Sponsors
Introduction
Many centralized database programs have been developed to allow users to log in on multiple computers using a single password. NIS was one of the first, but it doesn't encrypt the password transaction. It also uses the portmapper daemon, which uses an unpredictable range of TCP ports that are difficult for firewalls to track. LDAP (Lightweight Directory Access Protocol) provides an alternative based on the X.500 standard.
The X.500 standard defines how globally referenced directories of people should be structured. X.500 directories are organized under a common root directory in a tree hierarchy with different levels for each category of information, such as country, state, city, organization, organizational unit, and person. Designed to provide a simpler yet robust implementation of X.500, LDAP was originally used as the backbone of Microsoft's Active Directory Service and Novell's Novell Directory Services (NDS) products. LDAP can also interact with other login programs, such as Remote Authentication Dial-in User Service (RADIUS), which the network equipment of many ISPs uses to manage dialup Internet access.
It was later recognized that LDAP had features that could make it a desirable replacement for NIS in some scenarios. For example, it uses a single TCP port (389) for regular communication and another port (636) for encrypted transactions. LDAP also can interact with many login authentication, authorization, and accounting programs external to Linux and UNIX.
This chapter will first show you how to install and use LDAP on Fedora Linux systems, then go on to explain how LDAP interacts with RADIUS.
The LDAP Directory Structure
Like X.500, LDAP directory entries are arranged in a tree structure. Under the root, there are branches that represent countries, organizations, organizational units, and people.
In complicated LDAP deployments, in which you have to exchange information with the LDAP databases of other companies, you may want to get a formal organization number from the Internet Assigned Numbers Authority (IANA) to reduce any data conflicts. In the chapter's example this won't be necessary. Because there will be no data sharing, I'll just make up one.
Scenario
These concepts are easier to explain when working from an example, so imagine the IT department in a small organization called example.com has many Linux servers it needs to administer.
........鎻掍歡瀹夎鐨勫洓縐嶆柟娉曪紙鍙傝冧簡緗戜笂鐨勬枃鎽橈級
1. “甯姪”錛?gt;“杞歡鏇存柊”錛?gt;“鏌ユ壘騫跺畨瑁?#8221;錛?gt;“鎼滅儲瑕佸畨瑁呯殑鏂板姛鑳介儴浠?#8221;錛?gt;“鏂板緩榪滅▼绔欑偣”錛堟縐嶆柟寮忕敤浜庡湪綰挎洿鏂幫級
2. “甯姪”錛?gt;“杞歡鏇存柊”錛?gt;“鏌ユ壘騫跺畨瑁?#8221;錛?gt;“鎼滅儲瑕佸畨瑁呯殑鏂板姛鑳介儴浠?#8221;錛?gt;“鏂板緩鏈湴绔欑偣”錛堝鏋滄彃浠跺凡緇忎笅杞藉埌浜嗘湰鍦幫紝璇蜂笉瑕佺敤絎竴縐嶆柟娉曪級
3. 鐩存帴鎷瘋礉plugins鍜宖eatures涓や釜鐩綍涓嬬殑鍐呭緗簬$Eclipse_Home$/瀵瑰簲鐨刾lugins鍜宖eatures涓嬮潰
4. 鐢╨ink澶栭摼鎺ヤ笌澶栭儴鎻掍歡鍏寵仈
鏈鑿滅殑錛屼竴鑸敤絎竴縐嶆柟娉曪紝鑰屽ぇ閮ㄥ垎鐢熸墜涓鑸夋嫨絎簩鎴栬呯涓夌鏂規硶錛岀敤寰椾範鎯殑涓鑸夋嫨鏈鍚庝竴縐嶆柟寮忋傛鍥涚被鏂規硶浼樺姡鍔垮姣斿涓嬶細
鍓嶄笁縐嶆柟娉曢兘浼氬皢鎻掍歡鏂囦歡鎷瘋礉鑷崇浉$Eclipse_Home$/瀵瑰簲鐨刾lugins鍜宖eatures鐩綍涓嬶紝浠庢湰璐ㄤ笂鐪嬶紝娌″澶у尯 鍒紝騫朵笖鎻掍歡鍙兘瀹夎鍜岀鐢紝涓嶈兘鍗歌澆錛堝綋鐒訛紝濡傛灉浣犲鎻掍歡瀵瑰簲鐨勭洰褰曞拰鏂囦歡閮藉緢鐔熸倝鐨勮瘽錛屽彲浠ラ氳繃鐩存帴鍒犻櫎鎷瘋繘鍘葷殑鏂囦歡鏉ヨ揪鍒板嵏杞芥彃浠剁殑鐩殑錛夛紝浣嗘柟娉?涓鍜屾柟娉曚簩鍦ㄥ畨瑁呮彃浠剁殑鏃跺欏緢瀹規槗鍑洪敊鎴栬呮槸浜х敓鍐茬獊錛岀壒鍒槸褰撲綘鐢ㄤ簡Myeclipse鎻掍歡銆佷腑鏂囧寘鐨勫悓鏃訛紝鍙堟兂瀹夎 HibernateSynchronizer銆丣ode Compiler錛圕lass鍙嶇紪璇戝伐鍏鳳級銆乂isual Editor絳夋彃浠舵椂錛屽強鏈夊彲鑳藉鑷?Myeclipse鎻掍歡鍜屼腑鏂囧寘澶辨晥銆?/font>
鎵浠ワ紝濡傛灉鎻掍歡宸茬粡涓嬭澆鍒頒簡鏈湴錛岃鐩存帴鎷瘋礉鑷?Eclipse_Home$/瀵瑰簲鐨刾lugins鍜宖eatures鐩綍涓嬶紝涔熷氨鏄敤鏂規硶涓夛紝榪欐牱鑳介伩鍏嶅啿紿併?/font>