Presentation is loading. Please wait.

Presentation is loading. Please wait.

LINSOL.ORG Red Hat Enterprise Linux Variants  Server:  Red Hat Enterprise Linux Advanced Platform  Red Hat Enterprise Linux  Client:  Red Hat Enterprise.

Published byJeffry Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "LINSOL.ORG Red Hat Enterprise Linux Variants  Server:  Red Hat Enterprise Linux Advanced Platform  Red Hat Enterprise Linux  Client:  Red Hat Enterprise."— Presentation transcript:

1 LINSOL.ORG Red Hat Enterprise Linux Variants  Server:  Red Hat Enterprise Linux Advanced Platform  Red Hat Enterprise Linux  Client:  Red Hat Enterprise Linux Desktop  with Workstation option  with Multi-OS option  with Workstation and Multi-OS options

2 LINSOL.ORG Red Hat Network  A comprehensive software delivery, system management, and monitoring framework  Update Module: Provides software updates Included with all Red Hat Enterprise Linux subscriptions  Management Module: Extended capabilities for large deployments  Provisioning Module: Bare-metal installation, configuration management, and multi-state configuration rollback capabilities  Monitoring Module provides infrastructure health mon~Loring of network's, systems, applications, etc.

3 LINSOL.ORG Other Red Hat Supported Software  Red Hat Application Stack  JBoss Enterprise Middleware Suite  Red Hat Directory Server  Red Hat Certificate System  Red Hat Global File System

4 LINSOL.ORG Objectives of RH423 Develop skills required to manage and deploy directory services on Red Hat Enterprise Linux systems Develop skills required to manage and deploy directory services on Red Hat Enterprise Linux systems  Gain a better understanding of PAM and user authentication on Red Hat Enterprise Linux

5 LINSOL.ORG Audience and Prerequisites  Audience: Senior Red Hat Linux and Red Hat Enterprise Linux system administrators and other IT professionals who need to provide enterprise-wide authentication or information services  Prerequisites: RHCE certification or comparable skills and knowledge

6 LINSOL.ORG Classroom Network Classroom Network  example.com network (192. 168.0. 0/24)‏  serveri.example.com (192.l6e.o.254)‏  Main classroom server: Provides DHCF, DNS, routing and other services  stationx.example.com (192.168.0.x)‏  Student systems  serverx-i-100.example.com (192. 168.0.x+ioo)‏  virtual server hosted on student stations  serverx-r200.example.com (192.168.0. X.i-200)‏  Secondary virtual server hosted on student stations

7 LINSOL.ORG Notes on Internationalization  Red Hat Enterprise Linux supports nineteen languages  Default language can be selected:  During installation  With system-config-language  System->Administration-~Language  Alternate languages can be used on a per-command basis: $ LANG=en_US.OTFS date $ LANG=en_US.OTFS date  Language settings are stored in /etc/sysconfig

8 LINSOL.ORG Objectives Upon completion of this unit, you should be able to:  Explain what a directory service is  Explain the history of LDAP and X500  Understand the LDAP information model  Read and write simple LDIF  Explore issues

9 LINSOL.ORG What is a Directory?  A directory is a specialized database that normally stores small pieces of information  Special-purpose directories are common:  A telephone book is a directory of names to telephone numbers  DNS is a directory of host names to IP addresses  NIS is a directory of system information; username to password file data, name to e-mail alias, mount point to device, and so on

10 LINSOL.ORG Ideal Directory Data  Small pieces of information will be stored  Potentially many small pieces of information  Potentially many small pieces of information  Data will be frequently read but rarely written  Individual entries are based on collections of attributes (phone number, address, etc.)‏  Information will need to be searched for or looked up by multiple client users

11 LINSOL.ORG Uses of a Directory  Look up e-mail addresses and contact information in mail clients and web browsers  Manage and synchronize user authentication centrally from a network server  Centrally coordinate informational databases used by various network services  Store and search for arbitrary data

12 LINSOL.ORG X.500 Directory Service  General-purpose directory service designed by ISO and CCITT starting in the 1980s  The Directory: a fully-connected global directory, information organized in a tree  Flexible information model  Intended for "white pages" telephone and X.400 e-mail directories, OSI name service  DAP: clientlserver communication protocol  DAP: clientlserver communication protocol

13 LINSOL.ORG X.500 Problems X.500 (and DAP) is complex and resource hungry to implement X.500 (and DAP) is complex and resource hungry to implement  The standards process did not require test implementations to prove feasibility!  Early implementations were slow, buggy, and did not interoperate well  X.500 is tied to the OSI network model  The Internet is based on TCP/IP, not OSI  The Internet is based on TCP/IP, not OSI  Deployment was therefore slow

14 LINSOL.ORG  Lightweight Directory Access Protocol Originally for use by desktop computer clients  LDAP improves X.500 DAP in several ways: Uses TOP transport in place of 051 networking Simplifies protocol to nine basic operations Uses a subset of X.500 message encoding rules Data elements are simple text strings

