Red Hat ENTERPRISE LINUX 3 Reference Manual page 222

204
13.3.1. NSS, PAM, and LDAP
In addition to the OpenLDAP packages, Red Hat Enterprise Linux includes a package called
, which enhances LDAP's ability to integrate into both Linux and other UNIX
nss_ldap
environments.
The package provides the following modules:
nss_ldap
• /lib/libnss_ldap- glibc-version .so
• /lib/security/pam_ldap.so
The
libnss_ldap- glibc-version .so
hosts, and other information using an LDAP directory via glibc's Nameservice Switch (NSS) interface
(replace
glibc-version
to authenticate using LDAP in conjunction with the Network Information Service (NIS) name service
and flat authentication files.
The module allows PAM-aware applications to authenticate users using information stored
pam_ldap
in an LDAP directory. PAM-aware applications include console login, POP and IMAP mail servers,
and Samba. By deploying an LDAP server on a network, all of these applications can authenticate
using the same user ID and password combination, greatly simplifying administration.
13.3.2. PHP4, LDAP, and the Apache HTTP Server
Red Hat Enterprise Linux includes a package containing an LDAP module for the PHP server-side
scripting language.
The package adds LDAP support to the PHP4 HTML-embedded scripting language via the
php-ldap
/usr/lib/php4/ldap.so
in an LDAP directory.
Red Hat Enterprise Linux ships with the
This module uses the short form of the distinguished name for a subject and the issuer of the client
SSL certificate to determine the distinguished name of the user within an LDAP directory. It is also
capable of authorizing users based on attributes of that user's LDAP directory entry, determining
access to assets based on the user and group privileges of the asset, and denying access for users with
expired passwords. The
Important
The
mod_authz_ldap
password hash. This functionality is provided by the experimental
not included with Red Hat Enterprise Linux. Refer to the Apache Software Foundation website online
at http://www.apache.org/ for details on the status of this module.
13.3.3. LDAP Client Applications
There are graphical LDAP clients available which support creating and modifying directories, but they
are not included with Red Hat Enterprise Linux. One such application is LDAP Browser/Editor —
A Java-based tool available online at http://www.iit.edu/~gawojar/ldap/.
Most other LDAP clients access directories as read-only, using them to reference, but not alter,
organization-wide information. Some examples of such applications are Sendmail, Mozilla, Gnome
Meeting, and Evolution.
Chapter 13. Lightweight Directory Access Protocol (LDAP)
with the version of
module. This module allows PHP4 scripts to access information stored
mod_authz_ldap
module is required when using the
mod_ssl
module does not authenticate a user to an LDAP directory using an encrypted
module allows applications to look up users, groups,
libnss_ldap
module for the Apache HTTP Server.
in use). NSS allows applications
mod_authz_ldap
module, which is
mod_auth_ldap
module.