Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP (Lightweight Directory Access Protocol)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP (Lightweight Directory Access Protocol)"— Presentation transcript:

1 LDAP (Lightweight Directory Access Protocol)
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version it did not include security features.

2 LDAP (Lightweight Directory Access Protocol)
LDAP originated at the University of Michigan and has been endorsed by at least 40 companies. Netscape includes it in its latest Communicator suite of products. Microsoft includes it as part of what it calls Active Directory in a number of products including Outlook Express. Novell's NetWare Directory Services interoperates with LDAP. Cisco also supports it in its networking products. In a network, a directory tells you where in the network something is located. On TCP/IP networks (including the Internet), the domain name system (DNS) is the directory system used to relate the domain name to a specific network address (a unique location on the network). However, you may not know the domain name. LDAP allows you to search for an individual without knowing where they're located (although additional information will help with the search).

3 LDAP (Lightweight Directory Access Protocol)
An LDAP directory is organized in a simple "tree" hierarchy consisting of the following levels: The root directory (the starting place or the source of the tree), which branches out to Countries, each of which branches out to Organizations, which branch out to Organizational units (divisions, departments, and so forth), which branches out to (includes an entry for) Individuals (which includes people, files, and shared resources such as printers) An LDAP directory can be distributed among many servers. Each server can have a replicated version of the total directory that is synchronized periodically. An LDAP server is called a Directory System Agent (DSA). An LDAP server that receives a request from a user takes responsibility for the request, passing it to other DSAs as necessary, but ensuring a single coordinated response for the user.

4 Authentication, Authorization, Accounting (AAA)
Authentication, Authorization, Accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security. As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied.

5 Authentication, Authorization, Accounting (AAA)
Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity.

6 Authentication, Authorization, Accounting (AAA)
The final term in the AAA framework is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities. Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).

7 RADIUS Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it's easier to track usage for billing and for keeping network statistics. Created by Livingston (now owned by Lucent), RADIUS is a de facto industry standard used by a number of network product companies and is a proposed IETF standard.

8 F. NGN signaling protocols and QoS mechanisms
SIP MGCP Megaco/H.248 SIP-T SIGTRAN BICC Mechanisms (QoS, Resource Allocation) MPLS IntServ DiffServ

9 VoIP protocols: 1. H.323, ITU-T
H first call control standard for multimedia networks. Was adopted for VoIP by the ITU in 1996 H.323 is actually a set of recommendations that define how voice, data and video are transmitted over IP-based networks The H.323 recommendation is made up of multiple call control protocols. The audio streams are transacted using the RTP/RTCP In general, H.323 was too broad standard without sufficient efficiency. It also does not guarantee business voice quality The first call control standard for VoIP was the H.323, which was adopted by the International Telecommunications Union (ITU) in 1996. H.323 is actually a set of recommendations that define how voice, data and video are transmitted over IP-based networks. The recommendations also included a standard called T.120, which is implemented in data collaboration tools such as Microsoft’s NetMeeting. The H.323 recommendation is made up of multiple call control protocols. The audio streams are transacted using the real-time protocol/real-time control protocol (RTP/RTCP). However, some vendors felt that H.323 was too broad a standard and lacked efficiency. It also does not guarantee business voice quality.

10 VoIP protocols: 2. SIP - Session Initiation Protocol, IETF (Internet Engineering Task Force)
SIP - standard protocol for initiating an interactive user session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. Protocol claims to deliver faster call-establishment times. SIP works in the Session layer of IETF/OSI model. SIP can establish multimedia sessions or Internet telephony calls. SIP can also invite participants to unicast or multicast sessions. SIP supports name mapping and redirection services. It makes it possible for users to initiate and receive communications and services from any location, and for networks to identify the users wherever they are. To counter this, the Internet Engineering Task Force (IETF) Multi-party Multimedia Session Control working group came up with the Session Initiation Protocol (SIP), which claims to deliver faster call-establishment times. It also provides for ways to leverage the Internet and Web infrastructures. The Session Initiation Protocol (SIP) is an Internet Engineering Task Force standard protocol for initiating an interactive user session that involves multimedia elements such as video, voice, chat, gaming, and virtual reality. Like HTTP or SMTP, SIP works in the Session layer of the Open Systems Interconnection (OSI) communications model. The Application layer is the level responsible for ensuring that communication is possible. SIP can establish multimedia sessions or Internet telephony calls, and modify, or terminate them. The protocol can also invite participants to unicast or multicast sessions that do not necessarily involve the initiator. Because the SIP supports name mapping and redirection services, it makes it possible for users to initiate and receive communications and services from any location, and for networks to identify the users wherever they are.

