Difference between revisions of "LPIC-301 Objectives V1"

From LPI Wiki
Jump to: navigation, search
m (305.1 LDAP Integration with PAM and NSS)
(Introduction)
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
__FORCETOC__
 
__FORCETOC__
 
==Introduction==
 
==Introduction==
 +
 +
The description of the entire [[LPIC-3]] program is listed [[LPIC-3|here]].
 +
 
Capacity planning is the art and science of not running out of resources in the foreseeable future. It's often done informally, by measuring the resources that a program needs, commonly after having just run out of something.
 
Capacity planning is the art and science of not running out of resources in the foreseeable future. It's often done informally, by measuring the resources that a program needs, commonly after having just run out of something.
  
If you make a table of how much CPU, memory and I/O bandwidth a program needs do do some unit of work, you can estimate how much it will need at some higher load in the future. Alternatively, you can use the measurements for sizing a new machine for the program, or for estimating how big a machine will be needed to consolidate your and other programs.
+
If you make a table of how much CPU, memory and I/O bandwidth a program needs to do some unit of work, you can estimate how much it will need at some higher load in the future. Alternatively, you can use the measurements for sizing a new machine for the program, or for estimating how big a machine will be needed to consolidate your and other programs.
  
 
Informal spreadsheet estimates are often sufficient for simple sizing and future planning, but they do not have any correctness guarantees and they don't tell you:
 
Informal spreadsheet estimates are often sufficient for simple sizing and future planning, but they do not have any correctness guarantees and they don't tell you:
  
* at what load the program will be overloaded, nor
+
* at what load the program will be overloaded, nor.
 
* how much the response time of the program will balloon under load.  
 
* how much the response time of the program will balloon under load.  
  
 
For that, you use one of the programs which solve the problem using queuing theory. There are commercial products which will do so on Linux, but at least one free queuing network solver exists, Perl::PDQ by Neil Gunther. These generate proper mathematical models, so you can predict the performance of the program under load, and calculate the drop-off in performance as the program becomes overloaded.
 
For that, you use one of the programs which solve the problem using queuing theory. There are commercial products which will do so on Linux, but at least one free queuing network solver exists, Perl::PDQ by Neil Gunther. These generate proper mathematical models, so you can predict the performance of the program under load, and calculate the drop-off in performance as the program becomes overloaded.
<br /><br />
+
 
 +
<br />
 +
 
 
==Version Information==
 
==Version Information==
These objectives are version 1.0.0.
+
 
<br /><br />
+
These objectives are version 1.0.1.
 +
 
 +
<br />
 +
 
 +
==Addenda==
 +
 
 +
===''Addendum (Apr 1st, 2010)''===
 +
 
 +
* clarified C++ to mean C in development
 +
 
 +
<br />
 +
 
 +
==Translations of Objectives==
 +
 
 +
The following translations of the objectives are available on this wiki:
 +
 
 +
* [[LPIC-301|English]].
 +
* [[LPIC-301(ES)|Spanish]].
 +
* [[LPIC-301(FR)|French]]
 +
 
 +
<br />
 +
 
 
==Objectives==
 
==Objectives==
 +
 
===''Topic 301: Concepts, Architecture and Design''===
 
===''Topic 301: Concepts, Architecture and Design''===
 +
 
====<span style="color:navy">301.1 LDAP Concepts and Architecture</span>====
 
====<span style="color:navy">301.1 LDAP Concepts and Architecture</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 3
 
| style="background:#eaeaea" | 3
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be familiar with LDAP and X.500 concepts  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be familiar with LDAP and X.500 concepts  
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* LDAP and X.500 technical specification
+
 
* Attribute definitions
+
* LDAP and X.500 technical specification.
* Directory namespaces
+
* Attribute definitions.
* Distinguished names
+
* Directory namespaces.
* LDAP Data Interchange Format
+
* Distinguished names.
* Meta-directories
+
* LDAP Data Interchange Format.
* Changetype operations  
+
* Meta-directories.
 +
* Changetype operations.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* LDIF
 
* LDIF
 
* Meta-directory
 
* Meta-directory
 
* changetype
 
* changetype
 
* X.500
 
* X.500
* /var/lib/ldap/*  
+
* /var/lib/ldap/*
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">301.2 Directory Design</span>====
 
