"This article was much more difficult than I expected.
I initially began with an in-depth explanation of LDAP as a
protocol, but realized that the real goal here is to be able to
work with LDAP right now, not after reading 50 pages of abstract
So with that goal in mind, we're going to start working with
LDAP in a semi-real work environment. Specifically, we're going to
set up a basic LDAP directory to store Unix user accounts, along
with a script to pull those accounts to a Unix system -- that is
one of the things for which you can and should use LDAP. This will
also be useful to demonstrate that even if your version of Unix
can't authenticate directly off LDAP, you can still store your
users in LDAP and get all the benefits that come with that.
As mentioned in my previous article, LDAP was developed as a
method of consolidating access, authentication, and authorization
(AAA, or Triple-A) information. By itself, this is useful, because
you are maintaining all of the information in one place rather than
many. However, you could have accomplished the same thing using any
old database. What makes LDAP especially suited to store your AAA
information is that all LDAP operations take place within the
context of the AAA information, rather than forcing the application
to supply or interpret the context. Operations fail or succeed with
no need for the application to understand the rules involved."