+91 (22) 2687 9402    training@unotechsoft.com

Open LDAP Administration and Development

The course uses OpenLDAP which is available on Linux, UNIX and Windows platforms and ApacheDS to illustrate one of the new generation of Open source LDAP implementations. The course makes extensive use of a platform independent LDAP browser to discover and interrogate LDAP implementations including Windows Active Directory. The course is offered with Linux (Fedora Core), FreeBSD or Windows as the platform for all exercises.

Duration : 40 hrs
Course Fee: 10,000

About The Course

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. The nitty-gritty details of LDAP are defined in RFC2251 "The Lightweight Directory Access Protocol (v3)" and other documents comprising the technical specification RFC3377. This section gives an overview of LDAP from a user's perspective.

What kind of information can be stored in the directory? The LDAP information model is based on entries. An entry is a collection of attributes that has a globally-unique Distinguished Name (DN). The DN is used to refer to the entry unambiguously. Each of the entry's attributes has a type and one or more values. The types are typically mnemonic strings, like "cn" for common name, or "mail" for email address. The syntax of values depend on the attribute type. For example, a cn attribute might contain the value Babs Jensen. A mail attribute might contain the value "babs@example.com". A jpegPhoto attribute would contain a photograph in the JPEG (binary) format.

How is the information arranged? In LDAP, directory entries are arranged in a hierarchical tree-like structure. Traditionally, this structure reflected the geographic and/or organizational boundaries. Entries representing countries appear at the top of the tree. Below them are entries representing states and national organizations. Below them might be entries representing organizational units, people, printers, documents, or just about anything else you can think of. Figure 1.1 shows an example LDAP directory tree using traditional naming.


Module 1: LDAP Theory Review

LDAP Object Tree Structure    

  • LDAP models defined (Information, Naming, Functional, Security)
  • LDAP Data Information Tree (DIT)
  • LDAP DIT root
  • LDAP Entries
  • LDAP object Classes
  • LDAP hierarchy (Parent, Child, Siblings)
  • LDAP attributes
  • 1 Notation
  • 1 examples
  • in LDAP
  • LDAP Search Filters
  • LDAP Utilities


  • LDIF and DSML Overview 
  • LDIF - Adding Entries
  • LDIF - Modifying Entries
  • LDIF - Deleting Entries

LDAP Features 

  • LDAP Referrals 
  • LDAP Replication 
  • LDAP Archive/Restore
  • LDAP Security Overview

Exercise: Initialise OpenLDAP
Exercise: LDAP Browser

Module 2: LDAP Extending the Information (Data) Model

DIT Design and Organization

  • Top Level Organization of DIT
  • Global Uniqueness or Not 
  • Multiple DITs
  • Future Flexibility
  • Flat architecture
  • Structural examples
  • Adding child entries
  • Extending existing entries
  • Use and function of groups

Attribute Characteristics

  • Deconstructing Attributes
  • Data content and format
  • Optional or Manadatory
  • Single or multiple instances
  • Names and aliases
  • Matching Rules
  • Designing and Adding Attributes

ObjectClass Characteristics

  • Deconstructing objectClasses
  • Collection of Attributes
  • Defines attribute properties
  • Structural, Auxiliary and Abstract
  • LDAP Schemas - packages of objectClasses and Attributes
  • Standard objectClasses
  • Designing and Adding objectClasses

LDAP Operational Attributes and Objects

  • LDAP subschema
  • LDAP collections
  • LDAP extensions
  • LDAP features
  • LDAP matchingrules
  • LDAP namingContexts

    Exercise: Browse LDAP subschemas (various)
    Exercise: Design and Code Attributes, ObjectClass and Schema
    Exercise: Add new attributes and objectClass to DIT using LDIF

Module 3: OpenLDAP Architecture

OpenLDAP – Backends

  • Backend – Overview
  • Backend – dbb
  • Backend – hdb
  • Backend - SQL
  • Backend - ldbm and bdb migration


  • Overlays – Overview
  • Overlay – Accesslog
  • Overlay – Auditlog
  • Overlay – Chain
  • Overlay - ppolicy (password)
  • Overlay - rwn (rewrite)

Exercise: Configure Acceslog overlay

LDAP Proxies

  • LDAP Proxies 
  • LDAP Proxies and Referrals
  • Backends - Meta/LDAP
  • Overlay – pcache
  • Overlay – translucent

Exercise: Configure LDAP Proxies

Module 4: Syncrepl Replication

Master – Slave

  • Replication - Producer or consumer
  • Replication - Push/Pull models
  • Replication - Full/Partial scope
  • Operational Attributes (entryUUID, contextCSN)
  • Update Phases (Present and Delete)
  • Overlay – syncprov
  • Delta Replication (accesslog)

Exercise: Master-slave partial DIT replication


  • Producer and Consumer (Server Identification)
  • Limits and Limitations 
  • Security Implications
  • Exercise: N-way Multi-Master configuration
  • Exercise: Add and test security policy

Module 5: OpenLDAP Operations

Real-time Configuration (cn=config)

  • conf and slapd.d
  • d conversion and restoration
  • backend config
  • d structure and repair

Exercise: Convert to cn=config
Exercise: restore slapd.conf
Exercise: Change indexes with cn=config

Monitoring (cn=monitor)

  • Real-time Monitor
  • Monitor – attributes

Exercise: Configure Monitor via cn=config
Exercise: Explore results

Module 6: Component Matching

Basic Syntax

Component Matching structure

  • Attribute OID Definition
  • Replacement Search Filters
  • Instance Search Filters
  • Compound Search Filters (and, or, not)
  • Filter Examples

Exercise: Write and test filters

Advanced Syntax

  • Attribute Properties
  • Referencing Attribute Properties
  • Advanced Filter Examples

Exercise: Write and test Filters

  • 509 Certificates Searching
  • 509 Structure
  • Accessing X.509 Attributes
  • 509 Filter Examples

Exercise: Write X.509 Filters
Exercise: Explore results

Module 7: Alternative LDAP Implementations


  • FedoraDS - genus, features and functions
  • OpenDS - genus, features and functions
  • ApacheDS - genus, features and functions
  • ApacheDS and Directory Studio

ApacheDS – Features

  • Configuration
  • Security
  • Replication
  • Directory Studio – features
  • Directory Studio - Attribute/Objectclass Definition

Exercise: Configure ApacheDS
Exercise: Directory Studio

Module 8: LDAP – Summary

  • LDAP trends 
  • LDAP Resources

Write us to know more about the course

Write us to know more about the course

  • +91 (22) 2687 9402
  • training@unotechsoft.com

Student Speaks