====<span style="color:navy">301.2 Directory Design</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to design an implement an LDAP directory, while planning an appropriate Directory Information Tree to avoid redundancy. Candidates should have an understanding of the types of data which are appropriate for storage in an LDAP directory
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to design an implement an LDAP directory, while planning an appropriate Directory Information Tree to avoid redundancy. Candidates should have an understanding of the types of data which are appropriate for storage in an LDAP directory.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Define LDAP directory content
+
 
* Organize directory
+
* Define LDAP directory content.
* Planning appropriate Directory Information Trees  
+
* Organize directory.
 +
* Planning appropriate Directory Information Trees.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* Class of Service
 
* Class of Service
 
* Directory Information Tree
 
* Directory Information Tree
 
* Distinguished name
 
* Distinguished name
* Container  
+
* Container
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">301.3 Schemas</span>====
 
====<span style="color:navy">301.3 Schemas</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 3
 
| style="background:#eaeaea" | 3
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be familiar with schema concepts, and the base schema files included with an OpenLDAP installation  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be familiar with schema concepts, and the base schema files included with an OpenLDAP installation.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* LDAP schema concepts
+
 
* Create and modify schemas
+
* LDAP schema concepts.
* Attribute and object class syntax  
+
* Create and modify schemas.
 +
* Attribute and object class syntax.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
* Distributes schema
+
 
 +
* Distributed schema
 
* Extended schema
 
* Extended schema
 
* Object Identifiers
 
* Object Identifiers
Line 78: Line 152:
 
* Attribute
 
* Attribute
 
* include directive  
 
* include directive  
 +
 +
 
<br />
 
<br />
<br />
+
 
 
===''Topic 302: Installation and Development''===
 
===''Topic 302: Installation and Development''===
 +
 
====<span style="color:navy">302.1 Compiling and Installing OpenLDAP</span>====
 
====<span style="color:navy">302.1 Compiling and Installing OpenLDAP</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 3
 
| style="background:#eaeaea" | 3
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to compile and install OpenLDAP from source and from packages  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to compile and install OpenLDAP from source and from packages.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Compile and configure OpenLDAP from source
+
 
* Knowledge of OpenLDAP backend databases
+
* Compile and configure OpenLDAP from source.
* Manage OpenLDAP daemons
+
* Knowledge of OpenLDAP backend databases.
* Troubleshoot errors during installation  
+
* Manage OpenLDAP daemons.
 +
* Troubleshoot errors during installation .
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* make
 
* make
 
* gpg
 
* gpg
Line 101: Line 192:
 
* bdb
 
* bdb
 
* slapd
 
* slapd
* slurpd  
+
* slurpd
 +
 
<br />
 
<br />
====<span style="color:navy">302.2 Developing for LDAP with Perl/C++</span>====
+
 
 +
====<span style="color:navy">302.2 Developing for LDAP with Perl and C</span>====
 +
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to write basic Perl scripts to interact with an LDAP directory  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to write basic Perl scripts to interact with an LDAP directory.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Syntax of Perl's Net::LDAP module
+
 
* Write Perl scripts to bind, search, and modify directories  
+
* Syntax of Perl's Net::LDAP module.
 +
* Write Perl scripts to bind, search, and modify directories.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* Net::LDAP
 
* Net::LDAP
* Perl
+
* using Perl with Net::LDAP
* C++
+
* using C with libldap
<br />
+
 
 
<br />
 
<br />
 +
 
===''Topic 303: Configuration''===
 
===''Topic 303: Configuration''===
 +
 
====<span style="color:navy">303.1 placeholder</span>====
 
====<span style="color:navy">303.1 placeholder</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 0
 
| style="background:#eaeaea" | 0
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | This objective dropped due to JTA results  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
This objective dropped due to JTA results.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 
* N/A  
 
* N/A  
 +
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* N/A  
 
* N/A  
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">303.2 Access Control Lists in LDAP</span>====
 
====<span style="color:navy">303.2 Access Control Lists in LDAP</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to plan and implement access control lists  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to plan and implement access control lists.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Plan LDAP access control lists
+
 
* Grant and revoke LDAP access permissions
+
* Plan LDAP access control lists.
* Access control syntax  
+
* Grant and revoke LDAP access permissions.
 +
* Access control syntax.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* ACL
 
* ACL
 
* slapd.conf
 
* slapd.conf
Line 157: Line 296:
 
