Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services by Matt Butcher is an extraordinarily well written book. The preface states it’s focus succinctly:
The goal of this book is to prepare a system administrator or software developer for building a directory using OpenLDAP, and then employing this directory in the context of the network. To that end, this book will take a practical approach, emphasizing how to get things done. On occasion, we will delve into theoretical aspects of LDAP, but such discussions will only occur where understanding the theory helps us answer practical questions.
LDAP, the Lightweight Directory Access Protocol, is a set of Internet standards for communications and operations with and between directory servers. Directory servers play a key role in modern Information Technology infrastructures, being the repositories of choice for the identity management systems used to authenticate and authorize user access to enterprise applications. OpenLDAP is an open source implementation of a general purpose directory server that is both high performance and LDAP standards compliant.
There have not been many books devoted to things LDAP in general, or OpenLDAP in particular. Of course there haven’t been many focused on DNS (the Domain Name System on which our ability to find anything at all on the Internet depends) either. Fortunately for all of us who manage Internet connected systems, that one book on DNS is one of those rare technical books that succeeds in being a textbook on an engineering theory, but also a practical manual on how to implement it using the open source BIND server.
Mastering OpenLDAP is just that kind of book. Along with some of the best illustrations of the theory and practice of LDAP directory management, it contains a wealth of detailed information on the servers, clients and utilities that make up the OpenLDAP suite of software. The examples provided of different configurations are not only detailed, they also methodically build upon each other in a way that really illuminates various concepts far better than I think has been done before.
For an idea of what is covered in 467 pages of text and illustrations, including a very useful index, all you have to do is look at the table of contents:
- Directory Servers and LDAP
- Installation and Configuration
- Using OpenLDAP
- Securing OpenLDAP
- Advanced Configuration
- LDAP Schema
- Multiple Directories
- LDAP and the Web
The appendices in this volume are also worthy of mention: “Building OpenLDAP from Source”, “LDAP URLs”, and “Useful LDAP Commands” — the last deftly handling one of my favorite pastimes, “Rebuilding a Database (BDB, HDB)”.
Over the years, as Internet technologies have become both more complex and more diverse, technical books have had a hard time keeping up with the needs of their readers. Few books provide the detail really needed to help their readers “get the job done”. Many that do become obsolete within months of publication, if they were not already so when published.
The difference with this book is the author’s successful organizing and synthesis of the massive amount of information that exists out there on OpenLDAP. Particularly in the documentation and mail list archives published by the OpenLDAP Project. The real genius of the author is in his ability to anticipate and tie together concepts, processes and procedures that usually wind up hopelessly lost in those other sources. Throughout, although the book covers alot of ground, it remains clearly focused on the task at hand as set forth in it’s Preface.
The only criticism I can find to make is that the book lacks a bibliography, which would be a useful addition to the resources presented in various places in the text.
This book would be an excellent textbook for use by students learning Internet technologies. It would also make a terrific technical manual for system administrators or developers involved in deploying or maintaining systems and applications that use directory services. Finally, this is the one essential book that all directory administrators should have on their own personal bookshelf.