Although it spends a lot of time talking about OpenLDAP, the version is covers is outdated. I would also have hoped to find more information about how to choose which schema's. The email section does not mention the different attempts at standardizing a schema.

I am giving this 3 stars because it does a fair job of explaining basic LDAP structure. It does a fairly good job on administration of just LDAP but LDAP is usually used as a base upon which other applications rely upon.

If you are trying to integrate something with LDAP, as I was, then this is not the book for that. Also, this book is a little dated as it does not cover openLDAP 2.4. SLURPD is no longer used for replication in the latest openLDAP 2.4 releases...

The author does make an attempt at application integration but does an extremely poor job of it. For example, on the topic of Replacing NIS there is absolutely no mention of NSCD (Name Server Caching Daemon) which is included on every major Linux distribution. If you are integrating Samba with openLDAP, then it's crucial that you understand how NSCD works as it can cause Samba to break yet all the Linux tool-sets continue working.

If you have this book, then on page 113, the author talks about optimizing nss_ldap searches which is good. But later in the book on page 168 on the topic of Samba integration, there is no mention of the fact that you may, and most likely, need to revisit the contents of page 113 again. Samba and associated tools, by default, create a Computers container to hold computer accounts. If you implemented the searches as described on page-113 alone, you find you can not join workstations to a samba domain unless you also include a line that reads:

nss_base_passwd ou=computers,dc=plainjoe,dc=org?one

I sense that some attention to detail is lost considering the 2nd half of the book is on application integration and things like I just explained are left out. I suppose one could argue that you should have learned this after reading page 113 but it would have saved me some time if it was mentioned...

I would recommend this book as a companion to other openLDAP books that do a better job of covering application integration. I give this 3 stars because the Active Directory coverage and reference seems pretty good and the coverage of .conf file settings seems good.

I'm happy with this book. It's a little out of date and the details are getting a bit, shall we say, "off". However, it is a much better set of documentation that rummaging through the RFCs and paltry OpenLDAP README content :)

This book is written a while ago and it definitely needs update. It frequently refers to RFCs and states "blah blah is not yet accepted as standard" but probably it is accepted as one by now.

The organization of this book is a little chaotic. When I read it from the chapter 1, introduction, it was still not clear what I was getting into. After reading it all, I still think the introduction was not very helpful. I don't think reading this book from cover to cover all through would help a lot.

Nonetheless, after reading through this book with actual practice (installing OpenLDAP and running the examples as the book illustrated), I got good grasp of the concepts of LDAP and understanding how it works.

I like its practical examples and connection to other applications.

In conclusion, I feel I spent my money well on this book.

This book borders on being useless for an administrator new to ldap. For instance on page 5 (CHAPTER 1 "Now where did I put that...?", or "What is a directory?")there is a heading "What is LDAP" and then it goes into the RFC's. Then on page 11 (CHAPTER 2 LDAPv3 Overview) thru page 30 he talks more about RFC's and Object Identifiers and authentication. Anyway by page 30 I gave up on the nonsesne and I went back to my SUSE Linux 9 Bible. Do you know what that book says what LDAP is? Well, on page 501 , "...LDAP describes organization of data, access to the data, and the protocol used to talk to an LDAP server." So in the SUSE book it gives an answer in 19 words that Gerald Carter could not do in 28 pages!

One really good thing about this book is that on page 23 he admits to using other documents and you really should too! In particular go to Sun Microsystems and "Search the site for "LDAP schema reference" to locate the most recent versions of the product documentation." In particular you
may want to search for iPlanet and get the the Administrator's Guide, Deployment Guide, Schema Reference. If you are running NT 4.0 you can also get the "Sun ONE Portal Server" which was called iPlanet Web Server before Sun got them.

If you are using SUSE Linux then I would recommend for you to use the openldap and install if from Yast and use the Linux Bible. It has only 17 pages but it will show you what ldap is, how to set up, test, insert data, and integrate ldap into Linux.



The bottom line is that this book is really good for wasting time and not achieving anything productive, but for implementing and using ldap in a working environment it is of no help.