* search
 
* search
 
* read
 
* read
* write  
+
* write
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">303.3 LDAP Replication</span>====
 
====<span style="color:navy">303.3 LDAP Replication</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 5
 
| style="background:#eaeaea" | 5
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be familiar with the various replication strategies available with OpenLDAP
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be familiar with the various replication strategies available with OpenLDAP.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Replication concepts
+
 
* Configure OpenLDAP replication
+
* Replication concepts.
* Execute and manage slurpd
+
* Configure OpenLDAP replication.
* Analyze replication log files
+
* Execute and manage slurpd.
* Understand replica hubs
+
* Analyze replication log files.
* LDAP referrals
+
* Understand replica hubs.
* LDAP sync replication  
+
* LDAP referrals.
 +
* LDAP sync replication.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* slurpd
 
* slurpd
 
* slapd.conf
 
* slapd.conf
Line 186: Line 341:
 
* pull-based / push-based synchronization
 
* pull-based / push-based synchronization
 
* refreshOnly and refreshAndPersist
 
* refreshOnly and refreshAndPersist
* replog  
+
* replog
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">303.4 Securing the Directory</span>====
 
====<span style="color:navy">303.4 Securing the Directory</span>====
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 4
 
| style="background:#eaeaea" | 4
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Securing the directory with SSL and TLS
+
 
* Firewall considerations
+
* Securing the directory with SSL and TLS.
* Unauthenticated access methods
+
* Firewall considerations.
* User / password authentication methods
+
* Unauthenticated access methods.
* Maintanence of SASL user DB
+
* User / password authentication methods.
* Client / server certificates  
+
* Maintanence of SASL user DB.
 +
* Client / server certificates.
 +
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* SSL / TLS
 
* SSL / TLS
 
* Security Strength Factors (SSF)
 
* Security Strength Factors (SSF)
Line 210: Line 380:
 
* StartTLS
 
* StartTLS
 
* slapd.conf
 
* slapd.conf
* iptables  
+
* iptables
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">303.5 LDAP Server Performance Tuning</span>====
 
====<span style="color:navy">303.5 LDAP Server Performance Tuning</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives  
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Measure LDAP performance
+
 
* Tune software configuration to increase performance
+
* Measure LDAP performance.
* Understand indexes  
+
* Tune software configuration to increase performance.
 +
* Understand indexes.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* index
 
* index
 
* slapd.conf
 
* slapd.conf
* DB_CONFIG  
+
* DB_CONFIG
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">303.6 OpenLDAP Daemon Configuration</span>====
 
====<span style="color:navy">303.6 OpenLDAP Daemon Configuration</span>====
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should have knowledge of the common slapd.conf configuration directives, and be familiar with the basic slapd command line options
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should have knowledge of the common slapd.conf configuration directives, and be familiar with the basic slapd command line options.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* slapd.conf configuration directives
+
 
* slapd.conf database definitions
+
* slapd.conf configuration directives.
* slapd and its command line options
+
* slapd.conf database definitions.
* Analyze slapd log files  
+
* slapd and its command line options.
 +
* Analyze slapd log files.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* slapd.conf
 
* slapd.conf
 
* slapd
 
* slapd
 
* /var/lib/ldap/*
 
* /var/lib/ldap/*
* loglevel  
+
* loglevel
<br />
+
 
 
<br />
 
<br />
 +
 
===''Topic 304: Usage''===
 
===''Topic 304: Usage''===
 +
 
====<span style="color:navy">304.1 Searching the Directory</span>====
 
====<span style="color:navy">304.1 Searching the Directory</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to use advanced options for search the LDAP directory  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to use advanced options for search the LDAP directory.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Use OpenLDAP search tools with basic options
+
 
* Use OpenLDAP search tools with advanced options
+
* Use OpenLDAP search tools with basic options.
* Optimize LDAP search queries
+
* Use OpenLDAP search tools with advanced options.
* Knowledge of search filters and their syntax  
+
* Optimize LDAP search queries.
 +
* Knowledge of search filters and their syntax .
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* ldapsearch
 
* ldapsearch
 
* index
 
* index
 
* search filter syntax
 
* search filter syntax
* slapd.conf  
+
* slapd.conf
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">304.2 LDAP Command Line Tools</span>====
 
