"The LDAP Guys."

LDAPCon 2009 Session

Unified Authentication Service in OpenLDAP - Chu

Submitted Materials

• Submitted slides

Abstract

Among their many uses, directories have long been used for authentication in computing systems. Indeed, some proprietary servers (Novell NDS/eDirectory, Microsoft ActiveDirectory) evolved originally from Network OS Registry duty. Despite having roots in the same technologies upon which these proprietary services are bult (e.g. OSF/DCE) the Linux / Open Source world hasn't had directory services tightly integrated into their OS infrastructure. The directory has always been held at arms-length, with various ill-fitting shims used to shoehorn directory access into the basic OS security mechanisms. Over the years various solutions have been implemented to leverage LDAP directories for authentication, but there has been little coordination of effort and usability has only come as an afterthought.

As computing models move towards cluster, cloud, and other large-scale designs, the need for scalable distributed OS security management continues to grow. This talk will cover the various mechanisms available in LDAP for POSIX account management, password policy management, mechanisms for distributed authentication including Kerberos and PKI, and current efforts underway in the OpenLDAP Project to unify these features, simplify their use, and enhance their reliability.

Bio

Howard Chu is the Chief Architect of OpenLDAP and CTO of Symas Corporation. Prior to founding Symas Corporation, Howard worked at the U. Michigan, JPL, Locus Computing, and platinum Technology in software development roles. Howard is a prolific contributor to the Open Source software community.