Presentation is loading. Please wait.

Presentation is loading. Please wait.

Learning Directory 2000/09/16 이니텍 보안기술연구소 권용철

Published byDiane Price Modified over 8 years ago

Similar presentations

Presentation on theme: "Learning Directory 2000/09/16 이니텍 보안기술연구소 권용철"— Presentation transcript:

1 Learning Directory 2000/09/16 이니텍 보안기술연구소 권용철 (godslord@initech.com)

2 Goal Directory 의 개념을 이해해보도록 노력해 본다 LDAP 으로 검색 정도는 할 줄 아는 소양 을 기른다

3 What is Directory? Directory Noun. 주소 성명록 X.500 : X.400 을 구현하기 위해 만들어진 일 종의 distributed DB Directory 를 이루는 entry 들에 주소로 접근 Object Oriented 관점에서 실 세계를 표현할 수 있는 가장 강력한 수단

4 At the Beginning … Requirement of X.400 Naming person ’ s email address Search, Add, Remove, Modify email address organizing hierarchically because it ’ s more intuitive That ’ s exactly same as Phone Book!!

5 Directory 에 관련된 용어 DIT Entry Attribute Schema DN & RDN

6 DIT DIT : Directory Information Tree 정보를 가지고 있는 Entry 혹은 Object 들의 집합체 구조는 n-ary tree 로서, DIT 에서의 관계를 설명하는 데는 tree 자료구조의 표현을 그대 로 따른다

7 Entry Entry : DIT 를 구성하는 단위. Object 라 불리기도 한다 Entry 는 여러 가지 속성 (Attribute) 로 구성 되며, 이 속성들에 따라서 다른 Entry 와 구별된다

8 Attribute Attribute : Entry 에 의미를 부여하는 정보 Attribute 는 Attribute 의 종류를 나타내는 type 과 그 값을 나타내는 value 들로 정의 된다. Entry 는 objectclass 라는 attribute 를 반드 시 가져야 한다

9 Schema Schema : a syntax of DIT Schema 는 DIT 에서 사용될 objectclass 의 설계도, attribute 의 이름과 값에 대한 정의, 그리고 기타 필요한 여러 가지 정 보들에 대한 설계도를 말한다. Schema checking = Syntax checking

10 Sample Schema Attribute Definition ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )

11 Sample Schema Object Class objectclass person requires objectClass, sn, cn allows description, seeAlso, telephoneNumber, userPassword

12 난 흑인이야 나도 흑인이야 Me too So am I 사람의 이름은 … ? ????

13 난 Smith 난 Eric 난 Martin 난 Robert 난 Rocky 사람의 이름은 …

14 DN & RDN DN : distinguished name RDN : relative distinguished name DN 은 DIT 내에서 유일하게 한 Entity 를 가리키는 이름. RDN 은 sibiling 사이에서 유일하게 한 Entity 를 가리키는 이름

15 DN & RDN (continued) Entry 의 이름은 Entry 가 가지고 있는 임의 attribute 의 값이 될 수 있다. RDN 의 경우에는 sibiling entry 사이에서 현 entry 가 가지고 있는 유일한 attribute&value 의 집합으로 나타낼 수 있다. DN 은 DIT 의 Root Entry 로 부터 특정 Entry 를 포함하는 경로 상에 있는 Entry 들의 RDN 의 열 거이다 (not 집합 )

16 Sample DIT Entry CN= 권용철,OU= 학부생, OU= 전산학과, O= 한국과학기술원, L= 대전광역시,C=KR

17 Directory 의 강점 분산 환경에 적합하다 Replication Referral Scalable High performance Logical DataBase Connectivity with CORBA and JAVA …

18 Object Oriented DIT 를 구성하는 Entry 는 Object ObjectClass : Entry 의 설계도 Structural Class Entry 의 주된 속성을 표현 Auxiliary Class – like interface in JAVA Entry 의 부가적인 속성을 표현

19 Object Oriented – Example Initech is organization(company), but now it does CA service. How can we make entry of Initech in DIT? Objectclass organization + Objectclass Certification Authority = Organization & Certification Authority

20 X.500 DAP and LDAP X.500 DAP DAP : Directory Access Protocol Too heavy to use(full ASN.1 BER encoding, etc) LDAP Light-weight Directory Access Protocol Protocol carried directly over TCP or other transport Use direct string encoding rather than BER encoding as many as possible LDAP is subset of DAP

21 Compare DAP & LDAP DN encoding SEQUENCE { SET { SEQUENCE { OBJECT IDENTIFIER ( 2.5.4.6 ) PRINTABLE STRING ‘ KR ’ } SEQUENCE { OBJECT IDENTIFIER ( 2.5.4.10 ) PRINTABLE STRING ‘ Initech, Inc ’ } When DER encoded, it ’ s 34 byte. And complex encoding process. O= “ Initech, Inc ”,C=KR It ’ s 21 byte. And simple encoding process.

22 Directory 어디까지 왔나 ? Many Directory enabled applications Internet Explorer, Netscape Communicator, Eudora, etc Sendmail/named/ … – support LDAP as backend DataBase Various language support LDAP(ex. PHP/MFC/JAVA/Perl/ … ) Backend Repository of Intranet or Internet Service

23 Directory 로 검색을 해 보자 ! 준비물 : Netscape Navigator or IE LDAP URL Search filter Ldap://ldap.host.name:port/ou=search,o=b ase?returnattributelist?searchmethod?sear chfilter Searchmethod : one,base,sub Searchfilter : prefix expression Operators : &,|,!,>=,<=,~=,=,*

24 검색 예제 Ldap://venus.initech.com/o=initech,c=kr??sub?(&(m ail=*initech*)(cn=* 용철 )) Ldap://venus.initech.com/o=initech,c=kr??one?(|(cn = 이 *)(cn= 김 *)) Ldap://venus.initech.com/ou=people,o=initech,c=kr? ?sub?(&(cn= 김 *)(!(mail=*initech*)))

25 References RFC-2251 LDAP v3 를 필두로 RFC 줄줄 이 … http://www.openldap.org http://www.opendirectory.com http://developer.netscape.com IETF LDAP working group

Download ppt "Learning Directory 2000/09/16 이니텍 보안기술연구소 권용철"

Similar presentations

LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
CS603 Directory Services January 30, 2002. Name Resolution: What would you like? Historical? –Mail –Telephone DNS? X.500 / LDAP? DCE? ActiveDirectory?

CS603 Directory Services January 30, Name Resolution: What would you like? Historical? –Mail –Telephone DNS? X.500 / LDAP? DCE? ActiveDirectory?
EEC-681/781 Distributed Computing Systems Lecture 9 Wenbing Zhao Cleveland State University.

EEC-681/781 Distributed Computing Systems Lecture 9 Wenbing Zhao Cleveland State University.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
ASN.1 CNS 4650 Fall 2004 Rev. 2.

ASN.1 CNS 4650 Fall 2004 Rev. 2.
LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.

LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.
1 LDAP based repositories for Metadata and Ontologies NetLab & Friends Conference Lund, 10. April 2002 Peter Gietz

1 LDAP based repositories for Metadata and Ontologies NetLab & Friends Conference Lund, 10. April 2002 Peter Gietz
1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.

1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – www.openldap.org docs –RFCs:

Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – docs –RFCs:
LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Similar presentations

Ads by Google