====<span style="color:navy">304.2 LDAP Command Line Tools</span>====
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be familiar with the OpenLDAP command line tools  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be familiar with the OpenLDAP command line tools.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Use the ldap* tools to access and modify the directory
+
 
* Use the slap* tools to access and modify the directory  
+
* Use the ldap* tools to access and modify the directory.
 +
* Use the slap* tools to access and modify the directory.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* ldap.conf
 
* ldap.conf
 
* ldapsearch
 
* ldapsearch
Line 290: Line 522:
 
* slapadd
 
* slapadd
 
* slapcat  
 
* slapcat  
 +
 
<br />
 
<br />
 
====<span style="color:navy">304.3 Whitepages</span>====
 
====<span style="color:navy">304.3 Whitepages</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to build and maintain a whitepages service  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to build and maintain a whitepages service.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Plan whitepages services
+
 
* Configure whitepages services
+
* Plan whitepages services.
* Configure clients to retrieve data from whitepages services  
+
* Configure whitepages services.
 +
* Configure clients to retrieve data from whitepages services.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* whitepages
 
* whitepages
 
* Outlook  
 
* Outlook  
 +
 
<br />
 
<br />
<br />
+
 
 
===''Topic 305: Integration and Migration''===
 
===''Topic 305: Integration and Migration''===
 +
 
====<span style="color:navy">305.1 LDAP Integration with PAM and NSS</span>====
 
====<span style="color:navy">305.1 LDAP Integration with PAM and NSS</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Configure PAM to use LDAP for authentication
+
 
* Configure NSS to retrieve information from LDAP
+
* Configure PAM to use LDAP for authentication.
* Configure PAM modules in various Unix environments  
+
* Configure NSS to retrieve information from LDAP.
 +
* Configure PAM modules in various Unix environments.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* PAM
 
* PAM
 
* NSS
 
* NSS
 
* /etc/pam.d/*
 
* /etc/pam.d/*
* /etc/nsswitch.conf  
+
* /etc/nsswitch.conf
 +
 
 
<br />
 
<br />
  
 
====<span style="color:navy">305.2 NIS to LDAP Migration</span>====
 
====<span style="color:navy">305.2 NIS to LDAP Migration</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to plan and implement a NIS migration strategy, including a NIS to LDAP gateway  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to plan and implement a NIS migration strategy, including a NIS to LDAP gateway.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Analyze NIS structure prior to migration to LDAP
+
 
* Analyze NIS structure prior to integration with LDAP
+
* Analyze NIS structure prior to migration to LDAP.
* Automate NIS to LDAP migration
+
* Analyze NIS structure prior to integration with LDAP.
* Create a NIS to LDAP gateway  
+
* Automate NIS to LDAP migration.
 +
* Create a NIS to LDAP gateway.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* NIS
 
* NIS
 
* NIS to LDAP gateway
 
* NIS to LDAP gateway
 
* slapd.conf
 
* slapd.conf
* /etc/yp/*  
+
* /etc/yp/*
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">305.3 Integrating LDAP with Unix Services</span>====
 
====<span style="color:navy">305.3 Integrating LDAP with Unix Services</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to integrate LDAP authentication with a number of common Unix services  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to integrate LDAP authentication with a number of common Unix services.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Integrate SSH with LDAP
+
 
* Integrate FTP with LDAP
+
* Integrate SSH with LDAP.
* Integrate HTTP with LDAP
+
* Integrate FTP with LDAP.
* Inegrate FreeRADIUS with LDAP
+
* Integrate HTTP with LDAP.
* Integrate print services with LDAP  
+
* Integrate FreeRADIUS with LDAP.
 +
* Integrate print services with LDAP.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* sshd.conf
 
* sshd.conf
 
* ftp
 
* ftp
Line 367: Line 661:
 
* radiusd.conf
 
* radiusd.conf
 
* cupsd.conf
 
* cupsd.conf
* ldap.conf  
+
* ldap.conf
 +
 
 
<br />
 
<br />
 +
 
====<span style="color:navy">305.4 Integrating LDAP with Samba</span>====
 
====<span style="color:navy">305.4 Integrating LDAP with Samba</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to integrate LDAP with Samba services  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to integrate LDAP with Samba services.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Migrate from smbpasswd to LDAP
+
 
