1 st LDAP Conference 2007, Köln Germany 6-7 September 2007 Moving LDAP Writes to Web Services Kostas Kalevras National Technical University of Athens,

Slides:

Advertisements

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

Advertisements

Web Services & EAI.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Active Directory: Final Solution to Enterprise System Integration

Chapter 4 Chapter 4: Planning the Active Directory and Security.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

RSS RSS is a method that uses XML to distribute web content on one web site, to many other web sites. RSS allows fast browsing for news and updates.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

Understanding Active Directory

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Unity Connection 7.0 Directory Integration TOI Manoj Agrawal

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Presented By: Product Activation Group Syndication.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

Overview of Active Directory Domain Services Lesson 1.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Turkey IDA Info-Day PM Session, September 25, 2003 CIRCA 1 CIRCA : The IDA Collaborative Software Tool Grzegorz Ambroziewicz European Commission - DG Enterprise.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

Module 5: Managing Public Folders. Overview Managing Public Folder Data Managing Network Access to Public Folders Publishing an Outlook 2003 Form Discussion:

Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.

Design for Senior Project December 05, 2007 Raytheon_Design_Review.ppt 1 of 19 Raytheon – Google Earth Roy Daniels, Marc Maciel, Rifina Pierre Department.

Introducing Dreamweaver MX 2004

Tutorial 1 Getting Started with Adobe Dreamweaver CS3

CIS 375—Web App Dev II Microsoft’s.NET. 2 Introduction to.NET Steve Ballmer (January 2000): Steve Ballmer "Delivering an Internet-based platform of Next.

1 Web Server Administration Chapter 1 The Basics of Server and Web Server Administration.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

USM Regional PeopleSoft Conference

XRules An XML Business Rules Language Introduction Copyright © Waleed Abdulla All rights reserved. August 2004.

Module 7 Active Directory and Account Management.

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.

10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

VirtuaGrades A Web-Based Gradebook Application Don Tinsley CS 470 Project.

Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.

An Introduction to Web Services Web Services using Java / Session 1 / 2 of 21 Objectives Discuss distributed computing Explain web services and their.

14 1 Chapter 14 Web Database Development Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

Web Technologies Lecture 8 Server side web. Client Side vs. Server Side Web Client-side code executes on the end-user's computer, usually within a web.

WEB SERVER SOFTWARE FEATURE SETS

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

TOPIC 7.0 LINUX SERVICES AND CONFIGURATION. ROOT USER Root user is called “super user” because it has power far beyond those of mortal user. As root,

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Internet2 Base CAMP Topics in Middleware: Authentication.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.

JavaScript Invented 1995 Steve, Tony & Sharon. A Scripting Language (A scripting language is a lightweight programming language that supports the writing.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Stop Those Prying Eyes Getting to Your Data

Instructor Materials Chapter 5 Providing Network Services

Overview of Active Directory Domain Services

CollegeSource Security Application &

Client/Server Databases and the Oracle 10g Relational Database

Data Virtualization Tutorial… LDAP Domains in CIS

To Join the Teleconference

Introduction of Week 11 Return assignment 9-1 Collect assignment 10-1

Kamal Satish M Persistent Systems Pvt. Ltd. Pune

Chapter 9: Configuring Internet Explorer

Presentation transcript:

1 st LDAP Conference 2007, Köln Germany 6-7 September 2007 Moving LDAP Writes to Web Services Kostas Kalevras National Technical University of Athens, Network Operations Center Greek School Network National Technical University of Athens

NOC - NTUA 1 st LDAP Conference Köln, Agenda Greek School Network – E-School Development Environment Problems with direct LDAP writes Why move to Web Services LDAP Reads – Authentication LDAP User Management Service PHP API Conclusion

NOC - NTUA 1 st LDAP Conference Köln, Greek School Network Interconnects all Greek schools and provides Internet access Provides school and personal accounts , Dialup, VoIP, web pages services

NOC - NTUA 1 st LDAP Conference Köln, LDAP Service Based on Sun One Directory Server Central authentication repository for all user services Contains the Organizational Hierarchy 170,000 entries School accounts, teacher accounts Student accounts scheduled

NOC - NTUA 1 st LDAP Conference Köln, User Administration Central Web-based interface Written in PHP and Javascript Provides an object and form editor/creator One form is created per object type (object types are abstract types like student, teacher, adsl router, etc) LDAP tree browser and data manipulation (add, edit) forms are provided to administrators Delegated administration of entries

NOC - NTUA 1 st LDAP Conference Köln, Interface features Computed attributes based on other attribute values Computation formula: Any valid PHP expression or even function Attribute uniqueness Referential integrity Post operations (moving user home directories, welcome s, etc)

