Difference between revisions of "LPIC-3 300 Objectives V1"

Revision as of 05:18, 5 April 2013 (view source) GMatthewRice (Talk | contribs) ← Older edit		Revision as of 19:49, 10 April 2013 (view source) GMatthewRice (Talk | contribs) m (Oops!!!) Newer edit →
Line 1:		Line 1:
	__FORCETOC__		__FORCETOC__
	==Introduction==		==Introduction==
		+	Oops.  This file was truncated on upload.  It'll be reuploaded in the next day or so.  In the meanwhile, if you are preparing for a beta exam, also brush up on Samba 4, FreeIPA 3.2 and Kerberos 5.
	<br />		<br />

---

Revision as of 19:49, 10 April 2013

Introduction

Oops. This file was truncated on upload. It'll be reuploaded in the next day or so. In the meanwhile, if you are preparing for a beta exam, also brush up on Samba 4, FreeIPA 3.2 and Kerberos 5.

Version Information

These objectives are version 1.0.0rc1. Objective renumbering will need to be done.

Addenda

Version Update Addendum (Apr 1st, 2013)

• released version 1.0.0rc1.

Translations of Objectives

The following translations of the objectives are available on this wiki:

• English.
• Spanish.
• French

Objectives

Topic 301: Concepts, Architecture and Design

301.1 LDAP Concepts and Architecture

Weight	3
Description	Candidates should be familiar with LDAP and X.500 concepts

Key Knowledge Areas:

• LDAP and X.500 technical specification.
• Attribute definitions.
• Directory namespaces.
• Distinguished names.
• LDAP Data Interchange Format.
• Meta-directories.
• Changetype operations.

The following is a partial list of the used files, terms and utilities:

• LDIF
• Meta-directory
• changetype
• X.500
• /var/lib/ldap/*

301.2 Directory Design

Weight	2
Description	Candidates should be able to design an implement an LDAP directory, while planning an appropriate Directory Information Tree to avoid redundancy. Candidates should have an understanding of the types of data which are appropriate for storage in an LDAP directory.

Key Knowledge Areas:

• Define LDAP directory content.
• Organize directory.
• Planning appropriate Directory Information Trees.

The following is a partial list of the used files, terms and utilities:

• Class of Service
• Directory Information Tree
• Distinguished name
• Container

301.3 Schemas

Weight	2
Description	Candidates should be familiar with schema concepts, and the base schema files included with an OpenLDAP installation. Candidates should be able to build and maintain a whitepages service.

Key Knowledge Areas:

• LDAP schema concepts.
• Create and modify schemas.
• Attribute and object class syntax.
• Plan whitepages services.
• Configure whitepages services.

The following is a partial list of the used files, terms and utilities:

• Distributed schema
• Extended schema
• Object Identifiers
• /etc/ldap/schema/*
• Object class
• Attribute
• include directive

Topic 303: Configuration

303.3 LDAP Replication

Weight	4
Description	Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

• Replication concepts.
• Configure OpenLDAP replication.
• Analyze replication log files.
• Understand replica hubs.
• LDAP referrals.
• LDAP sync replication.

The following is a partial list of the used files, terms and utilities:

• master / slave server
• multi-master replication
• consumer
• replica hub
• one-shot mode
• referral
• syncrepl
• pull-based / push-based synchronization
• refreshOnly and refreshAndPersist
• replog

303.4 Securing the Directory

Weight	3
Description	Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

• Securing the directory with SSL and TLS.
• Firewall considerations.
• Unauthenticated access methods.
• User / password authentication methods.
• Maintanence of SASL user DB.
• Client / server certificates.

The following is a partial list of the used files, terms and utilities:

• SSL / TLS
• Security Strength Factors (SSF)
• SASL
• proxy authorization
• StartTLS
• iptables

303.5 LDAP Server Performance Tuning

Weight	2
Description	Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives

Key Knowledge Areas:

• Measure LDAP performance.
• Tune software configuration to increase performance.
• Understand indexes.

The following is a partial list of the used files, terms and utilities:

• index
• DB_CONFIG

Topic 305: Integration and Migration

305.1 LDAP Integration with PAM and NSS

Weight	1
Description	Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

• Configure PAM to use LDAP for authentication.
• Configure NSS to retrieve information from LDAP.
• Configure PAM modules in various Unix environments.

The following is a partial list of the used files, terms and utilities:

• PAM
• NSS
• /etc/pam.d/*
• /etc/nsswitch.conf

305.3 Integrating LDAP with Unix Services

Weight	1
Description	Candidates should be able to integrate LDAP authentication with a number of common Unix services.

Key Knowledge Areas:

• Integrate SSH with LDAP.
• Integrate FTP with LDAP.
• Integrate HTTP with LDAP.
• Integrate FreeRADIUS with LDAP.
• Integrate print services with LDAP.
• Integrate with Kerberos.
• Plan LDAP schema structure for email services.
• Create email attributes in LDAP.
• Integrate Postfix with LDAP.
• Integrate Sendmail with LDAP.

The following is a partial list of the used files, terms and utilities:

• sshd.conf
• ftp
• httpd.conf
• radiusd.conf
• cupsd.conf
• ldap.conf
• Postfix
• Sendmail
• schema
• SASL
• POP
• IMAP

305.5 Integrating LDAP with Active Directory and Kerberos

Weight	1
Description	Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

• Kerberos integration with LDAP.
• Cross platform authentication.
• Single sign-on concepts.
• Integration and compatibility limitations between OpenLDAP and Active Directory.

The following is a partial list of the used files, terms and utilities:

• Kerberos
• Active Directory
• single sign-on
• DNS