Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.

Published byDeborah Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP."— Presentation transcript:

1 SPARCS 10 이대근 (harry)

2 Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP

3 Question  How can an organization keep one centralized up-to-date phone book that everybody has access to?  How can SPARCS share login information among all servers?

4

5 Directory  A directory is a map of the differences between names and values  More than directories of file system

6 Directory: examples WordDefinition Dictionary NamePhone number Telephone directory Domain nameIP address DNS

7 Directory service  The software system that stores, organizes and provides access to information in a directory

8 Directory service vs RDBMS Directory serviceRelational DBMS  Be read more often  Data may be redundant if it helps performance  Must  May  Namespace  Be written more often  Data must be unique (in most case)  Not null  Nullable

9 X.500  A series of computer networking standards covering electronic directory services  Protocols DAP: Directory Access Protocol DSP: Directory System Protocol DISP: Directory Information Shadowing Protocol DOP: Directory Operational Bindings Management Protocol

10 X.500 Directory service

11

12 LDAP  Lightweight Directory Access Protocol i.e., Lightweight DAP  A protocol to access directory service through TCP/IP  Designed at the University of Michigan

13 Directory structure File system

14 Directory structure LDAP

15 Available backend types TypeDescription bdbBerkeley DB transactional backend dnssrvDNS SRV backend ldbmLightweight DBM backend ldapLDAP (Proxy) backend metaMeta Directory backend monitorMonitor backend passwdProvides read-only access to passwd(5) perlPerl programmable backend shellShell (external program) backend sqlSQL programmable backend

16

17 Installation  Server apt-get install slapd  Client apt-get install ldap-utils

18

19 /etc/ldap/ldap.conf include /etc/ldap/schema/core.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd.args loglevel 0 database bdb suffix "dc=sparcs,dc=net" rootdn "cn=DsnManager,dc=sparcs,dc=net" rootpw {SSHA}8DihK78pIOVntXZftMugdq4rxhYat03R

20 slappasswd  Nice tool to generate hashed password  Sample output: {SSHA}8DihK78pIOVntXZftMugdq4rxhYat03R  You just need to copy&paste the output to configuration file

21 Access Control List  access to by [ by … ]

22 Access Control List: Example defaultaccess none access to * by self write by dn=“.+” read by dn=“^$$” read by * none #No permission by default #Granting permission for all entries #A user entry can modify itself #An authenticated user can read #An anonymous user can read #Else granting no permission

23 Access Control List: Example access to dn=“.*,dc=(.*),dc=(.*),dc=net” attrs=children,entry,uid by dn=“cn=Administrator,dc=$1,dc=$2” write

24 Caution  No blank around separator(,) dn=“dc=example,dc=com”(O) dn=“dc=example, dc=com”(X)  ACL is not overridden Details should precede the general configs  The more complicated ACL, the slower search results

25

26 ldap-utils  Common usage –D –W –f

27 ldapadd  Define which schema is used objectclass: dcobject  Describe all ‘Must’ attributes dn: dc=mydomain,dc=com dc: database

28 ldapadd: example objectclass: dcobject dn: dc=mydomain,dc=com dc: database

29 ldapsearch: scope

30 ldapsearch: filters  (cn=harry)  (cn=h*)  (cn~=pipe)  (cn>=harry)  (&(cn=h*)(cn=*y))  (|(cn=h*)(cn=*y))  (!(cn=harry))

31 ldapsearch: example sn=Daniels givenname=Charlene

32 ldapmodify  Declare which entry you want to modify dn: cn=harry,dc=sparcs,dc=org  State what kind of change will occur changetype: modify / add / delete  (if changetype: modify) State what kind of modification will occur replace: cn add: sn delete: sn  Enter the value of the attribute if necessary cn: hodduc

33 ldapmodify: example dn: cn=harry,dc=sparcs,dc=org changetype: modify replace: cn cn: hodduc

34 ldapmodrdn  Declare which entry you want to modify  Enter new RDN

35 ldapmodrdn: example cn=harry,dc=sparcs,dc=org cn=noname

36

37 Client  apt-get install libnss-ldap libpam-ldap nss-updatedb nscd ldap-auth-client  Configuration files /etc/ldap.conf /etc/auth-client-config/profile.d/ldap-auth- config /etc/pam.d/ /etc/nssswitch.conf

38 Server  Automatic migration tools apt-get install migrationtools

39

40 Web sites & Documentations  http://wiki.kldp.org/wiki.php/LDAP-Tips Nice KOREAN document explaining how to configure for LDAP authentication  http://50001.com/sub/down/ldap.doc Also nice Korean document explaining general usage of LDAP

41 I’m very sleepy

Download ppt "SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP."

Similar presentations

Automatic Configuration of DICOM Network Applications Experience with Frozen Draft of Supplement 67 DICOM Anniversary Conference & Workshop Baltimore,

Automatic Configuration of DICOM Network Applications Experience with Frozen Draft of Supplement 67 DICOM Anniversary Conference & Workshop Baltimore,
OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica.

OpenLDAP Installation & Configuration June 2010 Penguins Unbound By Loren Cahlander 1 Copyright 2010 Syntactica.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Presentation #36576 Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming Daniel T. Liu Senior Technical consultant First American.

Presentation #36576 Presentation #36576 Oracle9i LDAP: Advanced Configuration of Directory Naming Daniel T. Liu Senior Technical consultant First American.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
Windows Server 2008 Chapter 4 Last Update 2012.05.01 1.0.0.

Windows Server 2008 Chapter 4 Last Update
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.

Similar presentations

Ads by Google