ตั้งใจจะมาศึกษาเรื่อง OpenLDAP เป็นเรื่องเป็นราวซ่ะที ผมก็เลยไปเอาสารบัญของ OpenLDAP ตัวแม่มาวางไว้เป็นฐานไว้ก่อนแล้วก็ค่อยตามสอยทีหลัง..คงไม่ได้มานั่งแปลเป็นเรื่องเป็นราว อารมณ์คงไปอ่านแล้วเอามาสรุปๆๆ เป็นหัวข้อเอา

OpenLDAP
 

1. มาทำความรู้จักับ OpenLDAP กันซักหน่อย
      1.1. Directory Server คืออะไร
      1.2. แล้ว LDAP คืออะไร
      1.3. เมื่อไหร่ที่ผมควรจะเลือกใช้ LDAP
      1.4. เมื่อไหร่ที่ไม่ควรใช้ LDAP
      1.5. LDAP ทำงานอย่างไร
      1.6. What about X.500?
      1.7. What is the difference between LDAPv2 and LDAPv3?
      1.8. LDAP vs RDBMS
      1.9. What is slapd and what can it do?

2. A Quick-Start Guide
3. The Big Picture – Configuration Choices
      3.1. Local Directory Service
      3.2. Local Directory Service with Referrals
      3.3. Replicated Directory Service
      3.4. Distributed Local Directory Service

4. Building and Installing OpenLDAP Software
      4.1. Obtaining and Extracting the Software
      4.2. Prerequisite software
            4.2.1. Transport Layer Security
            4.2.2. Simple Authentication and Security Layer
            4.2.3. Kerberos Authentication Service
            4.2.4. Database Software
            4.2.5. Threads
            4.2.6. TCP Wrappers
      4.3. Running configure
      4.4. Building the Software
      4.5. Testing the Software
      4.6. Installing the Software

5. Configuring slapd
      5.1. Configuration Layout
      5.2. Configuration Directives
            5.2.1. cn=config
            5.2.2. cn=module
            5.2.3. cn=schema
            5.2.4. Backend-specific Directives
            5.2.5. Database-specific Directives
            5.2.6. BDB and HDB Database Directives

6. The slapd Configuration File
      6.1. Configuration File Format
      6.2. Configuration File Directives
            6.2.1. Global Directives
            6.2.2. General Backend Directives
            6.2.3. General Database Directives
            6.2.4. BDB and HDB Database Directives

7. Access Control
      7.1. Introduction
      7.2. Access Control via Static Configuration
            7.2.1. What to control access to
            7.2.2. Who to grant access to
            7.2.3. The access to grant
            7.2.4. Access Control Evaluation
            7.2.5. Access Control Examples
            7.2.6. Configuration File Example
      7.3. Access Control via Dynamic Configuration
            7.3.1. What to control access to
            7.3.2. Who to grant access to
            7.3.3. The access to grant
            7.3.4. Access Control Evaluation
            7.3.5. Access Control Examples
            7.3.6. Access Control Ordering
            7.3.7. Configuration Example
            7.3.8. Converting from slapd.conf(5) to a cn=config directory format
      7.4. Access Control Common Examples
            7.4.1. Basic ACLs
            7.4.2. Matching Anonymous and Authenticated users
            7.4.3. Controlling rootdn access
            7.4.4. Managing access with Groups
            7.4.5. Granting access to a subset of attributes
            7.4.6. Allowing a user write to all entries below theirs
            7.4.7. Allowing entry creation
            7.4.8. Tips for using regular expressions in Access Control
            7.4.9. Granting and Denying access based on security strength factors (ssf)
            7.4.10. When things aren’t working as expected
      7.5. Sets – Granting rights based on relationships
            7.5.1. Groups of Groups
            7.5.2. Group ACLs without DN syntax
            7.5.3. Following references

8. Running slapd
      8.1. Command-Line Options
      8.2. Starting slapd
      8.3. Stopping slapd

9. Database Creation and Maintenance Tools
      9.1. Creating a database over LDAP
      9.2. Creating a database off-line
            9.2.1. The slapadd program
            9.2.2. The slapindex program
            9.2.3. The slapcat program
      9.3. The LDIF text entry format

