The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
- 23.4.1 About LDAP Data Interchange Format
- 23.4.2 Configuring an LDAP Server
- 23.4.3 Replacing the Default Certificates
- 23.4.4 Creating and Distributing Self-signed CA Certificates
- 23.4.5 Initializing an Organization in LDAP
- 23.4.6 Adding an Automount Map to LDAP
- 23.4.7 Adding a Group to LDAP
- 23.4.8 Adding a User to LDAP
- 23.4.9 Adding Users to a Group in LDAP
- 23.4.10 Enabling LDAP Authentication
The Lightweight Directory Access Protocol (LDAP) allows client systems to access information stored on LDAP servers over a network. An LDAP directory server stores information in a directory-based database that is optimized for searching and browsing, and which also supports simple functions for accessing and updating entries in the database.
Database entries are arranged in a hierarchical tree-like structure, where each directory can store information such as names, addresses, telephone numbers, network service information, printer information, and many other types of structured data. Systems can use LDAP for authentication, which allows users to access their accounts from any machine on a network.
The smallest unit of information in an LDAP directory is an entry,
which can have one or more attributes. Each attribute of an entry
has a name (also known as an attribute type
or attribute description) and one or more
values. Examples of types are domain
component (dc
), common
name (cn
), organizational unit
(ou
) and email address
(mail
). The objectClass
attribute allows you to specify whether an attribute is required
or optional. An objectClass
attribute's value
specifies the schema rules that an entry must obey.
A distinguished name (dn
)
uniquely identifies an entry in LDAP. The distinguished name
consists of the name of the entry (the relative
distinguished name or RDN) concatenated with the names
of its ancestor entries in the LDAP directory hierarchy. For
example, the distinguished name of a user with the RDN
uid=arc815
might be
uid=arc815,ou=staff,dc=mydom,dc=com
.
The following are examples of information stored in LDAP for a user:
# User arc815 dn: uid=arc815,ou=People,dc=mydom,dc=com cn: John Beck givenName: John sn: Beck uid: arc815 uidNumber: 5159 gidNumber: 626 homeDirectory: /nethome/arc815 loginShell: /bin/bash mail: johnb@mydom.com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}QYrFtKkqOrifgk8H4EYf68B0JxIIaLga
and for a group:
# Group employees dn: cn=employees,ou=Groups,dc=mydom,dc=com cn: employees gidNumber: 626 objectClass: top objectClass: posixGroup memberUid: arc815 memberUid: arc891