OpenLDAP System Administration

LDAP Training Description:

Lightweight Directory Access Protocol (LDAP) is re-emerging as the standard for managing resources and objects used within and in some cases between organizations. The hierarchical, yet flexible architecture, of LDAP makes it suitable for a wide range of tasks from simple customer address lists through operational provision of Single Sign-On (SSO and Identity Management) to a repository for network wide policy management. With resilience, platform independence and distributed functionality built-in, coupled with LDAP abstraction layers available from most transaction oriented database suppliers, LDAP is the ideal standards based approach to unifying data usage on an enterprise wide basis. Microsoft's Active Directory is but one of a number of enterprise wide solutions using LDAP to glue together disparate data.

Students will review the theory and organization of the LDAP hierarchy or Object Tree Structure covering the Data Information Tree (DIT), objectClasses and attributes, schemas and LDIF files. A shell application will be used (an extension of that used in the Basic LDAP course) to provide a hands-on experience. Students will learn the new operational features of recent OpenLDAP releases (2.3 and 2.4) including overlays, syncrepl and component matching. New operational features such as Real Time configuration (cn=config) and Monitoring (cn=monitor) will be described and illustrated with hands-on exercises. There are now a number of alternate Open Source LDAP implemenations available and the course reviews the functionality of FedoraDS, OpenDS and ApacheDS. Hands-on experience is provided using ApacheDS and Directory studio. A platform independent LDAP browser is used throughout the course to examine the students application as well as other LDAP implementations. Students need to be thoroughly familiar with basic LDAP technology and ideally should have taken the BASIC LDAP course.

The course uses OpenLDAP which is available on Linux, UNIX and Windows platforms and ApacheDS to illustrate one of the new generation of Open source LDAP implementations. The course makes extensive use of a platform independent LDAP browser to discover and interrogate LDAP implementations including Windows Active Directory. The course is offered with Linux (Fedora Core), FreeBSD or Windows as the platform for all exercises.

LDAP Training Audience:

The course is optimized for LDAP designers, architects and implementors, Network and System administrators and those who need a thorough understanding of LDAP technology.

LDAP Training Course duration:

2 days

LDAP Training Course outline:

Module 1: LDAP Theory Review

  • LDAP Object Tree Structure
    • LDAP models defined (Information, Naming, Functional, Security)
    • LDAP Data Information Tree (DIT)
    • LDAP DIT root
    • LDAP Entries
    • LDAP objectClasses
    • LDAP hierarchy (Parent, Child, Siblings)
    • LDAP attributes
    • ASN.1 Notation
    • ASN.1 examples
    • ASN1. in LDAP
    • LDAP Search Filters
    • LDAP Utilities
    • LDIF and DSML Overview
    • LDIF - Adding Entries
    • LDIF - Modifying Entries
    • LDIF - Deleting Entries
  • LDAP Features
    • LDAP Referrals
    • LDAP Replication
    • LDAP Archive/Restore
    • LDAP Security Overview
  • Exercise: Initialise OpenLDAP
  • Exercise: LDAP Browser
Module 2: LDAP Extending the Information (Data) Model
  • DIT Design and Organization
    • Top Level Organization of DIT
    • Global Uniqueness or Not
    • Multiple DITs
    • Future Flexibility
    • Flat architecture
    • Structural examples
    • Adding child entries
    • Extending existing entries
    • Use and function of groups
  • Attribute Characteristics
    • Deconstructing Attributes
    • Data content and format
    • Optional or Manadatory
    • Single or multiple instances
    • Names and aliases
    • Matching Rules
    • Designing and Adding Attributes
  • ObjectClass Characteristics
    • Deconstructing objectClasses
    • Collection of Attributes
    • Defines attribute properties
    • Structural, Auxiliary and Abstract
    • LDAP Schemas - packages of objectClasses and Attributes
    • Standard objectClasses
    • Designing and Adding objectClasses
  • LDAP Operational Attributes and Objects
    • LDAP subschema
    • LDAP collections
    • LDAP extensions
    • LDAP features
    • LDAP matchingrules
    • LDAP namingContexts
  • Exercise: Browse LDAP subschemas (various)
  • Exercise: Design and Code Attributes, ObjectClass and Schema
  • Exercise: Add new attributes and objectClass to DIT using LDIF
Module 3: OpenLDAP Architecture
  • OpenLDAP - Backends
    • Backend - Overview
    • Backend - dbb
    • Backend - hdb
    • Backend - SQL
    • Backend - ldbm and bdb migration
  • Overlays
    • Overlays - Overview
    • Overlay - Accesslog
    • Overlay - Auditlog
    • Overlay - Chain
    • Overlay - ppolicy (password)
    • Overlay - rwn (rewrite)
  • Exercise: Configure Acceslog overlay
  • LDAP Proxies
    • LDAP Proxies
    • LDAP Proxies and Referrals
    • Backends - Meta/LDAP
    • Overlay - pcache
    • Overlay - translucent
  • Exercise: Configure LDAP Proxies
Module 4: Syncrepl Replication
  • Master - Slave
    • Replication - Producer or consumer
    • Replication - Push/Pull models
    • Replication - Full/Partial scope
    • Operational Attributes (entryUUID, contextCSN)
    • Update Phases (Present and Delete)
    • Overlay - syncprov
    • Delta Replication (accesslog)
  • Exercise: Master-slave partial DIT replication
  • Multi-Master
    • Producer and Consumer (Server Identification)
    • Limits and Limitations
    • Security Implications
  • Exercise: N-way Multi-Master configuration
  • Exercise: Add and test security policy
Module 5: OpenLDAP Operations
  • Real-time Configuration (cn=config)
    • slapd.conf and slapd.d
    • slapd.d conversion and restoration
    • backend config
    • slapd.d structure and repair
  • Exercise: Convert to cn=config
  • Exercise: restore slapd.conf
  • Exercise: Change indexes with cn=config
  • Monitoring (cn=monitor)
    • Real-time Monitor
    • Monitor - attributes
  • Exercise: Configure Monitor via cn=config
  • Exercise: Explore results
Module 6: Component Matching
  • Basic Syntax
    • Component Matching structure
    • Attribute OID Definition
    • Replacement Search Filters
    • Instance Search Filters
    • Compound Search Filters (and, or, not)
    • Filter Examples
  • Exercise: Write and test filters
  • Advanced Syntax
    • Attribute Properties
    • Referencing Attribute Properties
    • Advanced Filter Examples
  • Exercise: Write and test Filters
  • X.509 Certificates Searching
    • X.509 Structure
    • Accessing X.509 Attributes
    • X.509 Filter Examples
  • Exercise: Write X.509 Filters
  • Exercise: Explore results
Module 7: Alternative LDAP Implementations
  • Overview
    • FedoraDS - genus, features and functions
    • OpenDS - genus, features and functions
    • ApacheDS - genus, features and functions
  • ApacheDS and Directory Studio
    • ApacheDS - Features
    • Configuration
    • Security
    • Replication
    • Directory Studio - features
    • Directory Studio - Attribute/Objectclass Definition
  • Exercise: Configure ApacheDS
  • Exercise: Directory Studio
Module 8: LDAP - Summary
  • LDAP trends
  • LDAP Resources

Wintrac Inc.
16523 SW McGwire Ct.
Beaverton OR 97007
Wintrac, Inc. All rights reserved.                                                                               Site Map   |   Terms of Use   |   Privacy Policy