NOC - NTUA 1 st LDAP Conference Köln, E-School framework Services on top of the current network Provided services:  Web portal (sPortal) for student parents Parents register and can check out their child’s progress and status  PKI infrastructure  School Administration platform Move all school operations to the electronic world (student enrollment, classroom management, grading) Central personnel and student database Interface (.NET) running on all schools communicates changes with the central database

NOC - NTUA 1 st LDAP Conference Köln, New entry sources Old days: Accounts were created through the central web interface E-School: Accounts are created from more than one sources now:  sPortal creates parent accounts  School Administration platform creates teacher, student accounts and maintains the organizational hierarchy  School accounts (official school account) still need to be created ‘by hand’

NOC - NTUA 1 st LDAP Conference Köln, Why Direct LDAP access is bad Each service only knows it’s own little world (and attributes). sPortal for instance only needs a username/password pair and nothing more No easy way to perform post-operation tasks Apart from ACIs there’s no other control over what is written (no real constraints) Changes to the entry schema need to be integrated in ALL outside sources No way to expire an entry instead of deleting it Services code and operation are outside our administration domain

NOC - NTUA 1 st LDAP Conference Köln, Web Services to the rescue Create web service functional interface around the user interface Provide functions accessible through HTTP(s)-SOAP (declarations in WSDL) Web services written in PHP nuSoap Map all abstract operations (i.e. Parent Creation) to functions in the web services User interface provides general object interaction functions in PHP (ldap add/modify/delete) All complex features are already present and configured in the user interface

NOC - NTUA 1 st LDAP Conference Köln, Example createParent() Input: Parent name, surname, username, password Check arguments, username uniqueness Log all operations Call internal object creation routine Routine handles all complex operations (like computed attributes, etc) Output: Status Code, Error Message if present

NOC - NTUA 1 st LDAP Conference Köln, Advantages One function backend for both the e-school services and the user interface Complete logging is available. No more looking through million lines of directory server logs Computed attributes are available Pre and Post operation tasks can be performed (calling outside scripts/web services) All operations pass through a central point. We can set any constraints on the provided values

NOC - NTUA 1 st LDAP Conference Köln, Advantages (2) Outside service need not know our schema. They call a function with the minimum set of arguments. We can change the entry schema whenever we want We can have our own expiration policy. EntryDelete() could just set active=false WSDL is clear and precise. LDAP is abstract and parties need to agree on how to perform operations.

NOC - NTUA 1 st LDAP Conference Köln, LDAP Reads Web services could be used for complex reads too One function for every complex search operation Group Membership, LDAP browsing are perfect candidates Advantage: Schema abstraction, functional interface DSML could be used to carry back entry information

NOC - NTUA 1 st LDAP Conference Köln, Authentication HTTP authentication is used Credentials are mapped to LDAP entries Web Service binds with the HTTP credentials Which credentials to use?  Special service user in case of synchronization mechanisms  User entry for which the operation is requested (i.e. change password operation)

NOC - NTUA 1 st LDAP Conference Köln, LDAP User Management Service (LUMS) A PHP LDAP Entry Management API has been created for another project Provides:  A set of basic LDAP API functions (search, add, delete, modify, rename, change password)  A strong configuration language Administrator defines ldap object types and their corresponding attributes

NOC - NTUA 1 st LDAP Conference Köln, LDAP User Management Service (2) Options available for each attribute  Define as required, multivalued  Set attribute type (string, binary, dn, telephone, , etc)  Define attribute value source: User inserted, constant, auto increment, function created  Allow for attribute uniqueness  Define extra syntax checking function  Define virtual attributes which can be used to create attribute mappings Pre and Post operation functions can be defined Automatic handling of non English charsets

NOC - NTUA 1 st LDAP Conference Köln, LDAP and XML integration DSML has been available for quite some time and is starting to get used XML Enabled Directory envision moving the entire LDAP protocol to XML space Looks like LDAP and XML integration will be even tighter in the near future

NOC - NTUA 1 st LDAP Conference Köln, Conclusion A web service functional interface can provide significant benefits if:  There are more than one entry sources  Sources are heterogeneous and possibly multiplatform  Sources are usually outside out administration domain and control  Information synchronization is not based on human interaction  A strong and configurable LDAP API is provided for use by the Web Service

NOC - NTUA 1 st LDAP Conference Köln, References Greek School Network: NTUA NOC: LUMS: Blog:

NOC - NTUA 1 st LDAP Conference Köln, Thank you!