On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com
How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy
LDAP Administration Guide
Home
Next Page
Open LDAP Administration - Table of Contents
Preface
1. Introduction to OpenLDAP Directory Services
1.1. What is a directory service?
1.2. What is LDAP?
1.3. When should I use LDAP?
1.4. When should I not use LDAP?
1.5. How does LDAP work?
1.6. What about X.500?
1.7. What is the difference between LDAPv2 and LDAPv3?
1.8. LDAP vs RDBMS
1.9. What is slapd and what can it do?
2. A Quick-Start Guide
3. The Big Picture - Configuration Choices
3.1. Local Directory Service
3.2. Local Directory Service with Referrals
3.3. Replicated Directory Service
3.4. Distributed Local Directory Service
4. Building and Installing OpenLDAP Software
4.1. Obtaining and Extracting the Software
4.2. Prerequisite software
4.2.1.
Transport Layer Security
4.2.2.
Simple Authentication and Security Layer
4.2.3.
Kerberos Authentication Service
4.2.4. Database Software
4.2.5. Threads
4.2.6. TCP Wrappers
4.3. Running configure
4.4. Building the Software
4.5. Testing the Software
4.6. Installing the Software
5. Configuring slapd
5.1. Configuration Layout
5.2. Configuration Directives
5.2.1. cn=config
5.2.2. cn=module
5.2.3. cn=schema
5.2.4. Backend-specific Directives
5.2.5. Database-specific Directives
5.2.6. BDB and HDB Database Directives
5.3. Access Control
5.3.1. What to control access to
5.3.2. Who to grant access to
5.3.3. The access to grant
5.3.4. Access Control Evaluation
5.3.5. Access Control Examples
5.3.6. Access Control Ordering
5.4. Configuration Example
5.5. Converting from slapd.conf(8) to a
cn=config
directory format
6. The slapd Configuration File
6.1. Configuration File Format
6.2. Configuration File Directives
6.2.1. Global Directives
6.2.2. General Backend Directives
6.2.3. General Database Directives
6.2.4. BDB and HDB Database Directives
6.3. The access Configuration Directive
6.3.1. What to control access to
6.3.2. Who to grant access to
6.3.3. The access to grant
6.3.4. Access Control Evaluation
6.3.5. Access Control Examples
6.4. Configuration File Example
7. Running slapd
7.1. Command-Line Options
7.2. Starting slapd
7.3. Stopping slapd
8. Database Creation and Maintenance Tools
8.1. Creating a database over LDAP
8.2. Creating a database off-line
8.2.1. The
slapadd
program
8.2.2. The
slapindex
program
8.2.3. The
slapcat
program
8.3. The LDIF text entry format
9. Backends
9.1. Berkeley DB Backends
9.1.1. Overview
9.1.2. back-bdb/back-hdb Configuration
9.1.3. Further Information
9.2. LDAP
9.2.1. Overview
9.2.2. back-ldap Configuration
9.2.3. Further Information
9.3. LDIF
9.3.1. Overview
9.3.2. back-ldif Configuration
9.3.3. Further Information
9.4. Metadirectory
9.4.1. Overview
9.4.2. back-meta Configuration
9.4.3. Further Information
9.5. Monitor
9.5.1. Overview
9.5.2. back-monitor Configuration
9.5.3. Further Information
9.6. Null
9.6.1. Overview
9.6.2. back-null Configuration
9.6.3. Further Information
9.7. Passwd
9.7.1. Overview
9.7.2. back-passwd Configuration
9.7.3. Further Information
9.8. Perl/Shell
9.8.1. Overview
9.8.2. back-perl/back-shell Configuration
9.8.3. Further Information
