LDAP Features and Installation. Open source LDAP Apps
LDAP Stands for Lightweight Directory Access Protocol. It is a lightweight client-server protocol used to access centrally stored information over a network. LDAP cannot create or specify how a directory service operates. LDAP provides directory support to browser applications that do not have directory service support.
Why Use LDAP?
The main benefit of using LDAP is that it can consolidate information of an entire organization into a central repository. This central directory can be accessible from any location on the network. It supports Transport Layer Security (TLS) to provide data protection.
LDAP Directory Service Model
The LDAP Directory Service Model is based on a client server model which consists of one or more LDAP servers containing data which makes an LDAP directory tree. The LDAP client requests information or performs operations by connecting to an LDAP server. The LDAP server performs this operation, or refers to another LDAP server that may able to perform this operation or provide information to LDAP clients.
Some of the most notable open source LDAP server implementations are:
1)OpenLDAP
2) ForgeRock OpenDJ
3) Apache DS
4) 389 Directory Server
1) OpenLDAP
OpenLDAP is an open source implementation of LDAP protocol developed by the OpenLDAP Project. It was derived from LDAP and designed to run on TCP/IP. OpenLDAP supports LDAPv3 which provide support for Simple Authentication and Security Layer (SASL), and Transport Layer Security (TLS). OpenLDAP also support IPv6. OpenLDAP provides more security through inter process communication (IPC) instead of communicating over the network.
Features of OpenLDAP
1) LDAPv3 Support: support for Simple Authentication and Security Layer and Transport Layer Security.
2) OpenLDAP supports the next generation Internet Protocol version 6.
3) Updated C API: Improves the way programmers can connect to and use LDAP directory servers.
4) DIFv1 Support: Provides full compliance with the LDAP Data Interchange Format (LDIF) version 1.
5) Enhanced Stand-Alone LDAP Server
2) ForgeRock OpenDJ
OpenDJ is a fork of former project. It has the similar structure as the Oracle Unified Directory and was inherited from Sun Microsystems. OpenDJ was designed to replace the Sun Directory Server and has good documentation and commercial support same as OpenLDAP. It provides a client application to manage the server as well some features like single sign on and authorization
Features of OpenDJ
1) It is an open source.
2) Open access.
3) Open architecture.
4) Provide Data Integrity and Security.
5) Monitoring and auditing services.
3) Apache DS
Apache DS is released under apache license. It is an extensible a directory server written in Java. It supports Kerberos5 and change password protocol. It provides a client application which allows admins to manage users and groups.
4) 389 Directory Server
389 Directory Server is a Red Hat product licensed with GPL. It provides a graphical interface that can be used for administration.
Features of 389 Directory Server
1) High performance
2) Multi-Master Replication, to provide fault tolerance and high write performance.
3) Active Directory user and group synchronization.
4) Secure authentication and transport (TLS, and SASL).
Advantages of LDAP
1) Provides faster searching and retrieval of data.
2) Good security mechanisms.
4) Provides a standard means of accessing data over a network.
5) Ease of implementation and well-defined Application Programming Interface (API).
Disadvantages of LDAP
1) Lack of standardization in some areas.
2) Flexibility.
3) Entries are in non-ASCII format. Special tools are needed for update.
4) Application vendors use directories in their own way.
Basic Installation steps
1) Install all packages using the below command.
# yum install *openldap* -y
2) Setup OpenLDAP root Password.
# slappasswd
3) Edit Configuration File.
# vi /etc/openldap/slapd.conf
4) Start Services.
# service ldap start
# chkconfig ldap on
LDAP commands
1) ldapmodify: Connects to an LDAP server, binds, and modifies entries.
2) ldapadd: Connects to an LDAP server, binds, and adds entries.
3) ldapdelete: Deletes an LDAP entry.
4) ldapsearch: Used to search LDAP servers.
5) ldappasswd: Change the password of an LDAP entry.
If you need any further assistance please contact our support department.