* Understand OpenLDAP Samba schema
+
* Migrate from smbpasswd to LDAP.
* Understand LDAP as a Samba password backend  
+
* Understand OpenLDAP Samba schema.
 +
* Understand LDAP as a Samba password backend.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* smb.conf
 
* smb.conf
 
* smbpasswd
 
* smbpasswd
 
* samba3.schema
 
* samba3.schema
 
* slapd.conf  
 
* slapd.conf  
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">305.5 Integrating LDAP with Active Directory</span>====
 
====<span style="color:navy">305.5 Integrating LDAP with Active Directory</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to integrate LDAP with Active Directory Services  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to integrate LDAP with Active Directory Services.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Kerberos integration with LDAP
+
 
* Cross platform authentication
+
* Kerberos integration with LDAP.
* Single sign-on concepts
+
* Cross platform authentication.
* Integration and compatibility limitations between OpenLDAP and Active Directory  
+
* Single sign-on concepts.
 +
* Integration and compatibility limitations between OpenLDAP and Active Directory.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* Kerberos
 
* Kerberos
 
* Active Directory
 
* Active Directory
 
* single sign-on
 
* single sign-on
 
* DNS  
 
* DNS  
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">305.6 Integrating LDAP with Email Services</span>====
 
====<span style="color:navy">305.6 Integrating LDAP with Email Services</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to integrate LDAP with email services  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to integrate LDAP with email services.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Plan LDAP schema structure for email services
+
 
* Create email attributes in LDAP
+
* Plan LDAP schema structure for email services.
* Integrate Postfix with LDAP
+
* Create email attributes in LDAP.
* Integrate Sendmail with LDAP  
+
* Integrate Postfix with LDAP.
 +
* Integrate Sendmail with LDAP.
 +
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* Postfix
 
* Postfix
 
* Sendmail
 
* Sendmail
Line 426: Line 768:
 
* POP
 
* POP
 
* IMAP  
 
* IMAP  
 +
 
<br />
 
<br />
<br />
+
 
 
===''Topic 306: Capacity Planning''===
 
===''Topic 306: Capacity Planning''===
 +
 
====<span style="color:navy">306.1 Measure Resource Usage</span>====
 
====<span style="color:navy">306.1 Measure Resource Usage</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 4
 
| style="background:#eaeaea" | 4
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to measure hardware resource and network bandwidth usage  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to measure hardware resource and network bandwidth usage.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Measure CPU usage
+
 
* Measure memory usage
+
* Measure CPU usage.
* Measure disk I/O
+
* Measure memory usage.
* Measure network I/O
+
* Measure disk I/O.
* Measure firewalling and routing throughput
+
* Measure network I/O.
* Map client bandwidth usage  
+
* Measure firewalling and routing throughput.
 +
* Map client bandwidth usage.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* iostat
 
* iostat
 
* vmstat
 
* vmstat
Line 453: Line 811:
 
* uptime
 
* uptime
 
* sar  
 
* sar  
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">306.2 Troubleshoot Resource Problems</span>====
 
====<span style="color:navy">306.2 Troubleshoot Resource Problems</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 4
 
| style="background:#eaeaea" | 4
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to identify and troubleshoot resource problems  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to identify and troubleshoot resource problems.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Match / correlate system symptoms with likely problems
+
 
* Identify bottlenecks in a system  
+
* Match / correlate system symptoms with likely problems.
 +
* Identify bottlenecks in a system.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* swap
 
* swap
 
* processes blocked on I/O
 
* processes blocked on I/O
 
* blocks in
 
* blocks in
 
* blocks out  
 
* blocks out  
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">306.3 Analyze Demand</span>====
 
====<span style="color:navy">306.3 Analyze Demand</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to analyze capacity demands  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to analyze capacity demands.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Identify capacity demands
+
 
* Detail capacity needs of programs
+
* Identify capacity demands.
* Determine CPU / memory needs of programs
+
* Detail capacity needs of programs.
* Assemble program needs into a complete analysis  
+
* Determine CPU / memory needs of programs.
 +
* Assemble program needs into a complete analysis.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* PDQ
 
* PDQ
 
* CPU usage
 
* CPU usage
Line 494: Line 884:
 