9.9. Relay
9.9.1. Overview
9.9.2. back-relay Configuration
9.9.3. Further Information
9.10. SQL
9.10.1. Overview
9.10.2. back-sql Configuration
9.10.3. Further Information
10. Overlays
10.1. Access Logging
10.1.1. Overview
10.1.2. Access Logging Configuration
10.2. Audit Logging
10.2.1. Overview
10.2.2. Audit Logging Configuration
10.3. Chaining
10.3.1. Overview
10.3.2. Chaining Configuration
10.3.3. Handling Chaining Errors
10.4. Constraints
10.4.1. Overview
10.4.2. Constraint Configuration
10.5. Dynamic Directory Services
10.5.1. Overview
10.5.2. Dynamic Directory Service Configuration
10.6. Dynamic Groups
10.6.1. Overview
10.6.2. Dynamic Group Configuration
10.7. Dynamic Lists
10.7.1. Overview
10.7.2. Dynamic List Configuration
10.8. Reverse Group Membership Maintenance
10.8.1. Overview
10.8.2. Member Of Configuration
10.9. The Proxy Cache Engine
10.9.1. Overview
10.9.2. Proxy Cache Configuration
10.10. Password Policies
10.10.1. Overview
10.10.2. Password Policy Configuration
10.11. Referential Integrity
10.11.1. Overview
10.11.2. Referential Integrity Configuration
10.12. Return Code
10.12.1. Overview
10.12.2. Return Code Configuration
10.13. Rewrite/Remap
10.13.1. Overview
10.13.2. Rewrite/Remap Configuration
10.14. Sync Provider
10.14.1. Overview
10.14.2. Sync Provider Configuration
10.15. Translucent Proxy
10.15.1. Overview
10.15.2. Translucent Proxy Configuration
10.16. Attribute Uniqueness
10.16.1. Overview
10.16.2. Attribute Uniqueness Configuration
10.17. Value Sorting
10.17.1. Overview
10.17.2. Value Sorting Configuration
10.18. Overlay Stacking
10.18.1. Overview
10.18.2. Example Scenarios
11. Schema Specification
11.1. Distributed Schema Files
11.2. Extending Schema
11.2.1. Object Identifiers
11.2.2. Naming Elements
11.2.3. Local schema file
11.2.4. Attribute Type Specification
11.2.5. Object Class Specification
11.2.6. OID Macros
12. Security Considerations
12.1. Network Security
12.1.1. Selective Listening
12.1.2. IP Firewall
12.1.3. TCP Wrappers
12.2. Data Integrity and Confidentiality Protection
12.2.1. Security Strength Factors
12.3. Authentication Methods
12.3.1. "simple" method
12.3.2. SASL method
13. Using SASL
13.1. SASL Security Considerations
13.2. SASL Authentication
13.2.1. GSSAPI
13.2.2. KERBEROS_V4
13.2.3. DIGEST-MD5
13.2.4. Mapping Authentication Identities
13.2.5. Direct Mapping
13.2.6. Search-based mappings
13.3. SASL Proxy Authorization
13.3.1. Uses of Proxy Authorization
13.3.2. SASL Authorization Identities
13.3.3. Proxy Authorization Rules
14. Using TLS
14.1. TLS Certificates
14.1.1. Server Certificates
14.1.2. Client Certificates
14.2. TLS Configuration
14.2.1. Server Configuration
14.2.2. Client Configuration
15. Constructing a Distributed Directory Service
15.1. Subordinate Knowledge Information
15.2. Superior Knowledge Information
15.3. The ManageDsaIT Control
16. Replication
16.1. Replication Strategies
16.1.1. Push Based
16.1.2. Pull Based
16.2. Replication Types
16.2.1. syncrepl replication
16.2.2. delta-syncrepl replication
16.2.3. N-Way Multi-Master
16.2.4. MirrorMode
16.3. LDAP Sync Replication
16.3.1. The LDAP Content Synchronization Protocol
16.3.2. Syncrepl Details
