Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.

Published byTyrone McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22."— Presentation transcript:

1 LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22

2 2 Outline Motivation Related Work Directory Service X.500 LDAP Depiction Architecture LDIT Implementation Conclusion Reference

3 3 Motivation User Mail server Web server FTP server Application server Samba server Account

4 4 Motivation (cont) Each services has its own configuration file or resource record A server doesn’t have many services Administration (ex: account) Data repetitively.

5 5 Related Work Directory services (DS) A set of applications Stores and organizes information about a computer network's users and network resources X.500 X.500 is a series of computer networking standards covering electronic directory services

6 6 Directory services

7 7 X.500 A hierarchical organization of entries which is distributed across one or more servers

8 8 LDAP Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. Optimized for lookups Much higher read ratio More easily extended Implementation Software OpenLDAP

9 9 Application

10 10 Application (cont) Internet Client LDAP server Client FTP server Samba server Mail server NAT Switch

11 11 History RFC 1777 Lightweight Directory Access Protocol (v1) RFC 2251-2256 Lightweight Directory Access Protocol (v3) RFC 2829 Authentication Methods for LDAP RFC 2830 Lightweight Directory Access Protocol (v3) : Extension for Transport Layer Security RFC 3377 Lightweight Directory Access Protocol (v3) : Technical Specification

12 12 Background Relatively simple protocol (X.500 was heavy weighted). Universal design for directory services. Application TCP UDP IP Physical media TCP/IP Protocol LDAP Application Presentatio n Session Transport Network Data link Physical X.500 OSI protocol Internet

13 13 Depiction An LDAP directory is organized in a simple tree hierarchy consisting. LDAP directory can be distributed among many servers. Company Department_BDepartment_A employee

14 14 DIT Directory Information Tree (DIT) Entity Describes an object (Class) Ex: people, devices Class Attribute A type/syntax and a value Value

15 15 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber:555-1234 The attribute and value of the property

16 16 LDAP Interchange Format LDIF (LDAP Interchange Format) RFC 2849 A set of entry Attribute and value Stores configuration information of LDAP and stand text format of directory More instruction Schema

17 17 Schema Defines what object classes allowed Where they are stored What attributes they have (objectClass) Which attributes are optional (objectClass) Type/syntax of each attribute (objectClass)

18 18 Schema (cont) objectClass:person cn,sn userPassword telephoneNumber seeAlso description objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) core.schema

19 19 LDAP Interchange Format (cont) DN (Distinguished Name): A record RDN (Relative Distinguished Name): cn and value of cn CN (Common Name): Name OU (Organizational Unit) : DC (Domain Component) :

20 20 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber:555-1234 The attribute and value of the property LDIF dn: cn=alice,dc=john, dc=ipv6,dc=club, dc=tw objectClass: person sn=: carter telephoneNumber: 555-1234

21 21 Model Information model Basic unit: Entry DIT (Directory information Tree) Naming model Define entry or data of DIT by RDN (Relative distinguished name) DN (distinguished name) Functional model Define data operating procedure Security model Authentication mechanism ACL (Access control list)

22 22 Implementation OpenLDAP OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. http://www.openldap.org/ Experimental Version OpenLDAP-server-2.3.37 Download http://www.openldap.org/software/download/

23 23 Configuration file slapd.conf (/usr/local/etc/openldap/) Schema Log record SSL/TLS Database area ACL

24 24 Configuration file - schema SchemaDescript core.schema OpenLDAP core (required) RFC 2251~2256 inetorgperson.schema InetOrgPerson (useful) RFC 2798 cosine.schema Cosine and Internet X.500 (useful) RFC 1274 misc.schemaAssorted (experimental) nis.schema Network Information Services (FYI) RFC 2307 Path : /usr/local/etc/openldap/schema/

25 25 Configuration file – database area Database variableDescript bdbBerkeley DB ldbmGNU Database Manager passwdSystem password file shellExport database

26 26 Configuration file – database area Define database dabatase bdb Define root suffix Suffix“dc=john,dc=ipv6,dc=club,dc=tw” Define root DN rootdn“cn=admin, dc=john,dc=ipv6,dc=club,dc=tw” Define root passwd rootpwXXX Define directory path Directory/var/db/xxx/

27 27 White page LDAP DIT dc=john,dc=ipv6, dc=club, dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john,dc=ipv6, dc=club, dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber:555-1234 The attribute and value of the property LDIT dn: cn=alice,dc=john,dc=ipv6, dc=club, dc=tw objectClass: person sn=: carter telephoneNumber: 555-1234

28 28 White page (cont) people.ldif #create root dn: dc=john,dc=ipv6,dc=club,dc=tw dc: john objectClass: dcObject objectClass: organizationalUnit #create ou dn: ou=people, dc=john,dc=ipv6,dc=club,dc=tw ou: people objectClass: organizationalUnit #create person dn: cn=alice, ou=people, dc=john,dc=ipv6,dc=club,dc=tw cn:alice objectClass: person sn: carter telephoneNumber:555-1234

29 29 Instruction Start /usr/local/libexec/slapd Input data slapadd –v- l /xxx/people.ldif Show data ldapsearch –x –b “dc=john,dc=ipv6,dc=club,dc=tw”

30 30 Instruction (cont) Offline tools slapadd, slapcat, slapindex, slappasswd Online tools ldapsearch, ldapadd, ldapdelete, ldapmodify, ldapmodrdn

31 31 Conclusion Used to access and update information in a directory built on the X.500 model Specification defines the content of messages between the client and the server Includes operations to establish and disconnect a session from the server

32 32 Reference Lightweight Directory Access Protocol RFC 2251 OpenLDAP http://www.openldap.org/ LDAP system Administration Gerald Carter, O’REILLY, 2003

Download ppt "LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22."

Similar presentations

LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.

Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.
Directory services Unit objectives

Directory services Unit objectives
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Similar presentations

Ads by Google