15 LINSOL.ORG LDAP Directory Service  Initial ldapd daemon acted as a gateway  In 1995, UMich LDAP group realized over 99% of X.500 queries came through ldapci  A standalone LDAP daemon (slapd) replaced ldapd and the X.500 service  Removed overhead of LOAP-to-DAP translation  Improved performance and reduced directory service complexity

16 LINSOL.ORG LDAP Models LDAP Models  Information Model How individual entries in the directory are structured  Naming Model Where entries are stored in the hierarchical directory tree  Functional Model What operations can be performed on the directory  Security Model How directory information is protected from unauthorized access

17 LINSOL.ORG Information Model  An entry stores information about an object of interest in the directory  The basic unit of information storage  Each entry is made up of attributes which describe characteristics of the object  Each attribute in an entry has a type and takes one or more values  The unique distinguished name of an entry is based on one of its attributes

18 LINSOL.ORG Directory Schema  The schema defines rules on what attributes can be used in which entries and how their values are formatted and compared  Keeps directory data consistent and useful  Reduces redundant or inappropriate information stored in entries  Constraints on size and format help avoid bogus data values being assigned to attributes

19 LINSOL.ORG Commonly Seen Attributes d.nThe unique DN identifying the entry cnThe entry 1 s common name (full name)‏ snThe surname (last name) of a user uid Login name cTwo letter country code oName of an organization ou Name of an organizational unit mail Internet e-mail address

20 LINSOL.ORG Object Classes An object class groups related information  Defines which attributes are mandatory and which are permitted in an entry  obj ectclass attributes specify which object classes an entry belongs to  There are different kinds of object classes  An entry trust have one structural object class  An entry may add one or more additional aux//iaty object classes

21 LINSOL.ORG Derived Object Classes An object class may be a subclass derived from another object class  The derived class inherits the required and optional attribute lists from its superclass  The derived class may then add additional required and optional attributes

22 LINSOL.ORG Sample Entry in LDIF Form dn: dc=ds,dc=nust,dc=com objectclass: dcObject objectclass: top dc: ds dn: ou=People,dc=ds,dc=nust,dc=com objectclass: organizationalUnit objectclass: top ou: People

23 LINSOL.ORG Troubleshooting an LDIF Entry  Does the RDN match an attribute-value pair?  Is there exactly one structural class, not counting parent superclasses?  Do all mandatory attributes have a value?  Are there any attributes set which the object class or classes for this entry do not allow?  Do any single-value attributes have multiple values?

24 LINSOL.ORG Managing Directory Data  What attributes do your applications need?  Are they hard-wired to use a particular schema?  Do applications have conflicting needs?  Correct object class selection is important  Helps avoid poor quality or badly formatted data  An entry cannot change its structural object class after creation!

25 LINSOL.ORG Managing Directory Data  Use standard schema definitions if possible  Auxiliary classes may help  Avoid storing identical or redundant data in multiple attributes  Otherwise, ensure the values stay synchronized  Plan for change  What attributes might you need in the future?  How will current data be kept up to date?

26 LINSOL.ORG Developing a Data Policy Developing a Data Policy  What data will and will not be stored in the directory service  Who has the ability to modify which entries  Who has the ability to access which entries  Legal considerations affecting the above  How exceptions may be made if needed

27 LINSOL.ORG Unit 2 The LDAP Naming Model

28 LINSOL.ORG Objectives Upon completion of this unit, you should be able to:  Use the LDAP naming model  Use and construct LDAP distinguished names (DNs)‏  Interpret directory suffixes  Organize entries in the directory  Define a name space in LDIF

29 LINSOL.ORG LDAP Naming Model  The naming model defines how entries are organized and identified in the directory  Every entry must have a unique name that may be referenced unambiguously  The distinguished name or DN  A well-designed name space is critical  Easier retrieval and maintenance of data  Easier to apply access control policies

30 LINSOL.ORG The Directory Information Tree  Directory entries are arranged in a hierarchy  The directory information tree, or DIT  Similar to a file system or DNS hierarchy  Each entry has one parent entry  An entry may have any number of children  The DN of an entry specifies its position in the directory hierarchy  uid=lee,ou=sales,dc=foo,dc=com

31 LINSOL.ORG Distinguished Names  The leftmost component of the DN is the relative distinguished name, or RDN  The RDN must be Selected from the attributes of the entry   Unique among entries that share the same immediate parent entry   Two entries may have the same RDN if they have different parent entries (and therefore their full DNS are different)‏

32 LINSOL.ORG Escaped Characters  Some characters must be escaped with a backslash (\) if they appear in a component of a cTh attribute  Comma, pius, double quote, backslash, less-than, greater-than, or semicolon at the start of a component  White space at the start or end of a component  dn: o=Example\, Inc.,st=Delaware,c=us

33 LINSOL.ORG The Directory Suffix  The global LDAP name space IS distributed among multiple directory partitions  The suffix is the DN of the highest entry in the LDAP directory hierarchy which is stored in a directory partition  The node below which your name space lives  The DNS of all entries in that directory partition end with the suffix

34 LINSOL.ORG Choosing a Suffix  LDAP does not place restrictions on the suffix you may use or the structure of your directory  Your suffix should be unique in case your server ever needs to coexist with others  There are two standard approaches  The X.500 naming model  The Internet domain naming model

