Michael Oberg - Freiberuflicher EDV-Berater und Software-Entwickler
Frame Version


LDAP

The main part of myLinux servers is openLDAP. This listing service includes the following tasks:

address book

  • automatically produced entries for all system clients
  • external contacts

Each Mailclient with LDAP support (for example Microsoft Outlook, Outlook express, Lotus Notes, Netscape measuringclose, Eudora, Pegasus, KMail, Ximian evolution...) can use at least the email addresses stored in LDAP and for name/first name look for, probably also further data query (telephone numbers, addresses etc., up to linking of entries like "managers" and "coworkers").
The LDAP system for Microsoft Outlook was optimized (see schemas).

Download of directory contents is possible in an addition as a HTML table and/or a Microsoft Excel Sheet over CGI script (ldap2html.pl).
This can be also used for a "Web a Query" action by Microsoft Excel or Microsoft ACCESS.

Authentification

  • UNIX (ssh, CSU, login over pam_ldap)
  • Sending mails (sendmail over pam_ldap)
  • Receiving mails (Cyrus IMAPD over SASLAuthD/PAM/pam_ldap)
  • Web services (Apache over mod_auth_pam)
  • Windows Domain Logons/Windows file services (Samba with own password entry in LDAP, synchronizes with the used entry of other services by using a Script of myLinux user manager)

Access Rights

  • Affiliation to UNIX groups (by nss_ldap)
  • By using of these groups in Web services (Apache over mod_auth_pam/mod_auth_sys_group)

Email Configuration

  • Allocation email aliases to clients
  • Different Domains with virtual clients
  • Different Mailserver (cluster)

see also sendmail.

Dedicated Access to LDAP

Accesses are divided by default into three classes:

  • LDAP administrator, authentificated by registered password entry in /etc/openldap/slapd.conf - full access to all LDAP components
  • Members of LDAP Admin group own write access on LDAP groups (here LDAP Admins and DATA Maintain) and on UNIX groups, so they can assign through adding and/or removing members rights
  • group members of DATA Maintain own write access on all external contacts and are also able to delete these and/or add new ones. In addition they also own write access on all non-critical data of system users (telephone numbers, address etc..)

See also slapd.conf.

Administration of LDAP entries is possible by using the LDAP-Explorers.