11 VoIP protocols : 2. SIP - Session Initiation Protocol, IETF (Internet Engineering Task Force) (Cntd)
SIP – client-server protocol, Rq from clients, Rs from servers. Participants are identified by SIP URLs. Requests can be sent through any transport protocol, such as UDP, or TCP. SIP defines the end system to be used for the session, the communication media and media parameters, and the called party's desire to participate in the communication. Once these are assured, SIP establishes call parameters at either end of the communication, and handles call transfer and termination. The Session Initiation Protocol is specified in IETF Request for Comments (RFC) 2543. SIP is a request-response protocol, dealing with requests from clients and responses from servers. Participants are identified by SIP URLs. Requests can be sent through any transport protocol, such as UDP, or TCP. SIP determines the end system to be used for the session, the communication media and media parameters, and the called party's desire to engage in the communication. Once these are assured, SIP establishes call parameters at either end of the communication, and handles call transfer and termination. The Session Initiation Protocol is specified in IETF Request for Comments (RFC) 2543.

12 VoIP protocols : 3. MGCP/Megaco/H.248
MGCP - Media Gateway Control Protocol, IETF [Telcordia (formerly Bellcore)/Level 3/Cisco] MGCP – control protocol that specifically addresses the control of media gateways Megaco/H.248 (IETF, ITU) - standard that combines elements of the MGCP and the H.323, ITU (H.248) The main features of Megaco - scaling (H.323) and multimedia conferencing (MGCP) Most recently, Telcordia (formerly Bellcore) and Level 3, with the support of Cisco Systems, announced the Media Gateway Control Protocol (MGCP). MGCP is a control protocol that specifically addresses the control of media gateways (it is not a protocol that specifies complete end-to-end communications, as H.323 does). MGCP is a "state" protocol, in which a media gateway controller, or MGC (or call agent) acts as the master controller of a media gateway. MGCP assumes that all call-control intelligence is external to the gateway; H.323, by comparison, assumes that end stations are fairly intelligent. The ITU and the IETF have joined together to produce a new standard that combines elements of the IETF’s MGCP and the ITU’s H.323. That standard is known as Megaco within the IETF and H.248 within the ITU. The main features of Megaco are to allow greater scaling than H.323 allows, and to address the technical requirements of multimedia conferencing. Although based on MGCP, Megaco is more complex than MGCP (for one thing MGCP does not address multimedia conferencing). IP offers a standardized transport layer and voice is an application that rides on top of that transport. At the applications level, the standards for voice over IP are still evolving, which means most business voice over IP solutions today are proprietary and do not interoperate with one another, but this will change as standards evolve.

13 SIP-T SIP-T (SIP for telephones, previously SIP-BCP-T) is a mechanism that uses SIP to facilitate the interconnection of the PSTN with IP. SIP-T defines SIP functions that map to ISUP interconnection requirements. This is intended to allow traditional IN-type services to be seamlessly handled in the Internet environment. It is essential that SS7 information be available at the points of PSTN interconnection to ensure transparency of features not otherwise supported in SIP. SS7 information should be available in its entirety and without any loss to the SIP network across the PSTN-IP interface.

14 SIGTRAN SIGTRAN (for Signaling Transport) is the standard Telephony Protocol used to transport Signaling System 7 signals over the Internet. SS7 signals consist of special commands for handling a telephone call. Internet telephony uses the IP PS connections to exchange voice, fax, and other forms of information that have traditionally been carried over the dedicated CS connections of the public switched telephone network (PSTN). Calls transmitted over the Internet travel as packets of data on shared lines, avoiding the tolls of PSTN.

15 SIGTRAN A telephone company switch transmits SS7 signals to a SG. The gateway, in turn, converts the signals into SIGTRAN packets for transmission over IP to either the next signaling gateway. The SIGTRAN protocol is actually made up of several components (this is what is sometimes referred to as a protocol stack): standard IP common signaling transport protocol (used to ensure that the data required for signaling is delivered properly), such as the Streaming Control Transport Protocol (SCTP) adaptation protocol that supports "primitives" that are required by another protocol.

