Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

251

252

253

254

255

256

257

258

259

260

Chapter 18. Lightweight Directory Access Protocol (LDAP) 259

• ldapsearch — Searches for entries in the LDAP directory using a shell prompt.

• ldapdelete — Deletes entries from an LDAP directory by accepting input via user input at the

terminal or via a ﬁle.

With the exception of ldapsearch, each of these utilities is more easily used by referencing a ﬁle

containing the changes to be made rather than typing a command for each entry you wish to change

in an LDAP directory. The format of such a ﬁle is outlined in each application’s man page.

18.2.1. NSS, PAM, and LDAP

In addition to the OpenLDAP packages, Red Hat Linux includes a package called nss_ldap which

enhances LDAP’s ability to integrate into both Linux and other UNIX environments.

The nss_ldap package provides the following modules:

• /lib/libnss_ldap-

glibc-version .so

• /lib/security/pam_ldap.so

The libnss_ldap- glibc-version .so module allows applications to look up user, group,

hosts, and other information using an LDAP directory via glibc’s Nameservice Switch (NSS) inter-

face. NSS allows applications to authenticate using LDAP in conjunction with Network Information

Service (NIS) name service and ﬂat authentication ﬁles.

The pam_ldap module allows PAM-aware applications to authenticate users using information stored

in an LDAP directory. PAM-aware applications include console login, POP and IMAP mail servers,

and Samba. By deploying an LDAP server on your network, all of these login situations can authen-

ticate against one user ID and password combination, greatly simplifying administration.

18.2.2. PHP4, the Apache HTTP Server, and LDAP

Red Hat Linux includes a package containing LDAP module for the PHP server-side scripting lan-

guage.

The php-ldap package adds LDAP support to the PHP4 HTML-embedded scripting language via the

/usr/lib/php4/ldap.so module. This module allows PHP4 scripts to access information stored

in an LDAP directory.

Important

Red Hat Linux 8.0 no longer ships with the auth_ldap package. This package provided LDAP support

for versions 1.3 and earlier of the Apache HTTP Server. See the Apache Software Foundation website

at http://www.apache.org/ for details on the status of this module.

18.2.3. LDAP Client Applications

There are graphical LDAP clients available which support creating and modifying directories, but they

do not ship with Red Hat Linux 8.0. One such application is LDAP Browser/Editor — A Java-based

tool available at http://www.iit.edu/~gawojar/ldap.

Most other LDAP clients access directories as read-only, using them to reference, but not alter,

organization-wide information. Some examples of such applications are Mozilla-based Web browsers,

Sendmail Balsa, Pine, Evolution, Gnome Meeting.