This book borders on being useless for an administrator new to ldap. For instance on page 5 (CHAPTER 1 "Now where did I put that...?", or "What is a directory?")there is a heading "What is LDAP" and then it goes into the RFC's. Then on page 11 (CHAPTER 2 LDAPv3 Overview) thru page 30 he talks more about RFC's and Object Identifiers and authentication. Anyway by page 30 I gave up on the nonsesne and I went back to my SUSE Linux 9 Bible. Do you know what that book says what LDAP is? Well, on page 501 , "...LDAP describes organization of data, access to the data, and the protocol used to talk to an LDAP server." So in the SUSE book it gives an answer in 19 words that Gerald Carter could not do in 28 pages!

One really good thing about this book is that on page 23 he admits to using other documents and you really should too! In particular go to Sun Microsystems and "Search the site for "LDAP schema reference" to locate the most recent versions of the product documentation." In particular you
may want to search for iPlanet and get the the Administrator's Guide, Deployment Guide, Schema Reference. If you are running NT 4.0 you can also get the "Sun ONE Portal Server" which was called iPlanet Web Server before Sun got them.

If you are using SUSE Linux then I would recommend for you to use the openldap and install if from Yast and use the Linux Bible. It has only 17 pages but it will show you what ldap is, how to set up, test, insert data, and integrate ldap into Linux.



The bottom line is that this book is really good for wasting time and not achieving anything productive, but for implementing and using ldap in a working environment it is of no help.

Another great O'reilly book. O'reilly, IMHO are the best technical books.

This excellent book covers implementing and administering LDAP better than any I have seen. It's apparent to me that a great deal of thought has gone into key paragraphs. Despite some comments to the contrary, the organization is methodical and logical. Throughout the book there are references to other sources to further research related topics.

Chapter 1 LDAP is defined and you are pointed to the appropriate RFC's.

Chapter 2 is an overview of the LDAPv3 and explains very well the format of the LDIF directory data/structure files. Incidentally, I found that this book enhanced my understanding of Microsofts Active Directory which encompasses among other things LDAPv3.

Chapter 3 familiarizes you with the slapd.conf file and the example uses an SSHA hashed rootpw (an OpenSSL algorithm) and introduces you to the use of ACL's in this server config file.

Chapter 4 leads you through building a company white pages using the command line (which you certainly should know how to do even if you are a GUI fan); the chapter concludes with a brief list of GUI editors for the faint of heart.

Chapter 5 explains replicating to a backup LDAP server with slurpd, enhanced backups using generated LDIF files and distributing the directory to maximize network traffic efficiency. Additions, deletions and modifications to the database are illustrated. Searching is briefly, but concisely explained.

Chapter 6 begins Part II, application integration. The Pluggable Authentication module pam_ldap and it's configuration file, ldap.conf are discussed and there is a list of ldap.conf parameters with explanations. Replacing NIS with LDAP is covered in this chapter. Chapter 6 ends with a brief overview of security mechanisms in LDAPv3.

Chapter 7 presents LDAP as a directory storing email addresses and other contact information. Configuration examples for connection 4 popular email clients are included. Integration with 3 popular MTA's (postfix, sendmail and Exim) round out the chapter.

Chapter 8 introduces integration of network services other than authentication and email with LDAP. Among other things, DNS, printing and Samba LDAP integration are discussed.

Chapter 9 has a few valuable pointers in interoperability with other platforms, specifically Windows 2000 Active Directory. Digital certificates and Kerberos authentication on the Windows platform as relating to *nix are very briefly discussed.

Chapter 10, Net::LDAP and Perl gives a mainly informational overview of connecting, binding and searching and contains sample scripts using the Net::LDAP module. It also demonstrates adding, updating and deleting entries using Perl scripts instead of the LDIF methods earlier in the book. Note, however that this is not a book about programming; it is a book about LDAP Administration.

Lastly, this book does need an update. Some modules which were separate entities not so long ago are now symbolic links; for example:

/usr/local/sbin/slapacl -> slapd
/usr/local/sbin/slapadd -> slapd
/usr/local/sbin/slapauth -> slapd
/usr/local/sbin/slapcat -> slapd
/usr/local/sbin/slapd
/usr/local/sbin/slapdn -> slapd
/usr/local/sbin/slapindex -> slapd
/usr/local/sbin/slappasswd -> slapd
/usr/local/sbin/slaptest -> slapd
Even the best needs to be updated; and when it is I will be one of the first to purchase it.

LDAP protocol will very likely solve the complex problem of redundant authentication/authorization data spread across heterogenous networks. However, whether your users access resources through passwords or some other mechanism one thing stands out.