* validate
 
* validate
 
* performance equation  
 
* performance equation  
 +
 
<br />
 
<br />
 +
 
====<span style="color:navy">306.4 Predict Future Resource Needs</span>====
 
====<span style="color:navy">306.4 Predict Future Resource Needs</span>====
 +
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 1
 
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to monitor resource usage to predict future resource needs  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to monitor resource usage to predict future resource needs.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Predict capacity break point of a configuration
+
 
* Observe growth rate of capacity usage
+
* Predict capacity break point of a configuration.
* Graph the trend of capacity usage  
+
* Observe growth rate of capacity usage.
 +
* Graph the trend of capacity usage.
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* diagnose
 
* diagnose
 
* predict growth
 
* predict growth
 
* average
 
* average
 
* resource exhaustion
 
* resource exhaustion

Latest revision as of 04:56, 3 May 2019

Introduction

The description of the entire LPIC-3 program is listed here.

Capacity planning is the art and science of not running out of resources in the foreseeable future. It's often done informally, by measuring the resources that a program needs, commonly after having just run out of something.

If you make a table of how much CPU, memory and I/O bandwidth a program needs to do some unit of work, you can estimate how much it will need at some higher load in the future. Alternatively, you can use the measurements for sizing a new machine for the program, or for estimating how big a machine will be needed to consolidate your and other programs.

Informal spreadsheet estimates are often sufficient for simple sizing and future planning, but they do not have any correctness guarantees and they don't tell you:

  • at what load the program will be overloaded, nor.
  • how much the response time of the program will balloon under load.

For that, you use one of the programs which solve the problem using queuing theory. There are commercial products which will do so on Linux, but at least one free queuing network solver exists, Perl::PDQ by Neil Gunther. These generate proper mathematical models, so you can predict the performance of the program under load, and calculate the drop-off in performance as the program becomes overloaded.


Version Information

These objectives are version 1.0.1.


Addenda

Addendum (Apr 1st, 2010)

  • clarified C++ to mean C in development


Translations of Objectives

The following translations of the objectives are available on this wiki:


Objectives

Topic 301: Concepts, Architecture and Design

301.1 LDAP Concepts and Architecture

Weight

3

Description

Candidates should be familiar with LDAP and X.500 concepts

Key Knowledge Areas:

  • LDAP and X.500 technical specification.
  • Attribute definitions.
  • Directory namespaces.
  • Distinguished names.
  • LDAP Data Interchange Format.
  • Meta-directories.
  • Changetype operations.

The following is a partial list of the used files, terms and utilities:

  • LDIF
  • Meta-directory
  • changetype
  • X.500
  • /var/lib/ldap/*


301.2 Directory Design

Weight

2

Description

Candidates should be able to design an implement an LDAP directory, while planning an appropriate Directory Information Tree to avoid redundancy. Candidates should have an understanding of the types of data which are appropriate for storage in an LDAP directory.

Key Knowledge Areas:

  • Define LDAP directory content.
  • Organize directory.
  • Planning appropriate Directory Information Trees.

The following is a partial list of the used files, terms and utilities:

  • Class of Service
  • Directory Information Tree
  • Distinguished name
  • Container


301.3 Schemas

Weight

3

Description

Candidates should be familiar with schema concepts, and the base schema files included with an OpenLDAP installation.

Key Knowledge Areas:

  • LDAP schema concepts.
  • Create and modify schemas.
  • Attribute and object class syntax.

The following is a partial list of the used files, terms and utilities:

  • Distributed schema
  • Extended schema
  • Object Identifiers
  • /etc/ldap/schema/*
  • Object class
  • Attribute
  • include directive



Topic 302: Installation and Development

302.1 Compiling and Installing OpenLDAP

Weight

3

Description

Candidates should be able to compile and install OpenLDAP from source and from packages.

Key Knowledge Areas:

  • Compile and configure OpenLDAP from source.
  • Knowledge of OpenLDAP backend databases.
  • Manage OpenLDAP daemons.
  • Troubleshoot errors during installation .

The following is a partial list of the used files, terms and utilities:

  • make
  • gpg
  • rpm
  • dpkg
  • bdb
  • slapd
  • slurpd


302.2 Developing for LDAP with Perl and C

Weight

1

Description

Candidates should be able to write basic Perl scripts to interact with an LDAP directory.

Key Knowledge Areas:

  • Syntax of Perl's Net::LDAP module.
  • Write Perl scripts to bind, search, and modify directories.

