Classnotes | LDAP01 | RecentChanges | Preferences The OpenLDAP Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and open source LDAP suite of applications and development tools. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenLDAP Suite and its related documentation.
At the core of OpenLDAP is the slapd daemon which provides the server interface to your LDAP directory. You can use it to provide a directory service of your very own. Your directory can contain pretty much anything you want to put in it. You can connect it to the global LDAP directory service, or run a service all by yourself. Some of slapd's more interesting features and capabilities include:
LDAPv3
slapd implements version 3 of Lightweight Directory Access Protocol. slapd supports LDAP over both IPv4 and IPv6.
Simple Authentication and Security Layer
slapd supports strong authentication services through the use of SASL. slapd's SASL implementation utilizes Cyrus SASL software which supports a number of mechanisms including DIGEST-MD5, EXTERNAL, and GSSAPI.
Transport Layer Security
slapd provides privacy and integrity protections through the use of TLS (or SSL). slapd's TLS implementation utilizes OpenSSL? software.
Topology control
slapd allows one to restrict access to the server based upon network topology. This feature utilizes TCP wrappers.
Access control
slapd provides a rich and powerful access control facility, allowing you to control access to the information in your database(s). You can control access to entries based on LDAP authorization information, IP address, domain name and other criteria. slapd supports both static and dynamic access control information.
Internationalization
slapd supports Unicode and language tags.
Choice of database backends
slapd comes with a variety of different database backends you can choose from. They include BDB, a high-performance transactional database backend; LDBM, a lightweight DBM based backend; SHELL, a backend interface to arbitrary shell scripts; and PASSWD, a simple backend interface to the passwd(5) file. BDB utilizes Sleepycat Berkeley DB. LDBM utilizes either Berkeley DB or GDBM.
Multiple database instances
slapd can be configured to serve multiple databases at the same time. This means that a single slapd server can respond to requests for many logically different portions of the LDAP tree, using the same or different database backends.
Generic modules API
If you require even more customization, slapd lets you write your own modules easily. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations. Because these two pieces communicate via a well-defined C API, you can write your own customized modules which extend slapd in numerous ways. Also, a number of programmable database modules are provided. These allow you to expose external data sources to slapd using popular programming languages (Perl, shell, SQL, and TCL).
Threads
slapd is threaded for high performance. A single multi-threaded slapd process handles all incoming requests using a pool of threads. This reduces the amount of system overhead required while providing high performance.
Replication
slapd can be configured to maintain replica copies of its database. This single-master/multiple-slave replication scheme is vital in high-volume environments where a single slapd just doesn't provide the necessary availability or reliability. slapd also includes experimental support for multi-master replication.
Configuration
slapd is highly configurable through a single configuration file which allows you to change just about everything you'd ever want to change. Configuration options have reasonable defaults, making your job much easier.
