes Configuring an LDAP Proxy Using the LDAP Backend Using Identity Management Features Turning the Simple Proxy into a Caching Proxy Notes on the Attribute Sets and Templates A Translucent Proxy Summary 8. LDAP and the Web The LDAP-Aware Application Apache and LDAP A Short Guide to Installing Apache Configuring LDAP Authentication Loading the Modules Editing the default Configuration File The Directory Section—Apache 2.2 Changes in Apache 2.0 Other Features of the Require Parameter phpLDAPadmin Prerequisites Installing phpLDAPadmin Is Your Package Broken?Configuring phpLDAPadmin A Basic Look at Configuration Parameters Setting a variable Calling a function Setting an Array Value Configuring the LDAP Server Settings A First Look at phpLDAPadmin Navigating phpLDAPadmin Viewing and Modifying a Record Adding a New Record Searching with phpLDAPadmin Summary A. Building OpenLDAP from Source Why Build from Source?Getting the Code The Tools for Compiling Build Tools Installing Dependencies Compiling OpenLDAP Configuring Building with make Installation Building Everything Summary B. LDAP URLs The LDAP URL Common Uses of LDAP URLs Not all LDAP URLs are for Searching For More Information on LDAP URLs...Summary C. Useful LDAP Commands Getting Information about the Directory The Root DSE The Subschema Record The Configuration Record Making a Directory Backup A Backup Copy of the Directory Database An LDIF Backup File Rebuilding a Database BDB, HDB)Step 1: Stop the Server Step 2: Dump the Database Step 3: Delete the Old Database Files Step 4: Create a New Database Step 5: Restart SLAPD Troubleshooting Rebuilds Summary Index

评论：