LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.

Slides:



Advertisements
Similar presentations
LDAP Lightweight Directory Access Protocol LDAP.
Advertisements

Active Directory: Final Solution to Enterprise System Integration
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Directory & Naming Services CS-328 Dick Steflik. A Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Authenticating REST/Mobile clients using LDAP and OERealm
CIT 470: Advanced Network and System Administration
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.
Directory services Unit objectives
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.
SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.
The Directory A distributed database Distributed maintenance.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Module 7 Active Directory and Account Management.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
The DSpace Course Module – Configuring LDAP. Module objectives  By the end of this module you will:  Understand how DSpace uses LDAP for authentication.
Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.
LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
Identity Management Technical Training LDAP and Directory Services Joachim Andres Guillaume Andru Renaud Métrich Sun Microsystems, Inc.
1 COP 4343 Unix System Administration Unit 13: LDAP.
AACLS Documentation LDAP and releasing information issue ACL and ACI AACLS Model Physical Architecture Logical Architecture Example : a French university.
LDAP (Lightweight Directory Access Protocol)
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Lightweight Directory Access Protocol Objectives –This chapter will first show you how to install and use LDAP Contents –The LDAP Database Structure –Scenario.
1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.
LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.
Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport
CIT 470: Advanced Network and System Administration
Introduction to LDAP Frank A. Kuse.
Overview of Active Directory Domain Services
LDAP
(ITI310) SESSIONS 6-7-8: Active Directory.
CONFIGURING LDAP Authentication (rsso 9.1)
gLite Information System
Index Object Schema and Replication Infrastructure
Working at a Small-to-Medium Business or ISP – Chapter 7
Implementation and configuration of LDAP
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Querying Active Directory From SSRS
CEG 2400 Fall 2012 Directory Services - LDAP
LDAP – Light Weight Directory Access Protocol
Introduction to Name and Directory Services
CIT 470: Advanced Network and System Administration
EGEE Middleware: gLite Information Systems (IS)
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
Introduction to Active Directory Directory Services
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL
Presentation transcript:

LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22

2 Outline Motivation Related Work Directory Service X.500 LDAP Depiction Architecture LDIT Implementation Conclusion Reference

3 Motivation User Mail server Web server FTP server Application server Samba server Account

4 Motivation (cont) Each services has its own configuration file or resource record A server doesn’t have many services Administration (ex: account) Data repetitively.

5 Related Work Directory services (DS) A set of applications Stores and organizes information about a computer network's users and network resources X.500 X.500 is a series of computer networking standards covering electronic directory services

6 Directory services

7 X.500 A hierarchical organization of entries which is distributed across one or more servers

8 LDAP Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. Optimized for lookups Much higher read ratio More easily extended Implementation Software OpenLDAP

9 Application

10 Application (cont) Internet Client LDAP server Client FTP server Samba server Mail server NAT Switch

11 History RFC 1777 Lightweight Directory Access Protocol (v1) RFC Lightweight Directory Access Protocol (v3) RFC 2829 Authentication Methods for LDAP RFC 2830 Lightweight Directory Access Protocol (v3) : Extension for Transport Layer Security RFC 3377 Lightweight Directory Access Protocol (v3) : Technical Specification

12 Background Relatively simple protocol (X.500 was heavy weighted). Universal design for directory services. Application TCP UDP IP Physical media TCP/IP Protocol LDAP Application Presentatio n Session Transport Network Data link Physical X.500 OSI protocol Internet

13 Depiction An LDAP directory is organized in a simple tree hierarchy consisting. LDAP directory can be distributed among many servers. Company Department_BDepartment_A employee

14 DIT Directory Information Tree (DIT) Entity Describes an object (Class) Ex: people, devices Class Attribute A type/syntax and a value Value

15 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber: The attribute and value of the property

16 LDAP Interchange Format LDIF (LDAP Interchange Format) RFC 2849 A set of entry Attribute and value Stores configuration information of LDAP and stand text format of directory More instruction Schema

17 Schema Defines what object classes allowed Where they are stored What attributes they have (objectClass) Which attributes are optional (objectClass) Type/syntax of each attribute (objectClass)

18 Schema (cont) objectClass:person cn,sn userPassword telephoneNumber seeAlso description objectclass ( NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) core.schema

19 LDAP Interchange Format (cont) DN (Distinguished Name): A record RDN (Relative Distinguished Name): cn and value of cn CN (Common Name): Name OU (Organizational Unit) : DC (Domain Component) :

20 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber: The attribute and value of the property LDIF dn: cn=alice,dc=john, dc=ipv6,dc=club, dc=tw objectClass: person sn=: carter telephoneNumber:

21 Model Information model Basic unit: Entry DIT (Directory information Tree) Naming model Define entry or data of DIT by RDN (Relative distinguished name) DN (distinguished name) Functional model Define data operating procedure Security model Authentication mechanism ACL (Access control list)

22 Implementation OpenLDAP OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Experimental Version OpenLDAP-server Download

23 Configuration file slapd.conf (/usr/local/etc/openldap/) Schema Log record SSL/TLS Database area ACL

24 Configuration file - schema SchemaDescript core.schema OpenLDAP core (required) RFC 2251~2256 inetorgperson.schema InetOrgPerson (useful) RFC 2798 cosine.schema Cosine and Internet X.500 (useful) RFC 1274 misc.schemaAssorted (experimental) nis.schema Network Information Services (FYI) RFC 2307 Path : /usr/local/etc/openldap/schema/

25 Configuration file – database area Database variableDescript bdbBerkeley DB ldbmGNU Database Manager passwdSystem password file shellExport database

26 Configuration file – database area Define database dabatase bdb Define root suffix Suffix“dc=john,dc=ipv6,dc=club,dc=tw” Define root DN rootdn“cn=admin, dc=john,dc=ipv6,dc=club,dc=tw” Define root passwd rootpwXXX Define directory path Directory/var/db/xxx/

27 White page LDAP DIT dc=john,dc=ipv6, dc=club, dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john,dc=ipv6, dc=club, dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber: The attribute and value of the property LDIT dn: cn=alice,dc=john,dc=ipv6, dc=club, dc=tw objectClass: person sn=: carter telephoneNumber:

28 White page (cont) people.ldif #create root dn: dc=john,dc=ipv6,dc=club,dc=tw dc: john objectClass: dcObject objectClass: organizationalUnit #create ou dn: ou=people, dc=john,dc=ipv6,dc=club,dc=tw ou: people objectClass: organizationalUnit #create person dn: cn=alice, ou=people, dc=john,dc=ipv6,dc=club,dc=tw cn:alice objectClass: person sn: carter telephoneNumber:

29 Instruction Start /usr/local/libexec/slapd Input data slapadd –v- l /xxx/people.ldif Show data ldapsearch –x –b “dc=john,dc=ipv6,dc=club,dc=tw”

30 Instruction (cont) Offline tools slapadd, slapcat, slapindex, slappasswd Online tools ldapsearch, ldapadd, ldapdelete, ldapmodify, ldapmodrdn

31 Conclusion Used to access and update information in a directory built on the X.500 model Specification defines the content of messages between the client and the server Includes operations to establish and disconnect a session from the server

32 Reference Lightweight Directory Access Protocol RFC 2251 OpenLDAP LDAP system Administration Gerald Carter, O’REILLY, 2003

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.