Scenario
These concepts are easier to explain when working from an example, so imagine the IT department in a small organization called example.com has many Linux servers it needs to administer.
The company wants a simple, secure, centralized login scheme for all of the servers. It has decided to use the LDAP domain example.com for its LDAP database, in which one domain component (DC) will be example, and the other will be com. The database will have only one organizational unit simply called People, which is the LDAP default. Each person will have such attributes as a username (User ID or UID), password, Linux home directory, and login shell. The Fedora Linux server named Bigboy with the IP address 192.168.1.100 will act as the LDAP server containing the database. The Fedora Linux server named Smallfry will be used to test the system as the LDAP client and has the IP address 192.168.1.102. Server Bigboy has a special user account named ldapuser that will be used to test the LDAP logins.
Here is how all that is accomplished.
 |