16 SIGTRAN The IETF Signaling Transport working group has developed SIGTRAN to address the transport of packet-based PSTN signaling over IP Networks, taking into account functional and performance requirements of the PSTN signaling. For interworking with PSTN, IP networks will need to transport signaling such as Q.931 or SS7 ISUP messages between IP nodes such as a Signaling Gateway and Media Gateway Controller or Media Gateway. Applications of SIGTRAN include Internet dial-up remote access and IP telephony interworking with PSTN.

17 Bearer Independent Call Control
Bearer Independent Call Control (BICC) is a signaling protocol based on N-ISUP that is used to support NB-ISDN service over a BB backbone network without interfering with interfaces to the existing network and end-to-end services. Specified by the ITU-T in recommendation Q.1901, BICC was designed to be fully compatible with existing networks and any system capable of carrying voice messages. BICC supports narrowband ISDN services independently of bearer and signaling message transport technology.

18 Bearer Independent Call Control (Cntd.)
ISUP messages carry both call control and bearer control information, identifying the physical bearer circuit by a Circuit Identification Code (CIC). However, CIC is specific to time-division multiplexed TDM networks. BICC was developed to be interoperable with any type of bearer, such as those based on asynchronous transfer mode ATM and IP technologies, as well as TDM. BICC separates call control and bearer connection control, transporting BICC signaling independently of bearer control signaling. The actual bearer transport used is transparent to the BICC signaling protocol - BICC has no knowledge of the specific bearer technology.

19 Bearer Independent Call Control (Cntd.)
The ITU announced the completion of the second set of BICC protocols (BICC Capability Set 2, or CS 2) in July 2001; these are expected to help move networks from the current model - which is based on public-switching systems - to a server-based model. The BICC deployment architecture comprises a proxy server and a media gateway to support the current services over networks based on circuit-switched, ATM, and IP technologies, including third-generation wireless. The completion of the BICC protocols is an real and important ITU step toward broadband multimedia networks, because it will enable the seamless of circuit-switched TDM networks to high-capacity broadband multimedia networks. The 3GPP has included BICC CS 2 in the UMTS release 4. Among the future ITU-T plans for BICC are the inclusion of more advanced service support and more utilization of proxies, such as the SIP proxy.

20 SCTP TCP transmits data in a single stream (sometimes called a byte stream) and guarantees that data will be delivered in sequence to the application or user at the end point. If there is data loss, or a sequencing error, delivery must be delayed until lost data is retransmitted or an out-of-sequence message is received. SCTP's multi-streaming allows data to be delivered in multiple, independent streams, so that if there is data loss in one stream, delivery will not be affected for the other streams.

21 SCTP For some transmissions, such as a file or record, sequence preservation is essential. However, for some applications, it is not absolutely necessary to preserve the precise sequence of data. For example, in signaling transmissions, sequence preservation is only necessary for messages that affect the same resource (such as the same channel or call). Because multi-streaming allows data in error-free streams to continue delivery when one stream has an error, the entire transmission is not delayed.

22 G. NGN as converged networks: concluding remarks
PSTN Switch Data networks Flexible bandwidth Effective transmission Services QoS SOFTSWITCH Voice services for IP-users VoIP

Download ppt "LDAP (Lightweight Directory Access Protocol)"

Similar presentations

1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
H. 323 Chapter 4.

H. 323 Chapter 4.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H.323 4. Terminal.

Packet Based Multimedia Communication Systems H.323 & Voice Over IP Outline 1. H.323 Components 2. H.323 Zone 3. Protocols specified by H Terminal.
Chapter 5 standards for multimedia communications

Chapter 5 standards for multimedia communications
Chapter VI Data Communication: Delivering Information Anywhere and Anytime By: AP CHEN P. JOVER BSIT - III.

Chapter VI Data Communication: Delivering Information Anywhere and Anytime By: AP CHEN P. JOVER BSIT - III.
Network Layer and Transport Layer.

Network Layer and Transport Layer.
All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.

VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.
EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.

EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.
SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.

SIP vs H323 Over Wireless networks Presented by Srikar Reddy Yeruva Instructor Chin Chin Chang.
Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.

Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.
Signaling interworks in PSTN and Voice-over-IP networks

Signaling interworks in PSTN and Voice-over-IP networks
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Similar presentations

Ads by Google