If your security database resides in one place, it must be secured and precautions taken that authentication data traversing the network cannot be sniffed or otherwise compromised. In general, most admins accomplish this by encryption using SSH/SSH2 or OpenSSH.

OpenSSH, in turn uses the encryption libraries of OpenSSL so it's a required dependency.

To summarize, IMHO: LDAP is only 1 part of the solution and this book covers it better than any other I have seen. No single reference will cover all the bases and like any well written book this one keeps the focus on the major subject of LDAP, but offers references to other related topics.

Above my workstation is a wooden shelf containing my most important references; this is one of them. I have found the following volumes very helpful and LDAP plays well with these technologies.

"LDAP System Administration" by Gerald Carter.

"SSH The Secure Shell, The Definitive Guide" by Daniel J. Barrett, Richard E. Silverman & Robert G. Byrnes.

"Network Security with OpenSSL" by John Viega, Matt Messier & Pravir Chandra.

"Kerberos: The Definitive Guide" by Jason Garman

These 4 volumes will help you both in securing your network and making it more productive and accessable to authorized users. These volumes complement each other.

If you need guidance for software development, you might try "Secure Programming Cookbook for C and C++" by John Viega and Matt Messier

Definitely Five stars - even though it does need updating.

This book fills a knowledge void and can make your life a lot easier. It can save you hours of Google searches, searching forums, pumping your friends for tips, trial and error, and grep'ing log files; this one deserves a slot in your special library.

This has to be the most dry O'Reilly's book I've read to date. It's a chore to get through the foundation in order to get to the substance. Don't read it while sleepy, unless you suffer insomnia.

I purchased this book to learn how to implement LDAP as a replacement for NIS on Solaris systems.

I bought this book hoping that it would explain how LDAP works. Basicaly this book tells you how to set up a server and let other tools use it as they see fit.

This book will be of little value to anyone that plans on writing applications to speak to an LDAP server.

I bought this book hoping that it would explain how LDAP works. Basicaly this book tells you how to set up a server and let other tools use it as they see fit.

This book will be of little value to anyone that plans on writing applications to speak to an LDAP server.

This book provides a good introduction to implementing OpenLDAP. I found the authors "jumped" tangentially around quite a bit topically, rather than following an idea from start to finish. It was a bit disconcerting following the examples and being interrupted with background material constantly. This may be an editorial problem, as usually backreferences to material are enclosed in callout boxes, while the topical flow continues.

I was surprised at the editing and presentation - it wasn't up to usual O'Reilly standards. I was disappointed with the lack of schema level information - part of what I wanted from the book was an understanding of merging multiple schemas to provide cross -client compatibility of directory service usage - i.e. how can LDAP provide services compatible with Mozilla, Eudora, Outlook etc. with common data storage.

All in all, I learned a lot from this book, but I am still needing more material to complete the project I am working on - I'll have to find better documentation on schema considerations. Worth the price, but in need of better editing and a new edition.

It covers LDAP installation and implementation (using OpenLDAP) for various services on UNIX platform, i.e. NIS, Email, Clients and Mail Transfer Agents (MTA), FTP and Web servers, Samba, FreeRadius, DNS, and Printer Management. A quick introduction on how to implement LDAP server for various services in your organisation.

It has one section on LDAP tool, Nett:LDAP using Perl. It touches on high level LDAP design and replication issues, not much on the design and lacking of LDAPv3 features such as DSML.

The book starts with a section on a brief introduction of LDAP before moving in LDAPv3 overview. OpenLDAP takes two chapters, then a section of chapters on Application Integration. Letting LDAP replace NIS, integrating with email, Unix and LDAP, LDAP interoperability and LDAP and Perl finish the chapters off. There are some appendixes that include some of the common Attributes and Objects also.

If you are using Windows and some LDAP application this book does not contain a lot of information for you specific to the OS, but is a great reference for LDAP overall. Most of the code examples rely on Unix understandings. The review of access and OpenLDAP applies directly to numerous systems in understanding how rights are applied.

Replication and referrals is a great topic that is covered well for the beginner. For someone wanting advanced architecture ideas and designs, this chapter does not go deep enough for you. But I enjoyed it still letting me review and pick up a few items I was unaware of.

LDAP administrators that are just starting out, or even ones that have been doing LDAP for some time and need to secure or expand the directory infrastructure could benefit from this book.

