OpenLDAP Software 2.3 Administrator's Guide OpenLDAP Software 2.3 Administrator's Guide Table of Contents Preface..................................................................................................................................................................1 Copyright.................................................................................................................................................1 Scope of this Document...........................................................................................................................1 Acknowledgments....................................................................................................................................1 Amendments............................................................................................................................................1 About this document................................................................................................................................2 1. Introduction to OpenLDAP Directory Services...........................................................................................3 1.1. What is a directory service?..............................................................................................................3 1.2. What is LDAP?.................................................................................................................................3 1.3. How does LDAP work?....................................................................................................................6 1.4. What about X.500?...........................................................................................................................6 1.5. What is the difference between LDAPv2 and LDAPv3?.................................................................6 1.6. What is slapd and what can it do?.....................................................................................................7 1.7. What is slurpd and what can it do?...................................................................................................8 2. A Quick−Start Guide......................................................................................................................................9 3. The Big Picture − Configuration Choices...................................................................................................13 3.1. Local Directory Service..................................................................................................................13 3.2. Local Directory Service with Referrals..........................................................................................13 3.3. Replicated Directory Service..........................................................................................................13 3.4. Distributed Local Directory Service...............................................................................................14 4. Building and Installing OpenLDAP Software............................................................................................15 4.1. Obtaining and Extracting the Software...........................................................................................15 4.2. Prerequisite software.......................................................................................................................15 4.3. Running configure..........................................................................................................................17 4.4. Building the Software.....................................................................................................................18 4.5. Testing the Software.......................................................................................................................18 4.6. Installing the Software....................................................................................................................18 5. Configuring slapd..........................................................................................................................................19 5.1. Configuration Layout......................................................................................................................19 5.2. Configuration Directives.................................................................................................................21 5.3. Access Control................................................................................................................................34 5.4. Configuration Example...................................................................................................................40 6. The slapd Configuration File.......................................................................................................................43 6.1. Configuration File Format..............................................................................................................43 6.2. Configuration File Directives.........................................................................................................44 6.3. Access Control................................................................................................................................53 6.4. Configuration File Example............................................................................................................58 7. Running slapd................................................................................................................................................61 7.1. Command−Line Options.................................................................................................................61 7.2. Starting slapd..................................................................................................................................62 7.3. Stopping slapd.................................................................................................................................62 i OpenLDAP Software 2.3 Administrator's Guide Table of Contents 8. Database Creation and Maintenance Tools................................................................................................63 8.1. Creating a database over LDAP......................................................................................................63 8.2. Creating a database off−line...........................................................................................................64 8.3. The LDIF text entry format.............................................................................................................66 9. Schema Specification....................................................................................................................................69 9.1. Distributed Schema Files................................................................................................................69 9.2. Extending Schema..........................................................................................................................69 10. Security Considerations..............................................................................................................................77 10.1. Network Security..........................................................................................................................77 10.2. Data Integrity and Confidentiality Protection...............................................................................78 10.3. Authentication Methods................................................................................................................78 11. Using SASL..................................................................................................................................................81 11.1. SASL Security Considerations.....................................................................................................81 11.2. SASL Authentication....................................................................................................................82 11.3. SASL Proxy Authorization...........................................................................................................88 12. Using TLS....................................................................................................................................................91 12.1. TLS Certificates............................................................................................................................91 12.2. TLS Configuration........................................................................................................................91 13. Constructing a Distributed Directory Service..........................................................................................95 13.1. Subordinate Knowledge Information............................................................................................95 13.2. Superior Knowledge Information.................................................................................................95 13.3. The ManageDsaIT Control...........................................................................................................96 14. Replication with slurpd..............................................................................................................................97 14.1. Overview.......................................................................................................................................97