Linix-Unix LDAP Client Software The Operating System Environment implementation is client side only. That is, the client expects to see a properly configured LDAP server. You may need to perform particular modifications to the LDAP server configuration to support LDAP clients.

The specific pieces of software that comprise a typical LDAP client implementation are:

  • LDAP client
  • PAM module
  • nsswitch.conf ldap tag
  • LDAP libraries
  • LDAP tools

LDAP Client#

The LDAP Client is software which is run from the operating startup startup scripts in place of, or in addition to, ypbind. The client software is responsible for reading a configuration file that provides instructions on what LDAP server to connect to and what credentials to use for authentication.

Once the client is running, typically there is a cach daemon is responsible for updating the data from LDAP as required or configured.

Pluggable Authentication Modules#

Unix PAM#

The UNIX® PAM module on the Operating Environment typically work with data stored in an LDAP directory. When this module is used for user authentication, passwords are stored in crypt format on the directory server like they would in the NIS or NIS+ data stores. The authentication is then performed locally on the client system after the crypted password is retrieved.

PAM_LDAP Module#

The PAM LDAP module is typically available in the Operating Environment. This module uses authentication methods that may be available on the LDAP server, such as CRAMMD5. Instead of being performed locally, authentication takes place on the LDAP server.

Name Service Switch#

The Name Service Switch is enhanced to include the ldap tag as an option. LDAP can be used as the only naming service or as a supplemental one. The same rules for naming service searches apply.

LDAP libraries#

LDAP libraries are typically included with the Operating System so LDAP-enabled applications, such as the client LDAP tools. The libraries can also be used to create your own LDAP-enabled applications.

LDAP Tools#

The standard ldapmodify and ldapsearch commands are typically available in the native LDAP client package. To view data stored in a LDAP directory.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 20-Jan-2013 13:29 by jim