Edinburgh Castle
LDAP System Administration
AuthorsGerald Carter
DateMarch 2003
ReviewerGavin Sandie
Cover image for LDAP System Administration

NewUser: "How do I change my password?"

LocalAdmin: "Ok, you've got to change it here, then login to admin01 and run 'ourpasswordchange' to change it."

It's a familiar conversation that I'm sure we've all had in a new workplace, educational facility etc. Passwords and user account info stored on multiple systems. I always used to think 'They should use LDAP' but along with that thought was the nagging knowledge that I didn't really know much about LDAP, thankfully LDAP System Administration comes to the rescue.

The book is split into two parts. The first part deals with LDAP itself. We begin with a gentle introduction to directory systems and LDAP, before moving swiftly onto a more technical discussion. I was pleased to see that during these introductory chapters (and throughout the rest of the book) the author makes many mentions to the RFCs on which LDAP is based. Personally I like to see this as I know I can go and check the exact wordings of those texts, without spending an age prodding and poking a search engine to find the RFC I need.

The author uses OpenLDAP as a directory server to build your directory in and you are encouraged to build up a sample directory as you work through the book. The remaining sections in part one deal with the server setup and you then work through making your own directory. Each section moves at a nice pace with the author touching on some further issues (e.g. kerberos authentication) and then pointing you in the direction of the resources so you can study those issues further.

The second section of the book mainly deals with integrating your new directory server with your applications. Here the book shows it's age slightly with mentions of older mail clients, however I found the theories to be sound. In my opinion this section really shows off the power of LDAP. You are given good examples of how and where your new directory can be put to use, and these examples are backed with a reasoning. The overall theme to this section, and indeed the book, is making your life as an admin easier.

The chapters I found most interesting were those on moving from NIS to LDAP, and a section on making your directory servers play nicely with other vendors implementations (OpenLDAP and ActiveDirectory show that they can be happy together). The book rounds off with a chapter on Net::LDAP, with some small example scripts to show you how you can manage your directory.


Overall I enjoyed this book, I found it to be an easy read with each section clearly explained. LDAP turned out to be a much more powerful tool than I had imagined and its something I'd defiantly try to use when starting any new company or IT venture. For me the nagging feeling is now gone and I'd happily recommend the book to anyone who is wanting to get started with LDAP.

Table of contents

LDAP System Administration

Ch  1. "Now where did I put that...?", or "What is a directory?"
Ch  2. Chapter 2: LDAPv3 Overview
Ch  3. OpenLDAP
Ch  4. OpenLDAP: Building a Company White Pages
Ch  5. Replication, Referrals, Searching, and SASL Explained
Ch  6. Replacing NIS
Ch  7. Email and LDAP
Ch  8. Standard Unix Services and LDAP
Ch  9. LDAP Interoperability
Ch 10. Net::LDAP and Perl
App A. PAM and NSS
App B. OpenLDAP Command-Line Tools
App C. Common Attributes and Objects
App D. LDAP RFCs, Internet-Drafts, and Mailing Lists
App E. slapd.conf ACLs

faded separator

Page maintained via github.com/edinburgh-pm/edinburgh.pm