35 LINSOL.ORG X.500 Suffixes X.500 Suffixes  X.500-style suffixes are geographically and organizationally based  o=Example\, Inc.,st=Delaware,c=US  Useful if X.500(93) compatibility is needed  In practice, it has proved hard to find and manage names using this naming scheme

36 LINSOL.ORG Internet Domain Suffixes  The preferred method is to use components of the organization t s DNS domain  For example.com: dc=exarnple, dc=com  Since we know the DNS domain is unique, then the LDAP suffix is also unique  Can simplify deployment and configuration  Easier to manage in the long term

37 LINSOL.ORG Structure of the Name Space  After selecting the suffix, the structure of the directory name space must be designed  At one extreme is a flat name space containing all entries directly under the suffix uid=raoit, dc=nust, dc=com  At the other is a deep name space dividing entries into fine categories uid=raoit, ou=seecs, ou=it, dc=nust, dc=corn

38 LINSOL.ORG Flat Name Space dc=nust,dc=comuid=raoitI~mCa~I~zng'Sa.uici=jbrown FU 9 Brown 'S inS uid=jvedder Icn=Jetfvedderl Resources

39 LINSOL.ORG Flat Name Space Issues  Advantages  Advantages  Names do not need to change when job roles change or the organization changes  Names do not need to change when job roles change or the organization changes  Simple design avoids need to object categorization by directory administrators  Simple design avoids need to object categorization by directory administrators  Disadvantages  Disadvantages  Hard to partition the directory later if needed  Hard to partition the directory later if needed  May be hard to maintain unique DNs  May be hard to maintain unique DNs

40 LINSOL.ORG Deep Name Space A dc=exI do—corn dc=exI do—corn lFMi~l=North~gierica lFMi~l=North~gierica ou=People ou=People ou=Sales ou=Devel uid=joe uid=rnara ou=Sales ou=Devel uid=joe uid=rnara ou=People ou=People ounSales ounSales uld—jeanne uld—jeanne ounPeople ounPeople ou=Sales ou=Sales uidnpete uidnpete

41 LINSOL.ORG Designing the Name Space  There is no name space design that is ideal for all situations  There is no name space design that is ideal for all situations  May help to think about how you planned the DNS name space of hosts and subdomains  May help to think about how you planned the DNS name space of hosts and subdomains  Try to keep the hierarchy fairly flat  Try to keep the hierarchy fairly flat  Simpler management, good for small directories  Simpler management, good for small directories  Depth is useful for  Depth is useful for  Avoidance of naming collisions  Avoidance of naming collisions  Dividing up directory management  Dividing up directory management

42 LINSOL.ORG One Compromise Name Space dc=exa dc=exa dc-corn dc-corn i=Nort..~urica i=Nort..~urica I=EuroDe I=EuroDe uidnpete uidnpete ou=Sales ou=Sales  Set the ou attribute on entries  Set the ou attribute on entries  Can still search based on ou  Can still search based on ou  changing ou just affects one entry, not directory hierarchy  changing ou just affects one entry, not directory hierarchy

43 LINSOL.ORG Designing the Name Space  Place entries in subtrees based on the type of entry, not just by organizational structure or geography  Place entries in subtrees based on the type of entry, not just by organizational structure or geography  For example:  For example:  inetoryPerson entries under ounPeople  inetoryPerson entries under ounPeople  Entries for groups under ou=Groups  Entries for groups under ou=Groups  Entries for machines under ou=Hosts  Entries for machines under ou=Hosts  Can use in addition to other schemes  Can use in addition to other schemes

44 LINSOL.ORG Defining the Name Space  The LDAP server will need to have your name space input in LDIF format  The LDAP server will need to have your name space input in LDIF format  You will need an entry for your root node  You will need an entry for your root node  You will need entries for any nodes which act only as containers for other entries  You will need entries for any nodes which act only as containers for other entries  Various object classes are useful  Various object classes are useful  domain, dcobject, country, locality, organization, organizationalunit  domain, dcobject, country, locality, organization, organizationalunit

45 LINSOL.ORG

46 Planning the Directory  A well-designed directory tree can make directory management much simpler  A well-designed directory tree can make directory management much simpler  Additional references which may be useful:  Additional references which may be useful:  Red Hat Directory Administrator's Guide  Red Hat Directory Administrator's Guide  Understanding and Dep/oying LDAP Directory Services by Timothy Howes, Mark Smith, and Gordon Good.  Understanding and Dep/oying LDAP Directory Services by Timothy Howes, Mark Smith, and Gordon Good.

Download ppt "LINSOL.ORG Red Hat Enterprise Linux Variants  Server:  Red Hat Enterprise Linux Advanced Platform  Red Hat Enterprise Linux  Client:  Red Hat Enterprise."

Similar presentations

Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Module 1: Introduction to Designing a Directory Services Infrastructure.

Module 1: Introduction to Designing a Directory Services Infrastructure.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
Distributed Computing COEN 317 DC2: Naming, part 1.

Distributed Computing COEN 317 DC2: Naming, part 1.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.

Similar presentations

Ads by Google