16.3.3. Configuring Syncrepl
16.4. N-Way Multi-Master
16.5. MirrorMode
16.5.1. Arguments for MirrorMode
16.5.2. Arguments against MirrorMode
16.5.3. MirrorMode Configuration
16.5.4. MirrorMode Summary
17. Maintenance
17.1. Directory Backups
17.2. Berkeley DB Logs
17.3. Checkpointing
17.4. Migration
18. Monitoring
18.1. Monitor configuration via cn=config(5)
18.2. Monitor configuration via slapd.conf(5)
18.3. Accessing Monitoring Information
18.4. Monitor Information
18.4.1. Backends
18.4.2. Connections
18.4.3. Databases
18.4.4. Listener
18.4.5. Log
18.4.6. Operations
18.4.7. Overlays
18.4.8. SASL
18.4.9. Statistics
18.4.10. Threads
18.4.11. Time
18.4.12. TLS
18.4.13. Waiters
19. Tuning
19.1. Performance Factors
19.1.1. Memory
19.1.2. Disks
19.1.3. Network Topology
19.1.4. Directory Layout Design
19.1.5. Expected Usage
19.2. Indexes
19.2.1. Understanding how a search works
19.2.2. What to index
19.2.3. Presence indexing
19.3. Logging
19.3.1. What log level to use
19.3.2. What to watch out for
19.3.3. Improving throughput
19.4. BDB/HDB Database Caching
19.4.1. Berkeley DB Cache
19.4.2.
slapd
(8) Entry Cache
19.4.3.
IDL
Cache
20. Troubleshooting
20.1. User or Software errors?
20.2. Checklist
20.3. OpenLDAP Bugs
20.4. 3rd party software error
20.5. How to contact the OpenLDAP Project
20.6. How to present your problem
20.7. Debugging
slapd
(8)
20.8. Commercial Support
A. Changes Since Previous Release
A.1. New Guide Sections
A.2. New Features and Enhancements in 2.4
A.2.1. Better
cn=config
functionality
A.2.2. Better
cn=schema
functionality
A.2.3. More sophisticated Syncrepl configurations
A.2.4. N-Way Multimaster Replication
A.2.5. Replicating
slapd
Configuration (syncrepl and
cn=config
)
A.2.6. Push-Mode Replication
A.2.7. More extensive TLS configuration control
A.2.8. Performance enhancements
A.2.9. New overlays
A.2.10. New features in existing Overlays
A.2.11. New features in slapd
A.2.12. New features in libldap
A.2.13. New clients, tools and tool enhancements
A.2.14. New build options
A.3. Obsolete Features Removed From 2.4
A.3.1. Slurpd
A.3.2. back-ldbm
B. Upgrading from 2.3.x
B.1. Monitor Backend
B.2.
cn=config
olc* attributes
C. Common errors encountered when using OpenLDAP Software
C.1. Common causes of LDAP errors
C.1.1. ldap_*: Can't contact LDAP server
C.1.2. ldap_*: No such object
C.1.3. ldap_*: Can't chase referral
C.1.4. ldap_*: server is unwilling to perform
C.1.5. ldap_*: Insufficient access
C.1.6. ldap_*: Invalid DN syntax
C.1.7. ldap_*: Referral hop limit exceeded
C.1.8. ldap_*: operations error
C.1.9. ldap_*: other error
C.1.10. ldap_add/modify: Invalid syntax
C.1.11. ldap_add/modify: Object class violation
C.1.12. ldap_add: No such object
C.1.13. ldap add: invalid structural object class chain
C.1.14. ldap_add: no structuralObjectClass operational attribute
C.1.15. ldap_add/modify/rename: Naming violation
C.1.16. ldap_add/delete/modify/rename: no global superior knowledge
C.1.17. ldap_bind: Insufficient access
C.1.18. ldap_bind: Invalid credentials
C.1.19. ldap_bind: No such object
C.1.20. ldap_bind: Protocol error
C.1.21. ldap_modify: cannot modify object class
C.1.22. ldap_sasl_interactive_bind_s: ...