The following is a partial list of the used files, terms and utilities:

  • Net::LDAP
  • using Perl with Net::LDAP
  • using C with libldap


Topic 303: Configuration

303.1 placeholder

Weight

0

Description

This objective dropped due to JTA results.

Key Knowledge Areas:

  • N/A

The following is a partial list of the used files, terms and utilities:

  • N/A


303.2 Access Control Lists in LDAP

Weight

2

Description

Candidates should be able to plan and implement access control lists.

Key Knowledge Areas:

  • Plan LDAP access control lists.
  • Grant and revoke LDAP access permissions.
  • Access control syntax.

The following is a partial list of the used files, terms and utilities:

  • ACL
  • slapd.conf
  • anonymous
  • users
  • self
  • none
  • auth
  • compare
  • search
  • read
  • write


303.3 LDAP Replication

Weight

5

Description

Candidates should be familiar with the various replication strategies available with OpenLDAP.

Key Knowledge Areas:

  • Replication concepts.
  • Configure OpenLDAP replication.
  • Execute and manage slurpd.
  • Analyze replication log files.
  • Understand replica hubs.
  • LDAP referrals.
  • LDAP sync replication.

The following is a partial list of the used files, terms and utilities:

  • slurpd
  • slapd.conf
  • master / slave server
  • consumer
  • replica hub
  • one-shot mode
  • referral
  • syncrepl
  • pull-based / push-based synchronization
  • refreshOnly and refreshAndPersist
  • replog


303.4 Securing the Directory

Weight

4

Description

Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

  • Securing the directory with SSL and TLS.
  • Firewall considerations.
  • Unauthenticated access methods.
  • User / password authentication methods.
  • Maintanence of SASL user DB.
  • Client / server certificates.

The following is a partial list of the used files, terms and utilities:

  • SSL / TLS
  • Security Strength Factors (SSF)
  • SASL
  • proxy authorization
  • StartTLS
  • slapd.conf
  • iptables


303.5 LDAP Server Performance Tuning

Weight

2

Description

Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives

Key Knowledge Areas:

  • Measure LDAP performance.
  • Tune software configuration to increase performance.
  • Understand indexes.

The following is a partial list of the used files, terms and utilities:

  • index
  • slapd.conf
  • DB_CONFIG


303.6 OpenLDAP Daemon Configuration

Weight

2

Description

Candidates should have knowledge of the common slapd.conf configuration directives, and be familiar with the basic slapd command line options.

Key Knowledge Areas:

  • slapd.conf configuration directives.
  • slapd.conf database definitions.
  • slapd and its command line options.
  • Analyze slapd log files.

The following is a partial list of the used files, terms and utilities:

  • slapd.conf
  • slapd
  • /var/lib/ldap/*
  • loglevel


Topic 304: Usage

304.1 Searching the Directory

Weight

2

Description

Candidates should be able to use advanced options for search the LDAP directory.

Key Knowledge Areas:

  • Use OpenLDAP search tools with basic options.
  • Use OpenLDAP search tools with advanced options.
  • Optimize LDAP search queries.
  • Knowledge of search filters and their syntax .

The following is a partial list of the used files, terms and utilities:

  • ldapsearch
  • index
  • search filter syntax
  • slapd.conf


304.2 LDAP Command Line Tools

Weight

1

Description

Candidates should be familiar with the OpenLDAP command line tools.

Key Knowledge Areas:

  • Use the ldap* tools to access and modify the directory.
  • Use the slap* tools to access and modify the directory.

The following is a partial list of the used files, terms and utilities:

  • ldap.conf
  • ldapsearch
  • ldapadd
  • ldapmodify
  • ldapdelete
  • ldapmodrdn
  • slapindex
  • slapadd
  • slapcat


304.3 Whitepages

Weight

1

Description

Candidates should be able to build and maintain a whitepages service.

Key Knowledge Areas:

  • Plan whitepages services.
  • Configure whitepages services.
  • Configure clients to retrieve data from whitepages services.

The following is a partial list of the used files, terms and utilities:

  • whitepages
  • Outlook


Topic 305: Integration and Migration

305.1 LDAP Integration with PAM and NSS

Weight

2

Description

Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

  • Configure PAM to use LDAP for authentication.
  • Configure NSS to retrieve information from LDAP.
  • Configure PAM modules in various Unix environments.

