OpenLDAP Directory Services

About This Course

The class provides detailed, hands-on instruction in configuration, deployment, and management of OpenLDAP directory services, integration with LDAP-enabled applications. Detailed coverage of OpenLDAP access-control mechansisms and schema customization is provided, depending on interest. Application-development concepts and programming interfaces (in several languages) can be covered, depending on interest.

Who Should Attend

Systems administrators that manage OpenLDAP directory services, are planning or in the process of implementing them.

Learning Objectives

  1. Install & configure OpenLDAP
  2. Learn how to set up and manage OpenLDAP directory servers in a variety of scenarios
  3. Learn LDAP integration features of key LDAP-enabled applications and how to employ them
  4. Gain detailed understanding of OpenLDAP access-control mechanisms and how to selectively restrict access to directory information
  5. Learn to deploy replicated and delegated, and, optionally, highly-available directory services
  6. Learn OpenLDAP performance tuning and debugging techniques
  7. Optionally, learn LDAP application-programming interfaces


Linux / Unix systems administration

Course Duration

One (2) day, 9 am - 5 pm

Course Dates

This course is offered based on demand. Check the calendar for updates. Call (734) 761-4689 to schedule a class. Course will be held with a minimum of four (4) students. For the optimal class experience, class size should not exceed eight (8) students.

Course Price

$1,495.00 per person (10% discount for non-profit organizations and governmental or educational institutions)

Course Instructors

Matt Benjamin

Sample Course Outline

A. Overview
B. LDAP/X.500 basics
    1. Distinctive properties
    2. Some conventions
C. LDAP on Linux
    1. OpenLDAP client
    2. OpenLDAP server
    3. Managing users and groups
    4. Name Service Cache Daemon (NSCD)
D. LDAP user interfaces (Ldapbrowser Editor Java, and phpLdapADmin php, customized)
E. LDAP enabled applications (groups may pick two to three applications of the six offered below)
    1. Sendmail 8.11+ LDAP routing
    2. High-availability IMAP
    3. E-mail address books (Webmail, Outlook, etc.)
    4. Mail group management
    5. Apache LDAP Authentication
    6. Samba LDAP Integration
      1. Samba 3.0 AD Member Server and Idmap LDAP
      2. Samba 2.2+ Domain Controller and PDB LDAP
F. OpenLDAP Access Control Policies
    1. Basics
      1. Access Control List (ACL) Development
      2. Alternative Access-Control Mechanisms
        1. ACIs
        2. Other
G. OpenLDAP Supplied Schema and Schema Development
H. OpenLDAP Security
      1. SSL/TLS
      2. Kerberos V Integration
I. LDAP referrals (server hierarchies)
J. OpenLDAP Replication
    1. Slurpd (traditional push replication)
    2. Synrepl (newer selective pull replication)
K. Scaling OpenLDAP
    1. Database Backends (LDBM vs. BDB/HDB)
      1. BDB and BerkeleyDB Parameters and Tuning
      2. Proxy Cache
L. OpenLDAP in Highly-Available Configurations
M. Programming Interfaces (PHP, Java, C/C++ Optional)