Directory services for Linux

Directory services are a standard feature of any medium to large corporate network. If you’re unfamiliar with the concept of a directory, think of it like an address book for networks. Information on people (e.g., name, e-mail address) and systems (e.g., file shares, printers) is stored within the directory for access by applications. The role of a directory service is to make administering and navigating a large network much more manageable. Network-wide functions such as authentication, user databases and centralised file repositories can all be provided using a directory service.

Linux already has a strong reputation as an excellent file and Web server operating system. In this column, we take a look at some of the tools for providing directory services for a network on a Linux server.

OpenLDAP

The Lightweight Directory Access Protocol is a standard method for accessing directory services across applications and platforms. The protocol is very simple and operates on top of TCP/IP. Most modern communication applications which can take advantage of directory access include support for LDAP. Examples of these include e-mail clients such as Microsoft Outlook and Ximian Evolution.

OpenLDAP (www.openldap.org) is an open source implementation of LDAP v2 and v3 for Linux/UNIX. Included with OpenLDAP is a stand-alone server (slapd), a replication server (slurpd), and numerous utilities for interfacing with a LDAP server under Linux.

The information stored in an OpenLDAP database can be customised to your needs. You may just want to deploy an LDAP service to keep contact details for each member of staff in your company, or you may have a more exotic function in mind.

The OpenLDAP Administrators Guide (www.openldap.org/doc/admin21) provides a helpful and detailed introduction to installing and configuring OpenLDAP.

Samba 3.0 and Active Directory

Samba (www.samba.org), best known as a utility providing Windows file and printer sharing under Linux/UNIX, is also capable of providing some Windows directory services. Version 2.2 of Samba can act as a Windows NT Primary Domain Controller (PDC) to provide authentication services to Windows clients.

With the introduction of Windows 2000, Microsoft replaced Windows NT Domains with a more advanced directory system, Active Directory. Active Directory employs a hierarchical structure instead of the flat structure of Windows NT Domains. Security for the authentication services of Active Directory is provided by the Kerberos protocol. Active Directory also introduces support for lookups from LDAP-enabled applications.

Samba 3.0 (in beta at the time of writing) introduces support for authenticating against Active Directory servers and providing Active Directory server functions under Linux/UNIX. The introduction of Active Directory services within Samba has been a long time coming and will please system administrators currently maintaining both Active Directory and Windows NT Domains in a single environment. The combination of these two systems can cause administration headaches, and the migration to a single platform will solve many problems.

Enabling Active Directory support with Samba 3.0 requires the MIT Kerberos tools (http://web.mit.edu/kerberos/www/) for authentication and OpenLDAP to communicate with Active Directory servers/clients using LDAP. Enabling Active Directory support is a simple compile time configuration option and requires an entry in the smb.conf configuration file similar to the following:

realm = EXAMPLE.COM
ads server = 192.168.1.100
security = ADS
encrypt passwords = yesKerberos must be configured to authenticate with Active Directory. Update krb5.conf to include the following:

[realms]
EXAMPLE.COM = {
kdc = 192.168.1.100
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

To authenticate with an Active Directory server, type the following in a shell:

$ /usr/kerberos/bin/kinit user@EXAMPLE.COM

If authentication is successful, you will be prompted for a password and then returned to a shell prompt. If the user you connected as has Administrator privileges on the Active Directory server, you can add your Linux server to the Active Directory by typing:

$ /usr/local/samba/bin/net ads join

To navigate the Active Directory, use the ‘smbclient’ command followed by a Windows share name. As you are authenticated in the Active Directory now, you should be able to view the share without a password.

Other directory services

IBM has recently released version 5.1 of IBM Directory Server (www-3.ibm.com/software/tivoli/products/directory-server/) product for Linux.

IBM Directory Server is based on the DB2 database server and implements LDAP v3 services with advanced features such as replication and Kerberos authentication. IBM Directory Server can be downloaded free of charge from www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

LinuxWorld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?