10. Backends
      10.1. Berkeley DB Backends
            10.1.1. Overview
            10.1.2. back-bdb/back-hdb Configuration
            10.1.3. Further Information
      10.2. LDAP
            10.2.1. Overview
            10.2.2. back-ldap Configuration
            10.2.3. Further Information
      10.3. LDIF
            10.3.1. Overview
            10.3.2. back-ldif Configuration
            10.3.3. Further Information
      10.4. Metadirectory
            10.4.1. Overview
            10.4.2. back-meta Configuration
            10.4.3. Further Information
      10.5. Monitor
            10.5.1. Overview
            10.5.2. back-monitor Configuration
            10.5.3. Further Information
      10.6. Null
            10.6.1. Overview
            10.6.2. back-null Configuration
            10.6.3. Further Information
      10.7. Passwd
            10.7.1. Overview
            10.7.2. back-passwd Configuration
            10.7.3. Further Information
      10.8. Perl/Shell
            10.8.1. Overview
            10.8.2. back-perl/back-shell Configuration
            10.8.3. Further Information
      10.9. Relay
            10.9.1. Overview
            10.9.2. back-relay Configuration
            10.9.3. Further Information
      10.10. SQL
            10.10.1. Overview
            10.10.2. back-sql Configuration
            10.10.3. Further Information

11. Overlays
      11.1. Access Logging
            11.1.1. Overview
            11.1.2. Access Logging Configuration
            11.1.3. Further Information
      11.2. Audit Logging
            11.2.1. Overview
            11.2.2. Audit Logging Configuration
            11.2.3. Further Information
      11.3. Chaining
            11.3.1. Overview
            11.3.2. Chaining Configuration
            11.3.3. Handling Chaining Errors
            11.3.4. Read-Back of Chained Modifications
            11.3.5. Further Information
      11.4. Constraints
            11.4.1. Overview
            11.4.2. Constraint Configuration
            11.4.3. Further Information
      11.5. Dynamic Directory Services
            11.5.1. Overview
            11.5.2. Dynamic Directory Service Configuration
            11.5.3. Further Information
      11.6. Dynamic Groups
            11.6.1. Overview
            11.6.2. Dynamic Group Configuration
      11.7. Dynamic Lists
            11.7.1. Overview
            11.7.2. Dynamic List Configuration
            11.7.3. Further Information
      11.8. Reverse Group Membership Maintenance
            11.8.1. Overview
            11.8.2. Member Of Configuration
            11.8.3. Further Information
      11.9. The Proxy Cache Engine
            11.9.1. Overview
            11.9.2. Proxy Cache Configuration
            11.9.3. Further Information
      11.10. Password Policies
            11.10.1. Overview
            11.10.2. Password Policy Configuration
            11.10.3. Further Information
      11.11. Referential Integrity
            11.11.1. Overview
            11.11.2. Referential Integrity Configuration
            11.11.3. Further Information
      11.12. Return Code
            11.12.1. Overview
            11.12.2. Return Code Configuration
            11.12.3. Further Information
      11.13. Rewrite/Remap
            11.13.1. Overview
            11.13.2. Rewrite/Remap Configuration
            11.13.3. Further Information
      11.14. Sync Provider
            11.14.1. Overview
            11.14.2. Sync Provider Configuration
            11.14.3. Further Information
      11.15. Translucent Proxy
            11.15.1. Overview
            11.15.2. Translucent Proxy Configuration
            11.15.3. Further Information
      11.16. Attribute Uniqueness
            11.16.1. Overview
            11.16.2. Attribute Uniqueness Configuration
            11.16.3. Further Information
      11.17. Value Sorting
            11.17.1. Overview
            11.17.2. Value Sorting Configuration
            11.17.3. Further Information
      11.18. Overlay Stacking
            11.18.1. Overview
            11.18.2. Example Scenarios

12. Schema Specification
      12.1. Distributed Schema Files
      12.2. Extending Schema
            12.2.1. Object Identifiers
            12.2.2. Naming Elements
            12.2.3. Local schema file
            12.2.4. Attribute Type Specification
            12.2.5. Object Class Specification
            12.2.6. OID Macros