This book is an awesome reference for someone interested in SYSTEM ADMINISTRATION (hence the title.) If you are a newbie looking for broader, philosophical reasoning or basic directory theory, this is NOT the book for you. If you know why you want a directory and understand the basics, then this book will definitely meet your needs. I was especially pleased with the no-nonsense approach, that got me up and running with a replicated directory, including referrals and references, by page 90. Excellent recommendations with enough detail to get the job done, along with great references to other resources and tools. The only thing that was lacking was the Samba integration chapter, which is 2.2 based, probably due to the book's age. While there are other resources out there, a second edition would still be nice.

This book is probably the best book I have ever read on OpenLDAP implimentation. The title is somewhat misleading in that it does not go into LDAP in general, including deep history, heavy schema development, etc.

However, it covers the down and dirty of implimenting OpenLDAP in detail. It covers:

-detailed slapd.conf configuration
-pam_ldap
-nss specific and pam specific configuration parameters in ldap.conf
-DNS implimentation with LDAP
-conversion tools

This book is an excellent guide on actually putting LDAP to work, including design, configuration and implimentation.

This book is NOT designed for people looking to impliment other LDAP software (iPlanet, etc). This book does not cover in depth enterprise level roll-out, research, and user feedback.

But if you want a great book that covers configuration and usage of OpenLDAP and Linux..this IS the book for you.

First of all, be advised that this book only covers OpenLDAP. Although this was exactly what I was using, it makes more sense for the book to be retitled so as not to set the wrong expectations. Now, I'll talk about what this book does well.

The book does an adequate job of explaining the whole installation process. It actually does miss the fact that when installing LDAP, you need to set two environment variables if your Berkeley DB location is non-standard. After a little searching, I found this on the web. Along these lines, it was good with explaining what your directory structure would look like after your install (which is helpful, as OpenLDAP blasts things all over the place) and how to start and stop the server. It also mentions various ways to set security levels and hashing techniques to make sure that your password is not stored in cleartext. So why only two stars?

The overall theme of this book is that it is extremely light on information. If you're the kind of person that likes a little handholding, do NOT get this book! On almost every topic, you'll be left saying, "Okay, where's the next example on this topic?", only to be left hanging. Creating custom schemas was covered in TWO pages (pgs 95-97)! There's no mention of integrating LDAP with the various app servers out there today (Java Servlet/Bean containers, PHP, ASP, etc.). None! Again, I had to search the web to find out how to do this. This led me to binding errors that, once again, the book did not address. Again (this will be a recurring theme), I found the answers on the net.

I hate to say it but there is nothing that this book provides that can not be found on the web very easily. It doesn't provide that golden nugget that you couldn't find anywhere else. Within a week, you'll have scrubbed it for all it's worth and will rely 100% on the web for info that the book should provide. Which brings up another point. It's annoying to spend nearly $30 on a book to constantly have the author tell you "For more information on this subject, look at reference..."). On two separate occasions I found myself saying, "Wait a minute! Why should I need another reference book for basic LDAP info? I thought I bought an LDAP book already!"

Trust me guys, this book is not worth buying at any price. I'm looking to sell mine now!

Excellent book for people without previous LDAP knowledge. In fact I bought 12 of them for my organization. This is a ractical guide for various components of LDAP. It covers most of the areas that LDAP will have impact. I agree with one review that the information is only true for OpenLDAP. It has a different story if you use Sun ONE LDAP or other LDAP servers.

Very thin. One of the most basic uses for LDAP is to setup an address/contacts book. The example in the book didn't even work and was thin on getting things like the postal address to work across multiple programs.

I managed to get my project done using web resources, magazine articles. No thanks to this book. After using the OpenLDAP site for help, I got a very weak address book going that held the minimum information. After launching the book into the corner of my office, I managed to get the full project done to 90% of where I want it to be.

He spends so much time pointing you to different RFCs, in essence, making you do all the work. The reference to where information comes from is great. Mention the RFCs but narrow the information down to help me solve problems.

I hope Oreilly can find an experienced author to re-write this book in a way that helps the people who fork over the money. I have tons of really good Oreilly books. This, however, is a poor poor poor book.

Great book!

If you use LDAP in a serious way and need to REALLY understand the inner workings, get this book.

It is clearly written, to the point, and very valuable!