LDAP servers required by System Administrators

Article Title: LDAP server to be understood by the system administrator. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Use Python-LDAP to perform the CRUD (create, read, update, and delete) operations of LDAP:

Most system administrators may need to interact with LDAP servers in their careers. This document describes how to use LDAP for Apache authentication and how to use Python-ldap to perform CRUD (create, read, update, and delete) operations on the OpenLDAP database.

Introduction

In this article, the author explains how to install OpenLDAP instances on Amazon EC2 virtual machines, set Apache/LDAP authentication, and then run CRUD (create, read, update, and delete) in Python) operation. Be sure to note that it can be found in Fedora, Ubuntu, Red Hat, And AIX? Install LDAP on the operating system. However, in this article, we decided to use the Amazon EC2 virtual machine. In any Linux? Release or any environment at hand. Finally, we will discuss a lot of code and complex technologies in this article. Download the sample code for your reference.

It is often the work of the system administrator to control LDAP through a program, so it is not surprising that there is a library in Python used to operate LDAP. The python-ldap module has existed for a while. You can find a link to the official document in the references section.

We assume that you are familiar with General LDAP concepts, such as Directory mode, Distinguished Names (DN), Common Names (CN), filters, and attributes. This document is not an LDAP tutorial; we do not like to talk about theory, but mainly focus on practical examples of using and managing LDAP databases.

What is LDAP and its purpose? So what is LDAP? According to the strict definition, LDAP represents Lightweight Directory Access Protocol. However, this name has become a synonym for the Directory architecture. When LDAP is mentioned, it usually refers to a directory service instead of a protocol. The latest version of LDAP is V3. LDAP is designed as a common directory, but there are several conventions. A record consists of one DN and one or more attributes, which are defined in the attribute definition. The schema of the LDAP database is very different from the definition language of the typical relational database schema. For example, a typical relational database is table-based, while LDAP combines inheritance. If you want to learn more about LDAP theory, we strongly recommend that you readReferencesOpenLDAP books listed in. So what is the purpose of LDAP? IT is used to authenticate the people who build the IT infrastructure. IT can also work well with Samba, so experienced system administrators can set a very advanced IT infrastructure at zero cost without having to bear the costs of other proprietary directory solutions. "Authentication" means that all computers in the infrastructure can use the same user name and password by communicating with the LDAP directory server.

LDAP initial settings and filling

If you want to set LDAP according to the instructions in this article, you need a Fedora Core 8 instance. We use an Amazon EC2 Virtual Machine instance running Fedora Core 8 32-bit. You can install LDAP on a physical server or on a virtual machine using the technology you selected. Note: For all examples, we use a domain called unisonis.com, but we recommend that you use example.com as an RFC.

Step 1: Use yum to install the openldap package:

[Root @ domU] # yum install openldap-devel Openldap-servers openldap-clients [Root @ domU] # yum list installed | grep openldap Openldap. i386 2.3.39-4. fc8 installed Openldap-clients.i386 2.3.39-4. fc8 installed Openldap-devel.i386 2.3.39-4. fc8 installed Openldap-servers.i386 2.3.39-4. fc8 installed

Step 2: Set the administrator password (we will paste the SSHA hash value in slapd. conf ). Note that slapd represents the Standalone LDAP service, so this service controls LDAP itself:

[Root @ domU] # slappasswd New password: Re-enter new password:

Step 3: edit the slapd. conf configuration file and add the entries required for general LDAP installation, such as root DN and root/administrator password:

[Root @ domU] # vi/etc/openldap/slapd. conf # Add entries: Database bdb Suffix "dc = unisonis, dc = com" Rootdn "cn = Manager, dc = unisonis, dc = com" Rootpw {SSHA} pasted_from_slappasswd_output Directory/var/lib/ldap

Step 4: Start the LDAP Service:

[Root @ domU] # service ldap start Starting slapd: [OK]

[1] [2] [3] [4] Next page