Linix-Unix LDAP Client Software
The Operating System Environment implementation is client side only. That is, the client expects to see a properly configured LDAP server. You may need to perform particular modifications to the LDAP server configuration to support LDAP clients.
The specific pieces of software that comprise a typical LDAP client implementation are:
- LDAP client
- PAM module
- nsswitch.conf ldap tag
- LDAP libraries
- LDAP tools
The LDAP Client
is software which is run from the operating startup startup scripts in place of, or in addition to, ypbind. The client software is responsible for reading a configuration file that provides instructions on what LDAP server to connect to and what credentials to use for authentication.
Once the client is running, typically there is a cach daemon is responsible for updating the data from LDAP as required or configured.
The UNIX® PAM module on the Operating Environment typically work with data stored in an LDAP directory. When this module is used for user authentication, passwords are stored in crypt format on the directory server like they would in the NIS or NIS+ data stores. The authentication is then performed locally on the client system after the crypted password is retrieved.
The PAM LDAP module is typically available in the Operating Environment. This module uses authentication methods that may be available on the LDAP server, such as CRAMMD5. Instead of being performed locally, authentication takes place on the LDAP server.
The Name Service Switch is enhanced to include the ldap tag as an option. LDAP can be used as the only naming service or as a supplemental one. The same rules for naming service searches apply.
LDAP libraries are typically included with the Operating System so LDAP-enabled applications, such as the client LDAP tools. The libraries can also be used to create your own LDAP-enabled applications.
The standard ldapmodify and ldapsearch commands are typically available in the native LDAP client package. To view data stored in a LDAP directory.
There might be more information for this subject on one of the following: