Directory services for Linux

Directory services are a standard feature of any medium to large corporate network. If you’re unfamiliar with the concept of a directory, think of it like an address book for networks. Information on people (e.g., name, e-mail address) and systems (e.g., file shares, printers) is stored within the directory for access by applications. The role of a directory service is to make administering and navigating a large network much more manageable. Network-wide functions such as authentication, user databases and centralised file repositories can all be provided using a directory service.

Linux already has a strong reputation as an excellent file and Web server operating system. In this column, we take a look at some of the tools for providing directory services for a network on a Linux server.

OpenLDAP

The Lightweight Directory Access Protocol is a standard method for accessing directory services across applications and platforms. The protocol is very simple and operates on top of TCP/IP. Most modern communication applications which can take advantage of directory access include support for LDAP. Examples of these include e-mail clients such as Microsoft Outlook and Ximian Evolution.

OpenLDAP (www.openldap.org) is an open source implementation of LDAP v2 and v3 for Linux/UNIX. Included with OpenLDAP is a stand-alone server (slapd), a replication server (slurpd), and numerous utilities for interfacing with a LDAP server under Linux.

The information stored in an OpenLDAP database can be customised to your needs. You may just want to deploy an LDAP service to keep contact details for each member of staff in your company, or you may have a more exotic function in mind.

The OpenLDAP Administrators Guide (www.openldap.org/doc/admin21) provides a helpful and detailed introduction to installing and configuring OpenLDAP.

Samba 3.0 and Active Directory

Samba (www.samba.org), best known as a utility providing Windows file and printer sharing under Linux/UNIX, is also capable of providing some Windows directory services. Version 2.2 of Samba can act as a Windows NT Primary Domain Controller (PDC) to provide authentication services to Windows clients.

With the introduction of Windows 2000, Microsoft replaced Windows NT Domains with a more advanced directory system, Active Directory. Active Directory employs a hierarchical structure instead of the flat structure of Windows NT Domains. Security for the authentication services of Active Directory is provided by the Kerberos protocol. Active Directory also introduces support for lookups from LDAP-enabled applications.

Samba 3.0 (in beta at the time of writing) introduces support for authenticating against Active Directory servers and providing Active Directory server functions under Linux/UNIX. The introduction of Active Directory services within Samba has been a long time coming and will please system administrators currently maintaining both Active Directory and Windows NT Domains in a single environment. The combination of these two systems can cause administration headaches, and the migration to a single platform will solve many problems.

Enabling Active Directory support with Samba 3.0 requires the MIT Kerberos tools (http://web.mit.edu/kerberos/www/) for authentication and OpenLDAP to communicate with Active Directory servers/clients using LDAP. Enabling Active Directory support is a simple compile time configuration option and requires an entry in the smb.conf configuration file similar to the following:

realm = EXAMPLE.COM
ads server = 192.168.1.100
security = ADS
encrypt passwords = yesKerberos must be configured to authenticate with Active Directory. Update krb5.conf to include the following:

[realms]
EXAMPLE.COM = {
kdc = 192.168.1.100
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

To authenticate with an Active Directory server, type the following in a shell:

$ /usr/kerberos/bin/kinit user@EXAMPLE.COM

If authentication is successful, you will be prompted for a password and then returned to a shell prompt. If the user you connected as has Administrator privileges on the Active Directory server, you can add your Linux server to the Active Directory by typing:

$ /usr/local/samba/bin/net ads join

To navigate the Active Directory, use the ‘smbclient’ command followed by a Windows share name. As you are authenticated in the Active Directory now, you should be able to view the share without a password.

Other directory services

IBM has recently released version 5.1 of IBM Directory Server (www-3.ibm.com/software/tivoli/products/directory-server/) product for Linux.

IBM Directory Server is based on the DB2 database server and implements LDAP v3 services with advanced features such as replication and Kerberos authentication. IBM Directory Server can be downloaded free of charge from www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

LinuxWorld
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?