LDAP configuration management and fault diagnosis in AIX

Introduction

User management is an important part of the distributed computing environment. It provides common access to the required consistent authentication and authorization services. Many customers use IBM Directory server to achieve centralized security management, and IBM directory server is a centralized security mechanism supported by aix®. To make an effective configuration of IBM directory Server and prepare for use, you need to gain insight into the concept and configuration management of Lightweight Directory Access Protocol (LDAP).

This article provides an overview of LDAP and its architecture. This article also describes the LDAP configuration and management in AIX. This article focuses on how to troubleshoot different types of issues during the process of configuring LDAP servers and clients. For AIX administrators, technical support personnel, and development groups, the recommendations provided in the Troubleshooting section are helpful.

LDAP Overview and Architecture

LDAP is an industry-standard protocol for accessing directory servers. IBM Directory Server needs to be configured to support user authentication through LDAP using Aix-specific schemas and RFC 2307 mode in Aix.

LDAP is optimized for reading, browsing, searching directories and databases dedicated to storing ordered information. The goal of many computing environments is to enable users from any location, such as workstations, public workstations, and the Web, to use a variety of network resources. You can use IBM Directory Server for user management to achieve this goal.

Figure 1 shows an overview of the LDAP configuration.

Figure 1. LDAP Configuration

LDAP is a standardized protocol and a specialized database for storing ordered information. When a user logs on, the LDAP client sends a query to the LDAP server to get the user and group information from a centralized database. Db2® is a database that is used to store user and group information. The LDAP database stores and retrieves information based on an entry with a hierarchy, each of which has a name, type, and property that distinguishes it from the other entries. property is used to define an acceptable value for the entry. The LDAP database can store and maintain their entries for many users.

An LDAP security loading module was created in AIX Version 4.3. Through IBM secureway®directory, this loading module provides user authentication, centralized user and group management capabilities. Users defined in the LDAP server can be configured so that they can log on to the LDAP client, even if the user is not defined locally. The AIX LDAP load module is fully integrated with the AIX operating system.

Configuring IBM Directory Server

You can configure IBM Directory Server on AIX using one of the following three ways:

Ldapcfg Command line tools

Graphical version of the Ldapcfg tool, called ldapxcfg

MKSECLDAP command

The following are the set of files required to configure IBM Directory Server:

Ldap.server File Set

DB2 is the back-end database software required by IBM Directory Server