Building an LDAP Server on Linux, Part 1

Your network is growing in size and complexity. It's taking on a life of its own, spreading and growing and absorbing everything in its path. You're tearing your hair out trying to keep track, and your users have somehow discovered your secret phone number and are pestering you with endless questions and demands — where do I find this; I don't want to keep track of a dozen different passwords; nothing works like it should.

Of several possible solutions, consider two: 1) find a new hiding place, or 2) implement an LDAP server. While finding a new hiding place might sound ideal, it's an option we're going to have to save for a future article. This series will instead explain what LDAP is good for, detail how to build an LDAP server, and cover what you can do with it.

What LDAP Can Do

In a nutshell, LDAP provides central management of access, authentication, and authorization. It's easily customizable and can:

• Centralize user and group management
• Centralize information stores
• Set security and access control
• Securely delegate read and modification authority
• Serve almost any platform
• Scale efficiently

What LDAP Cannot Do

• Be a heavy-duty relational or transactional database
• Be a filesystem
• Leap tall buildings in any number of bounds

The LDAP protocol is cross-platform, network-aware, and standards-based. There are all kinds of LDAP implementations from all kinds of vendors. This series will focus on OpenLDAP on Linux.

Page 2: To DB or Not to DB