Php4, Ldap, And The Apache Http Server; Ldap Client Applications; Openldap Configuration Files - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

NSS allows applications to authenticate using LDAP in conjunction with the NIS name service and flat
authentication files.
The pam_ldap module allows PAM-aware applications to authenticate users using information stored
in an LDAP directory. PAM-aware applications include console login, POP and IMAP mail servers, and
Samba. By deploying an LDAP server on a network, all of these applications can authenticate using
the same user ID and password combination, greatly simplifying administration.
For more about configuring PAM, refer to
and the PAM man pages.

25.3.2. PHP4, LDAP, and the Apache HTTP Server

Red Hat Enterprise Linux includes a package containing an LDAP module for the PHP server-side
scripting language.
The php-ldap package adds LDAP support to the PHP4 HTML-embedded scripting language via the
/usr/lib/php4/ldap.so module. This module allows PHP4 scripts to access information stored in
an LDAP directory.
Red Hat Enterprise Linux ships with the mod_authz_ldap module for the Apache HTTP Server. This
module uses the short form of the distinguished name for a subject and the issuer of the client SSL
certificate to determine the distinguished name of the user within an LDAP directory. It is also capable
of authorizing users based on attributes of that user's LDAP directory entry, determining access to
assets based on the user and group privileges of the asset, and denying access for users with expired
passwords. The mod_ssl module is required when using the mod_authz_ldap module.
Important
The mod_authz_ldap module does not authenticate a user to an LDAP directory
using an encrypted password hash. This functionality is provided by the experimental
mod_auth_ldap module, which is not included with Red Hat Enterprise Linux. Refer to
the Apache Software Foundation website online at
the status of this module.

25.3.3. LDAP Client Applications

There are graphical LDAP clients available which support creating and modifying directories, but they
are not included with Red Hat Enterprise Linux. One such application is LDAP Browser/Editor — A
Java-based tool available online at http://www.iit.edu/~gawojar/ldap/.
Other LDAP clients access directories as read-only, using them to reference, but not alter,
organization-wide information. Some examples of such applications are Sendmail, Mozilla, Gnome
Meeting, and Evolution.

25.4. OpenLDAP Configuration Files

OpenLDAP configuration files are installed into the /etc/openldap/ directory. The following is a
brief list highlighting the most important directories and files:
• /etc/openldap/ldap.conf — This is the configuration file for all client applications which
use the OpenLDAP libraries such as ldapsearch, ldapadd, Sendmail, Evolution, and Gnome
Meeting.
PHP4, LDAP, and the Apache HTTP Server
Section 43.4, "Pluggable Authentication Modules (PAM)"
http://www.apache.org/
for details on
407