OpenLDAP Workshop
A 3-day hands-on training course covering LDAP and OpenLDAP from the ground up: everything you need to know to administer OpenLDAP installations from the smallest up to a million or more entries.
Course Outline
- LDAP overview
- Comparison with web and relational databases
- Entry structure
- Tree structure
- Simple searches
- Attributes Syntaxes and Object Classes
- LDAP Operations
- LDIF
- Command-line tools
- GUI tools
- Basic OpenLDAP configuration
- Server structure: front-end, overlays, back-ends
- File-based configuration
- LDAP-based configuration
- Server command-line options
- Building test servers
- Differences for production servers
- Logging
- Authentication and Authorisation using LDAP
- Bind methods: simple, SASL, public-key, Kerberos
- Security of passwords: ldap:/// ldaps:/// ldapi:///
- Representing groups in LDAP
- Using LDAP for Authentication and authorisation of other services
- RFC2307 / RFC2307bis
- OpenLDAP in Linux
- Distros and packaging
- Starting at boot-time
- NSS and PAM
- Distributed directories
- Replication, Chaining, and Referral
- Master-slave
- Mirrormode
- Delta Syncrepl
- Larger topologies
- Monitoring replication
- SASL
- SASL concepts
- UserIDs and credentials
- Mapping SASL IDs to DNs
- SASL mechanisms: DIGEST-MD5, PLAIN, EXTERNAL
- SSL/TLS
- Certificate hierarchies
- Making certificates with OpenSSL
- Using TLS with OpenLDAP: Server certs, Client certs and SASL EXTERNAL
- Access Control
- Basic ACLs
- Limits
- Access Control Policy
- Testing ACLs
- Extending the schema
- Simple Schema Design
- OIDs
- Schema definition files
- Extending OpenLDAP
- Overlays
- auditlog
- accesslog
- syncprov
- unique
- constraint
- rwm
- Backends
- mdb, hdb and bdb
- ldap and meta
- monitor
- Overlays
- OpenLDAP performance
- Basic tuning
- Indexing and re-indexing
- Finding out what the clients are doing
- Monitoring and the monitor backend
- Choosing server hardware
- Operating System issues
- Using LDAP-based configuration
- cn=config and the config backend
- RootDN and rootPW (or not) for cn=config
- Converting existing slapd.conf files
- Bootstrap from LDIF
- Backup and restore
- LDIF backups
- DB backups
- Recovery plans
Samples
Instructor
Andrew Findlay has taught LDAP courses across Europe since 2003. He has been involved in Directory Services since 1988, and has written a number of influential papers on directory design.
Offerings
The workshop is offered either as a face-to-face class at our training location in Maidenhead UK, or on your own site, or it can be provided as an instructor-led online class. Both forms use the same material and exercises and are fully supported by the instructor.
No previous knowledge of LDAP is needed.
Prerequisites for face-to-face
Delegates should bring a laptop PC to use for the exercises. It needs:
- 10GB of free disk space
- 2GB of RAM
- VMware: Workstation is most flexible, but Server or Player will work
- DVD drive or USB to read virtual machine images
If you do not have a suitable laptop, please contact us in good time to arrange a hired machine. (Maidenhead courses only).
Prerequisites for remote delivery
Presentations and exercises will take place on cloud-based machines. Delegates need access to a system that has:
- Skype installed and working for voice communication to the internet - Skype Home Page
- VNC client installed and working with access to the internet. Most Linux systems already have vncviewer, users of other systems may need to install a viewer such as RealVNC, TightVNC or JollysFastVNC (for Mac).
- There are free versions of all products.
Availability
The course is available immediately. Contact office@skills-1st.co.uk or call +44 1628 782565 to book your place.
Course fee: £1200 (+VAT where applicable)