Directory services for Linux

Directory services are a standard feature of any medium to large corporate network. If you’re unfamiliar with the concept of a directory, think of it like an address book for networks. Information on people (e.g., name, e-mail address) and systems (e.g., file shares, printers) is stored within the directory for access by applications. The role of a directory service is to make administering and navigating a large network much more manageable. Network-wide functions such as authentication, user databases and centralised file repositories can all be provided using a directory service.

Linux already has a strong reputation as an excellent file and Web server operating system. In this column, we take a look at some of the tools for providing directory services for a network on a Linux server.

OpenLDAP

The Lightweight Directory Access Protocol is a standard method for accessing directory services across applications and platforms. The protocol is very simple and operates on top of TCP/IP. Most modern communication applications which can take advantage of directory access include support for LDAP. Examples of these include e-mail clients such as Microsoft Outlook and Ximian Evolution.

OpenLDAP (www.openldap.org) is an open source implementation of LDAP v2 and v3 for Linux/UNIX. Included with OpenLDAP is a stand-alone server (slapd), a replication server (slurpd), and numerous utilities for interfacing with a LDAP server under Linux.

The information stored in an OpenLDAP database can be customised to your needs. You may just want to deploy an LDAP service to keep contact details for each member of staff in your company, or you may have a more exotic function in mind.

The OpenLDAP Administrators Guide (www.openldap.org/doc/admin21) provides a helpful and detailed introduction to installing and configuring OpenLDAP.

Samba 3.0 and Active Directory

Samba (www.samba.org), best known as a utility providing Windows file and printer sharing under Linux/UNIX, is also capable of providing some Windows directory services. Version 2.2 of Samba can act as a Windows NT Primary Domain Controller (PDC) to provide authentication services to Windows clients.

With the introduction of Windows 2000, Microsoft replaced Windows NT Domains with a more advanced directory system, Active Directory. Active Directory employs a hierarchical structure instead of the flat structure of Windows NT Domains. Security for the authentication services of Active Directory is provided by the Kerberos protocol. Active Directory also introduces support for lookups from LDAP-enabled applications.

Samba 3.0 (in beta at the time of writing) introduces support for authenticating against Active Directory servers and providing Active Directory server functions under Linux/UNIX. The introduction of Active Directory services within Samba has been a long time coming and will please system administrators currently maintaining both Active Directory and Windows NT Domains in a single environment. The combination of these two systems can cause administration headaches, and the migration to a single platform will solve many problems.

Enabling Active Directory support with Samba 3.0 requires the MIT Kerberos tools (http://web.mit.edu/kerberos/www/) for authentication and OpenLDAP to communicate with Active Directory servers/clients using LDAP. Enabling Active Directory support is a simple compile time configuration option and requires an entry in the smb.conf configuration file similar to the following:

realm = EXAMPLE.COM
ads server = 192.168.1.100
security = ADS
encrypt passwords = yesKerberos must be configured to authenticate with Active Directory. Update krb5.conf to include the following:

[realms]
EXAMPLE.COM = {
kdc = 192.168.1.100
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

To authenticate with an Active Directory server, type the following in a shell:

$ /usr/kerberos/bin/kinit user@EXAMPLE.COM

If authentication is successful, you will be prompted for a password and then returned to a shell prompt. If the user you connected as has Administrator privileges on the Active Directory server, you can add your Linux server to the Active Directory by typing:

$ /usr/local/samba/bin/net ads join

To navigate the Active Directory, use the ‘smbclient’ command followed by a Windows share name. As you are authenticated in the Active Directory now, you should be able to view the share without a password.

Other directory services

IBM has recently released version 5.1 of IBM Directory Server (www-3.ibm.com/software/tivoli/products/directory-server/) product for Linux.

IBM Directory Server is based on the DB2 database server and implements LDAP v3 services with advanced features such as replication and Kerberos authentication. IBM Directory Server can be downloaded free of charge from www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

LinuxWorld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?