UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






LDAP System Administration Gerald Carter
Published by O'Reilly and Associates
308 pages
£ 28.50
Published: 1st April 2003
reviewed by Raza Rizvi
   in the December 2003 issue (pdf), (html)

I have been musing about LDAP for ages, so I jumped at the chance to review this text to see if it cleared up any of the cloudy aspects of what I felt I ought to know. It did the job -- though it might be better titled as OpenLDAP System Administration since it deals only with the largest open source, non-commercial implementation (other commercial directory offerings get fleeting mentions except for the Kerberos based MS Active Directory).

This is a clearly written and well structured book with good use of example and figures, in fact at times whole chapters seem to be in the constant width font used to indicate code fragments or user input!

The background is clearly set out with the reasons why one might wish to deploy a directory based system and a distillation of the relevant LDAPv3 terms (LDIF, Schemas, Attributes etc). It is worth paying attention to the basic terminology, as it is used, not unexpectedly, throughout the rest of the book. Those older readers who were familiar with X500 can chuckle quietly to themselves?

Chapter 3 shows how OpenLDAP is installed, configured, and secured, with deployment being covered in chapter 4 using a fictitious company. It was a shame that the company was not also used as the book expanded into how resilience and replication should be implemented?

The second half of the book deals with real-world integration of LDAP into systems applications, starting with the obvious candidate, NIS. This is a full description with good examples, and the book continues to similarly cover email, both popular mail clients accessing white pages of user info akin to that created for the fictitious company and mail servers (sendmail/postfix/exim) using it for mail routing.

The core Internet services (HTTP/FTP/RADIUS/DNS) are given the LDAP integration treatment in satisfactory detail along with Samba and printing.

Although this is an OpenLDAP text, the author is clearly aware that it will often have to live alongside some older database technology or some other pretender to the crown of directory king. Sensibly he chooses to base his example on Microsoft Active Directory (AD) and there is a reasonably detailed example of the creation of a single directory structure using both AD and OpenLDAP though it's horses for courses as to whether it will be of use to your own organisation. Perhaps more of interest are the latter details on how to have multiple LDAP servers for multiple purposes using multiple vendor solutions, and again Active Directory is the chosen example?

The book rounds off with the PERL Net::LDAP module, and a whole string of useful snippets to search, add, delete, and modify entries. Clearly these will save time and hair-pulling for some people.

Although hard going at times, the book has been immensely useful as an introduction to LDAP at a moderate level. It doesn't cover every aspect of the protocol but there is more than enough to act as a decent grounding.

The OpenLDAP sections are very good given that it is easy to put a test server up to see what and how your company might use LDAP services. The use of Active Directory for examples was wise and well done.

But the best part for me was the integration with real examples of applications, it is clearly illustrated how to configure both LDAP and the application to inter-work.

I thoroughly commend the text to those who are looking to centralise information directories.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 03 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.