OpenLDAP Workshop

• Basic familiarity with Linux system administration
• Comfort using the command line
• No previous knowledge of LDAP is required

Audience

• System administrators
• Network engineers
• IT professionals responsible for identity and access management

OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol used for directory services and identity management.

This instructor-led, live training (online or onsite) is aimed at intermediate-level system administrators and IT professionals who wish to install, configure, manage, and secure LDAP directories using OpenLDAP.

By the end of this training, participants will be able to:

• Understand the structure and operation of LDAP directories.
• Install and configure OpenLDAP for various deployment environments.
• Implement access control, authentication, and replication mechanisms.
• Use OpenLDAP with third-party services and applications.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

OpenLDAP Overview

• Comparison with web and relational databases
• Entry structure and tree structure
• Simple searches and RootDSE
• Attributes syntaxes and object classes
• LDAP operations and LDIF
• Command-line tools and GUI tools (phpLDAPadmin)

Basic Configuration and Maintenance

• Installation from source and packages
• Server structure: front-end, overlays, back-ends
• Static and dynamic configuration
• Monitoring with cn=monitor
• Backup, restore, and backend conversion
• Upgrading OpenLDAP

Authentication and Authorization using LDAP

• Bind methods and password security
• Group representation in LDAP
• Integrating with services (e.g., Apache)
• System user management with NSS and PAM

SSL/TLS

• Certificate hierarchies
• TLS with OpenLDAP: server and client certificates

Access Control

• Basic ACLs, limits, and policy
• Testing ACLs

Distributed Directories

• Replication, chaining, and referrals
• Master-slave and mirror mode configurations

Extending the Schema

• Simple schema design and OIDs
• Schema definition files
• Designing the Directory Information Tree

Working with Existing Applications and Services

• Directory synchronization and transformation tools
• LDAP proxies, firewalls, and entry mapping

Summary and Next Steps