Deploying and Maintaining an Enterprise OpenLDAP Directory
Date: Wednesday, July 28
Time: 8:00pm - 9:00pm
Moderated by: John Woodell, WORLDPAC
I have had the opportunity to deploy LDAP directories and consistent sign-on to small startups where very little infrastructure was in place, and management embraced open software. The technical and idealogical barriers are much larger
when deploying these same concepts within a large corporation, with existing data tied up in legacy systems, and management that is leery of 'free' software.
- Design an LDAP schema that extends the existing directories
- Register an OID and design your own LDAP schema for people, groups and locations that meets your needs, but also use existing LDAP attributes when appropriate so that other generic LDAP clients display the information you want to share.
- Install some tools to work with LDAP
- Tools like LDAP Browser and phpLDAPadmin will really help you, but perl-ldap, PHP and the command-line tools will do all the real work.
- Cleanup data from legacy systems then plan to populate them
- You may need to crawl and clean-up several data sources to add, update, deactivate and delete users and other data. You can take what you've learned from cleaning up legacy data, and build improved maintenance tools that now feeds the legacy systems.
- Make your new web-based directory clients highly visible
- You'll also find that making user information more accessible helps identify bad data, and users will embrace new capabilities. Support for your directory will be valuable when the time comes to populate legacy systems.
- This talk will illustrate how to deploy an Enterprise OpenLDAP directory using Perl and other open source tools. I will provide code examples of the many Perl scripts that help me maintain the directory using LDAP, SQL, CSV and even webcrawlers as data sources. I will also discuss some of the lessons I learned
about designing LDAP schema.
© 2004, O'Reilly Media, Inc.