13. Security Considerations
      13.1. Network Security
            13.1.1. Selective Listening
            13.1.2. IP Firewall
            13.1.3. TCP Wrappers
      13.2. Data Integrity and Confidentiality Protection
            13.2.1. Security Strength Factors
      13.3. Authentication Methods
            13.3.1. "simple" method
            13.3.2. SASL method
      13.4. Password Storage
            13.4.1. SSHA password storage scheme
            13.4.2. CRYPT password storage scheme
            13.4.3. MD5 password storage scheme
            13.4.4. SMD5 password storage scheme
            13.4.5. SHA password storage scheme
            13.4.6. SASL password storage scheme
            13.4.7. KERBEROS password storage scheme
      13.5. Pass-Through authentication
            13.5.1. Configuring slapd to use an authentication provider
            13.5.2. Configuring saslauthd
            13.5.3. Testing pass-through authentication

14. Using SASL
      14.1. SASL Security Considerations
      14.2. SASL Authentication
            14.2.1. GSSAPI
            14.2.2. KERBEROS_V4
            14.2.3. DIGEST-MD5
            14.2.4. Mapping Authentication Identities
            14.2.5. Direct Mapping
            14.2.6. Search-based mappings
      14.3. SASL Proxy Authorization
            14.3.1. Uses of Proxy Authorization
            14.3.2. SASL Authorization Identities
            14.3.3. Proxy Authorization Rules

15. Using TLS
      15.1. TLS Certificates
            15.1.1. Server Certificates
            15.1.2. Client Certificates
      15.2. TLS Configuration
            15.2.1. Server Configuration
            15.2.2. Client Configuration

16. Constructing a Distributed Directory Service
      16.1. Subordinate Knowledge Information
      16.2. Superior Knowledge Information
      16.3. The ManageDsaIT Control

17. Replication
      17.1. Replication Technology
            17.1.1. LDAP Sync Replication
      17.2. Deployment Alternatives
            17.2.1. Delta-syncrepl replication
            17.2.2. N-Way Multi-Master replication
            17.2.3. MirrorMode replication
            17.2.4. Syncrepl Proxy Mode
      17.3. Configuring the different replication types
            17.3.1. Syncrepl
            17.3.2. Delta-syncrepl
            17.3.3. N-Way Multi-Master
            17.3.4. MirrorMode
            17.3.5. Syncrepl Proxy

18. Maintenance
      18.1. Directory Backups
      18.2. Berkeley DB Logs
      18.3. Checkpointing
      18.4. Migration

19. Monitoring
      19.1. Monitor configuration via cn=config(5)
      19.2. Monitor configuration via slapd.conf(5)
      19.3. Accessing Monitoring Information
      19.4. Monitor Information
            19.4.1. Backends
            19.4.2. Connections
            19.4.3. Databases
            19.4.4. Listener
            19.4.5. Log
            19.4.6. Operations
            19.4.7. Overlays
            19.4.8. SASL
            19.4.9. Statistics
            19.4.10. Threads
            19.4.11. Time
            19.4.12. TLS
            19.4.13. Waiters

20. Tuning
      20.1. Performance Factors
            20.1.1. Memory
            20.1.2. Disks
            20.1.3. Network Topology
            20.1.4. Directory Layout Design
            20.1.5. Expected Usage
      20.2. Indexes
            20.2.1. Understanding how a search works
            20.2.2. What to index
            20.2.3. Presence indexing
      20.3. Logging
            20.3.1. What log level to use
            20.3.2. What to watch out for
            20.3.3. Improving throughput
      20.4. Caching
            20.4.1. Berkeley DB Cache
            20.4.2. slapd(8) Entry Cache (cachesize)
            20.4.3. IDL Cache (idlcachesize)
            20.4.4. slapd(8) Threads

21. Troubleshooting
      21.1. User or Software errors?
      21.2. Checklist
      21.3. OpenLDAP Bugs
      21.4. 3rd party software error
      21.5. How to contact the OpenLDAP Project
      21.6. How to present your problem
      21.7. Debugging slapd(8)
      21.8. Commercial Support

 

เหอะๆ แปลจบก็คง..เทพ LDAP แล้วหล่ะ

Comments

comments