How Can LDAP Help

In this chapter, we have just scratched the surface of what you can do with LDAP, but you can see it provides a good structure to mirror an organization. Let's face it — the better your systems mirror the organizational structure of the company, the better they will work with your workflow.

LDAP is extremely good at storing and retrieving data; it can search through extremely large data sets in a very short amount of time. LDAP should not be used as an online transaction processing (OLTP) database because it is not great at writing data to the directory. Given that 95 percent of transactions taking place on an LDAP server are retrievals of stored information (How often will your salary be updated? Likely not as often as you would like!), this is to be expected.

We are great fans of LDAP since working with it, and if designed correctly, it will save you a lot of time in the long run.

ttingupaiWfbpoxy withSqUid',

Squid is the most popular open source caching web proxy server. This means that it fetches and holds local copies of pages and images from the web. Client machines requesting these objects obtain them from the Squid proxy server rather than directly. There are several good reasons (and possibly some bad ones) why people use Squid and other caching web proxies:

■ A web cache on the local network means that objects (web pages, images, and so on) that have already been requested do not need to be fetched again from their original location, but can be served from the cache instead. This improves performance for users and reduces bandwidth usage.

■ At the same time, using a proxy can give an organization a great deal of control over how and when users access the web and can log all web access. Squid can also be used to prevent access to undesirable sites, sometimes in conjunction with additional software that maintains blacklists of these sites.

■ The use of a web proxy such as Squid that can fetch and cache web and FTP accesses means that you can set up a firewall in such a way that users do not have direct access from their PCs to the Internet; their HTTP and FTP traffic is handled by Squid, and their Simple Mail Transport Protocol (SMTP) traffic is handled by the mail server. Typically, users may have no direct TCP/IP access to the outside world. This simplifies security but may also rob users of the ability to connect to other services.

IN THIS CHAPTER

Getting started with Squid onSUSE

Authentication and ACLs

The Squid log and using sarg

Transparent proxying

Using Cache Manager and squidGuard

When a web proxy is up and running (and, most probably, direct HTTP through the firewall is blocked), traditionally all users' browsers need to be configured with the appropriate proxy setting. This leads to administrative problems. There are a number of solutions to these, including a very elegant one (the use of a transparent proxy by combining Squid with appropriate firewall rules) that we shall discuss later.

Was this article helpful?

0 0

Post a comment