C.1.23. ldap_sasl_interactive_bind_s: No such Object
C.1.24. ldap_sasl_interactive_bind_s: No such attribute
C.1.25. ldap_sasl_interactive_bind_s: Unknown authentication method
C.1.26. ldap_sasl_interactive_bind_s: Local error (82)
C.1.27. ldap_search: Partial results and referral received
C.1.28. ldap_start_tls: Operations error
C.2. Other Errors
C.2.1. ber_get_next on fd X failed errno=34 (Numerical result out of range)
C.2.2. ber_get_next on fd X failed errno=11 (Resource temporarily unavailable)
C.2.3. daemon: socket() failed errno=97 (Address family not supported)
C.2.4. GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied;
C.2.5. access from unknown denied
C.2.6. ldap_read: want=# error=Resource temporarily unavailable
C.2.7. `make test' fails
C.2.8. ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed
C.2.9. ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
D. Recommended OpenLDAP Software Dependency Versions
D.1. Dependency Versions
E. Real World OpenLDAP Deployments and Examples
F. OpenLDAP Software Contributions
F.1. Client APIs
F.1.1. ldapc++
F.1.2. ldaptcl
F.2. Overlays
F.2.1. acl
F.2.2. addpartial
F.2.3. allop
F.2.4. comp_match
F.2.5. denyop
F.2.6. dsaschema
F.2.7. lastmod
F.2.8. passwd
F.2.9. proxyOld
F.2.10. smbk5pwd
F.2.11. trace
F.3. Tools
F.3.1. Statistic Logging
F.4. SLAPI Plugins
F.4.1. addrdnvalues
G. Configuration File Examples
G.1. slapd.conf
G.2. ldap.conf
G.3. a-n-other.conf
H. LDAP Result Codes
H.1. Non-Error Result Codes
H.2. Result Codes
H.3.
success (0)
H.4.
operationsError (1)
H.5.
protocolError (2)
H.6.
timeLimitExceeded (3)
H.7.
sizeLimitExceeded (4)
H.8.
compareFalse (5)
H.9.
compareTrue (6)
H.10.
authMethodNotSupported (7)
H.11.
strongerAuthRequired (8)
H.12.
referral (10)
H.13.
adminLimitExceeded (11)
H.14.
unavailableCriticalExtension (12)
H.15.
confidentialityRequired (13)
H.16.
saslBindInProgress (14)
H.17.
noSuchAttribute (16)
H.18.
undefinedAttributeType (17)
H.19.
inappropriateMatching (18)
H.20.
constraintViolation (19)
H.21.
attributeOrValueExists (20)
H.22.
invalidAttributeSyntax (21)
H.23.
noSuchObject (32)
H.24.
aliasProblem (33)
H.25.
invalidDNSyntax (34)
H.26.
aliasDereferencingProblem (36)
H.27.
inappropriateAuthentication (48)
H.28.
invalidCredentials (49)
H.29.
insufficientAccessRights (50)
H.30.
busy (51)
H.31.
unavailable (52)
H.32.
unwillingToPerform (53)
H.33.
loopDetect (54)
H.34.
namingViolation (64)
H.35.
objectClassViolation (65)
H.36.
notAllowedOnNonLeaf (66)
H.37.
notAllowedOnRDN (67)
H.38.
entryAlreadyExists (68)
H.39.
objectClassModsProhibited (69)
H.40.
affectsMultipleDSAs (71)
H.41.
other (80)
I. Glossary
I.1. Terms
I.2. Related Organizations
I.3. Related Products
I.4. References
J. Generic configure Instructions
K. OpenLDAP Software Copyright Notices
K.1. OpenLDAP Copyright Notice
K.2. Additional Copyright Notice
K.3. University of Michigan Copyright Notice
L. OpenLDAP Public License
Published under the terms of the OpenLDAP Public License
Design by Interspire
x
