LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Active Directory: Final Solution to Enterprise System Integration

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

Layer 7- Application Layer

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

CIT 470: Advanced Network and System Administration

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Linux Operations and Administration

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

NSDI/NBII Clearinghouse Server Training Slide 1 NSDI/NBII Clearinghouse Server Training Yellowstone to Yukon Initiative 7. December University of.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

OU Passwords What they all mean. What is a password Webster’s Online Dictionary describes a password as “a sequence of characters required for access.

Name Resolution Domain Name System.

Computation for Physics 計算物理概論 Introduction to Linux.

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

Module 2: Implementing DNS to Support Active Directory

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

OpenLDAP: Building and Configuring CNS 4650 Fall 2004 Rev. 2.

Module 7 Active Directory and Account Management.

1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.

1 Network Information System (NIS). 2 Module – Network Information System (NIS) ♦ Overview This module focuses on configuring and managing Network Information.

Protocols COM211 Communications and Networks CDA College Olga Pelekanou

Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Linux Operations and Administration

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Securing Access to Data Using IPsec Josh Jones Cosc352.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

APACHE Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for Unix servers, the Apache Web server.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.

Introduction to SQL Server 2000 Security

Managing Software.

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Lecture 6: TCP/IP Networking By: Adal Alashban

Working at a Small-to-Medium Business or ISP – Chapter 7

Welcome To : Group 1 VC Presentation

Working at a Small-to-Medium Business or ISP – Chapter 7

Working at a Small-to-Medium Business or ISP – Chapter 7

A Network Operating System Edited By Maysoon AlDuwais

APACHE WEB SERVER.

Presentation transcript:

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA

INTRODUCTION CONFIGURATION INSTALLATION SECURITY ISSUES CONCLUSION

DIRECTORY SERVICE LDAP DESIGNED AT UNIVERSITY OF MICHIGAN EXIST AT THREE LEVELS BIG PUBLIC SERVERS LARGE ORGANIZATIONAL SERVERS SMALLER WORK GROUP SERVERS

INFORMATION ARRANGEMENT KIND REFERENCE ACCESS A Directory service structure for the internet. It has many features that make it ideal for providing network information services, including encryption support, access control lists, fast read access, etc.. LDAP will combine several systems that normally have to be maintained separately, such as NT authentication, UNIX authentication, MTA routing information, services/protocols/hosts information, network address books, etc.

The structure of an LDAP directory tree LDAP directory servers store their data hierarchically. As with DNS host names, an LDAP directory record's Distinguished Name (DN for short) is read from the individual entry, backwards through the tree, up to the top level. Prerequisite SoftwareVersions

THE ORGANIZATION ORGANIZATIONAL UNIT PERSON COUNTRY STATE A DIRECTORY TREE STRUCTURE

HOW DOES LDAP WORK ???? CLIENT SERVER MODEL TCP/IP OR ANY OTHER CONNECTION ORIENTED X.500,THE OSI DIRECTORY SERVICE

ABOUT Slapd Slurpd Slapd Supports strong authentication and data security SASL Transport layer security Topology control – TCP Wrappers Access Control Choice of database back ends

Threads Replication Single Configuration file Slurpd Replicated service Failed requests

Installing the LDAP Server Five steps are necessary to install the server: Install the pre-required packages (if not already installed). Download the server. Unpack the software. Configure the Makefiles. Build the server.

Downloading the package There are two free distributed LDAP servers: University of Michigan LDAP server and Open LDAP server It's latest tar gzipped version is available on the following address: If you want to get the latest version of University of Michigan Server, go to this address: ftp://terminator.rs.itd.umich.edu/ldap Installation contd.

Unpacking the software First copy the package to a desirable directory, for example /usr/local. Next use the following command: tar xvzf openldap tgz You can use this command too, as well: gunzip openldap tgz | tar xvf – Installation contd.

Configuring the software Type the following command on the directory where you unpacked the software:./configure --help This will print all options that you can customize with the configure script before you build the software. Normally if you run configure without options, it will auto-detect the appropriate settings and prepare to build things on the default common location. So just type:./configure Installation contd.

Building the server After configuring the software you can start building it. First build the dependencies, using the command: make depend Build the server after that, using the command: make To ensure a correct build, you should run the test suite make test Now install the binaries and man pages. You may need to be superuser to do this (depending on where you are installing things): su root -c 'make install' Installation contd.

Configuration All slapd (LDAP directory server) runtime configuration is accomplished through the slapd.conf file, installed in the prefix directory one specifies in the configuration script or by default in /usr/local/etc/openldap First create an /etc/openldap/slapd.confg file. You need to change the following line suffix “dc=mydomain, dc=com” rootdn “cn=admin, dc=mydomain, dc=com” rootpw {crypt}abjnggxhB/yWI

Configuration contd. The suffix is your “LDAP basename”. Common practice is to use your DNS domain name as your LDAP basename. The rootdn is adminstrator’s name, and rootpw is administrator’s password. You also need to change the /etc/ldap.conf and etc/openldap/ldap.conf to change the name of your LDAP server and your basename.

Configuration contd. Populating your server The easiest way to populate your LDAP server is that Padl Software which provides a free set of Perl scripts that migrate existing flat files. They are available from

Configuration contd. Setting up a LDAP client Edit the LDAP config files (/etc/ldap.conf and etc/openldap/ldap.conf ) to specify the server and your site’s basename. You can verify that you are connecting to the LDAP server correctly by running ldapsearch – x, which dumps the entire database. Finally, change the appropriate lines in /etc/nsswitch.conf to use the LDAP server as a data source.

USING LDAP CONNECTING LDAP SERVER NORMAL LDAP CONNECTION WORKS BY THE PORT 389 AUTHENTICATION METHODS DATA INTEGRITY AND CONFIDENTIALITY PROTECTION NETWORK SECURITY LDAPS

DATA INTEGRITY AND CONFIDENTIALITY PROTECTION LDAPv3 AND TSL NETWORK SECURITY SELECTIVE LISTENING IP FIREWALL AUTHENTICATION METHODS SIMPLE AND SASL TCP WRAPPERS

LDAPS VERIFICATION X.509 CERTIFICATES ALGORITHMS IN OPENSSL

LDAPv3 AND TLS RFC 2246 DESCRIBES TLS CLEANED UP AND STANDARDIZED VERSION OF SSL SWITCHING DATA INTEGRITY AND CONFIDENTIALITY PROTECTION SECURITY STRENGHT FACTORS SSF

AUTHENTICATION METHODS SIMPLE ANONYMOUS UNAUTHENTICATED AND USER/PASWORD AUTHENTICATED

SASL AN AUTHENTICATION FRAME WORK SNIFFING MECHANISMS LIKE CRAM-MD5 AND EXTERNAL

LDAP has broader applications, such as looking up services and devices on the Internet (and intranets). Netscape Communicator can store user preferences and bookmarks on an LDAP server. There is even a plan for linking all LDAP servers into a worldwide hierarchy, all searchable from your client. LDAP promises to save users and administrators time and frustration, making it easy for everyone to connect with people without frustrating searches for addresses and other trivia. Most LDAP servers are simple to install, easily maintained, and easily optimized The LDAP protocol is both cross-platform and standards-based

LDAP is particularly useful for storing information that you wish to read from many locations, but update infrequently If the answer to each of the following questions is Yes, then storing your data in LDAP is a good idea. Would you like your data to be available cross-platform? Do you need to access this data from a number of computers or applications? Do the individual records you're storing change a few times a day or less, on average? Does it make sense to store this type of data in a flat database instead of a relational database? That is, could you effectively store all the data for a given item in a single record?