LDAP System Administration

(or in wlug's library for WLUG members)

I've been using LDAP for various things for a while now, and for a long time I wished I had a good reference/integration text to follow. I wish LDAP System Administration had been around in 2000 and 2001, as it would have been ideal. This book is divided into three parts, covering LDAP Basics, Application Integration, and and an appendices section.

The first part, LDAP Basics, starts off covering both a general introduction to LDAP and its history. I've always skim read sections like this in the past, but its well worth the read if you really want to understand LDAP in any detail. After having worked with LDAP for a while, it was quite good to come back to a well written description of LDAP and its uses. Part One carries on to introduce the OpenLdap server, and includes detailed instructions on compilation (unneccesary in most modern linux distributions) and configuration. Chapter 5, the last chapter in Part One, covers replication with OpenLdap's slurpd, replication, and security.

Most of the remainder of the book is dedicated to Part Two - Application Integration. The five chapters in this section cover NIS replacements, Email, Standard Unix Services, LDAP Interoperability and LDAP programming with Perl. I've had to learn most of these topics "the hard way", and finding them all neatly summarised with good examples in a single text is one of the key reasons I wish I'd had this text four years ago. Some of the points this book covers are already outdated, due to the fast-moving development of the projects it refers to, but that can't really be helped, and doesn't overly affect it. The section on NIS replacements is ideal for anyone wishing to use LDAP as a centralised authentication system for unix and windows services, and the LDAP interop chapter covers using LDAP to speak to an Active Directory Server as well, for completeness. The Email chapter covers integration of several different MTAs - sendmail, postfix and exim - and MUAs - pine, mozilla, outlook express, and eudora. Proftpd, apache, samba, freeradius, and lpr are covered by chapter 8, although it's worth noting that lpr support (storing printers in LDAP) relies on a script to generate your printcap for you - I'm not aware of any print spoolers that will support an LDAP backend for configuration just yet.

The appendices go into greater detail on some specific technologies mentioned earlier, such as PAM and NSS, the OpenLDAP command-line tools, typical LDAP attributes and objects, and a much-needed section detailing slapd ACLs.

In summary, this is an excellent book covering both the conceptual side of LDAP, and its integration into every-day technologies. I'd recommend this book both to anyone looking at integrating LDAP, and to any experienced LDAP administrators. I'd consider this book to be one of O'Reilly's definitive texts, alongside books such as the the DNS and Bind book and the Sendmail book.

-- DanielLawson

Part of CategoryBookReview