The following is a partial list of the used files, terms and utilities:

  • PAM
  • NSS
  • /etc/pam.d/*
  • /etc/nsswitch.conf


305.2 NIS to LDAP Migration

Weight

1

Description

Candidates should be able to plan and implement a NIS migration strategy, including a NIS to LDAP gateway.

Key Knowledge Areas:

  • Analyze NIS structure prior to migration to LDAP.
  • Analyze NIS structure prior to integration with LDAP.
  • Automate NIS to LDAP migration.
  • Create a NIS to LDAP gateway.

The following is a partial list of the used files, terms and utilities:

  • NIS
  • NIS to LDAP gateway
  • slapd.conf
  • /etc/yp/*


305.3 Integrating LDAP with Unix Services

Weight

1

Description

Candidates should be able to integrate LDAP authentication with a number of common Unix services.

Key Knowledge Areas:

  • Integrate SSH with LDAP.
  • Integrate FTP with LDAP.
  • Integrate HTTP with LDAP.
  • Integrate FreeRADIUS with LDAP.
  • Integrate print services with LDAP.

The following is a partial list of the used files, terms and utilities:

  • sshd.conf
  • ftp
  • httpd.conf
  • radiusd.conf
  • cupsd.conf
  • ldap.conf


305.4 Integrating LDAP with Samba

Weight

1

Description

Candidates should be able to integrate LDAP with Samba services.

Key Knowledge Areas:

  • Migrate from smbpasswd to LDAP.
  • Understand OpenLDAP Samba schema.
  • Understand LDAP as a Samba password backend.

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • smbpasswd
  • samba3.schema
  • slapd.conf


305.5 Integrating LDAP with Active Directory

Weight

2

Description

Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

  • Kerberos integration with LDAP.
  • Cross platform authentication.
  • Single sign-on concepts.
  • Integration and compatibility limitations between OpenLDAP and Active Directory.

The following is a partial list of the used files, terms and utilities:

  • Kerberos
  • Active Directory
  • single sign-on
  • DNS


305.6 Integrating LDAP with Email Services

Weight

1

Description

Candidates should be able to integrate LDAP with email services.

Key Knowledge Areas:

  • Plan LDAP schema structure for email services.
  • Create email attributes in LDAP.
  • Integrate Postfix with LDAP.
  • Integrate Sendmail with LDAP.

The following is a partial list of the used files, terms and utilities:

  • Postfix
  • Sendmail
  • schema
  • SASL
  • POP
  • IMAP


Topic 306: Capacity Planning

306.1 Measure Resource Usage

Weight

4

Description

Candidates should be able to measure hardware resource and network bandwidth usage.

Key Knowledge Areas:

  • Measure CPU usage.
  • Measure memory usage.
  • Measure disk I/O.
  • Measure network I/O.
  • Measure firewalling and routing throughput.
  • Map client bandwidth usage.

The following is a partial list of the used files, terms and utilities:

  • iostat
  • vmstat
  • pstree
  • w
  • lsof
  • top
  • uptime
  • sar


306.2 Troubleshoot Resource Problems

Weight

4

Description

Candidates should be able to identify and troubleshoot resource problems.

Key Knowledge Areas:

  • Match / correlate system symptoms with likely problems.
  • Identify bottlenecks in a system.

The following is a partial list of the used files, terms and utilities:

  • swap
  • processes blocked on I/O
  • blocks in
  • blocks out


306.3 Analyze Demand

Weight

2

Description

Candidates should be able to analyze capacity demands.

Key Knowledge Areas:

  • Identify capacity demands.
  • Detail capacity needs of programs.
  • Determine CPU / memory needs of programs.
  • Assemble program needs into a complete analysis.

The following is a partial list of the used files, terms and utilities:

  • PDQ
  • CPU usage
  • memory usage
  • appropriate measurement time
  • trend
  • model
  • what-if
  • validate
  • performance equation


306.4 Predict Future Resource Needs

Weight

1

Description

Candidates should be able to monitor resource usage to predict future resource needs.

Key Knowledge Areas:

  • Predict capacity break point of a configuration.
  • Observe growth rate of capacity usage.
  • Graph the trend of capacity usage.

The following is a partial list of the used files, terms and utilities:

  • diagnose
  • predict growth
  • average
  • resource exhaustion