Introduction to OpenLDAP
Simplify your network administrator duties by implementing OpenLDAP for Linux--the open source version of lightweight directory access protocol (LDAP).
OpenLDAP is a suite of client/server tools that implement the Lightweight Directory Access Protocol (LDAP) for Linux. In this article, I'll introduce you to LDAP and OpenLDAP and explain why these tools may be valuable to you and to your company.
LDAP uses a database that stores various bits of information that can be accessed remotely by using LDAP-aware client programs. For example, users using the Netscape Web browser can enable the Roaming User feature of the Web browser and have available their Netscape bookmarks--regardless of where they are physically accessing the Internet--as long as their bookmarks have been uploaded to an LDAP server. Netscape allows the same remote-access ability with its address book.
The LDAP protocol is an advanced directory service protocol that saves time and energy for individuals and companies. It's a strong, feature-rich protocol that co-exists with other similar protocols like Network Information Services (NIS) to offer centralized informational databases to companies and networks.
Everyone uses LDAP-like databases. Similar databases exist to provide finger information, to send e-mail to any given e-mail address, or to access any Web site. Although you aren't knowingly accessing a database, your ISP's e-mail server or your Web browser is accessing a database--it may be reading a local list of usernames or probing a DNS server for the IP address belonging to a specific Web site.
LDAP is considered a global directory service because the information it provides is the same, regardless of where you initiate the client session with a remote LDAP server. DNS is another global directory service. The information you obtain from a DNS server is the same, regardless of the location from which you're accessing that information.
OpenLDAP is an open source implementation of LDAP. The OpenLDAP suite consists of slapd, the stand-alone LDAP server; slurpd, the stand-alone LDAP replication server; libraries implementing the LDAP protocol; and various utilities, tools, and sample clients. The OpenLDAP Project is a group effort to develop a robust, commercial-grade, open-source LDAP suite of applications and development tools. The entire project is overseen and developed by volunteer members. In the tradition of open-source projects, all the source code for every library and executable is freely available to the public. The current version of OpenLDAP is 1.2.10 for the Linux, FreeBSD, Solaris, and SunOS platforms.
The direction of OpenLDAP
The OpenLDAP Project was heading towards a 1.3 release for the second quarter of 1999, but that was changed to redirect the project's development efforts to the next major 2.0 release (currently in an alpha testing stage). It will support the third version of the LDAP protocol, as well as SASL/TLS/SSL encryption. The library used in the next 2.0 release is multithreaded, making the overall suite much more efficient and resource friendly. The slapd daemon has enhanced threading, as well. Proxy LDAP support has also been added, along with a higher level of integration with Windows NT. Finally, various back-ends are being developed for the slapd daemon, which will provide Perl and TCL access to the server.
OpenLDAP 2.0 was originally slated for release in the fourth quarter of 1999. Currently, no updates have been released indicating when 2.0 will be publicly available as a stable version. The current alpha version has been in the testing stage since November 1999. You can download and use the alpha version, although it is not recommended for production servers.
Using a combination of tools like OpenLDAP, NIS, DHCP, and other database-style configuration or informational servers and tools, the day-to-day tedious responsibilities of network administrators can be reduced and made more manageable, saving time and money in the long run. Linux is an optimal choice as a server operating system to provide these dynamic client/server tools to any network. Because Linux interoperates seamlessly with other operating systems utilizing TCP/IP, using it as a server component to your network makes sense. And with freely available, high-quality tools like OpenLDAP (among many others), Linux provides the flexibility you want with a price you can't beat. //
Vincent Danen is a self-employed Linux consultant and freelance writer native to Edmonton, Alberta, Canada. He has been using Linux exclusively since mid-1997. Vincent is a firm believer in the philosophy behind the Linux "revolution" and attempts to contribute to the Linux cause in as many ways as possible, from his Freezer Burn Web site to building custom RPMs for the Linux Mandrake project.