Presentation is loading. Please wait.

Presentation is loading. Please wait.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA."— Presentation transcript:

1 LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA

2 INTRODUCTION CONFIGURATION INSTALLATION SECURITY ISSUES CONCLUSION

3 DIRECTORY SERVICE LDAP DESIGNED AT UNIVERSITY OF MICHIGAN EXIST AT THREE LEVELS BIG PUBLIC SERVERS LARGE ORGANIZATIONAL SERVERS SMALLER WORK GROUP SERVERS

4 INFORMATION ARRANGEMENT KIND REFERENCE ACCESS A Directory service structure for the internet. It has many features that make it ideal for providing network information services, including encryption support, access control lists, fast read access, etc.. LDAP will combine several systems that normally have to be maintained separately, such as NT authentication, UNIX authentication, MTA routing information, services/protocols/hosts information, network address books, etc.

5 The structure of an LDAP directory tree LDAP directory servers store their data hierarchically. As with DNS host names, an LDAP directory record's Distinguished Name (DN for short) is read from the individual entry, backwards through the tree, up to the top level. Prerequisite SoftwareVersions

6 THE ORGANIZATION ORGANIZATIONAL UNIT PERSON COUNTRY STATE A DIRECTORY TREE STRUCTURE

7 HOW DOES LDAP WORK ???? CLIENT SERVER MODEL TCP/IP OR ANY OTHER CONNECTION ORIENTED X.500,THE OSI DIRECTORY SERVICE

8 ABOUT Slapd Slurpd Slapd Supports strong authentication and data security SASL Transport layer security Topology control – TCP Wrappers Access Control Choice of database back ends

9 Threads Replication Single Configuration file Slurpd Replicated service Failed requests

10 Installing the LDAP Server Five steps are necessary to install the server: Install the pre-required packages (if not already installed). Download the server. Unpack the software. Configure the Makefiles. Build the server.

11 Downloading the package There are two free distributed LDAP servers: University of Michigan LDAP server and Open LDAP server It's latest tar gzipped version is available on the following address: http://www.openldap.org If you want to get the latest version of University of Michigan Server, go to this address: ftp://terminator.rs.itd.umich.edu/ldap Installation contd.

12 Unpacking the software First copy the package to a desirable directory, for example /usr/local. Next use the following command: tar xvzf openldap-2.2.5.tgz You can use this command too, as well: gunzip openldap-2.2.5.tgz | tar xvf – Installation contd.

13 Configuring the software Type the following command on the directory where you unpacked the software:./configure --help This will print all options that you can customize with the configure script before you build the software. Normally if you run configure without options, it will auto-detect the appropriate settings and prepare to build things on the default common location. So just type:./configure Installation contd.

14 Building the server After configuring the software you can start building it. First build the dependencies, using the command: make depend Build the server after that, using the command: make To ensure a correct build, you should run the test suite make test Now install the binaries and man pages. You may need to be superuser to do this (depending on where you are installing things): su root -c 'make install' Installation contd.

15 Configuration All slapd (LDAP directory server) runtime configuration is accomplished through the slapd.conf file, installed in the prefix directory one specifies in the configuration script or by default in /usr/local/etc/openldap First create an /etc/openldap/slapd.confg file. You need to change the following line suffix “dc=mydomain, dc=com” rootdn “cn=admin, dc=mydomain, dc=com” rootpw {crypt}abjnggxhB/yWI

16 Configuration contd. The suffix is your “LDAP basename”. Common practice is to use your DNS domain name as your LDAP basename. The rootdn is adminstrator’s name, and rootpw is administrator’s password. You also need to change the /etc/ldap.conf and etc/openldap/ldap.conf to change the name of your LDAP server and your basename.

17 Configuration contd. Populating your server The easiest way to populate your LDAP server is that Padl Software which provides a free set of Perl scripts that migrate existing flat files. They are available from www.padl.com/tools.html

18 Configuration contd. Setting up a LDAP client Edit the LDAP config files (/etc/ldap.conf and etc/openldap/ldap.conf ) to specify the server and your site’s basename. You can verify that you are connecting to the LDAP server correctly by running ldapsearch – x, which dumps the entire database. Finally, change the appropriate lines in /etc/nsswitch.conf to use the LDAP server as a data source.

19 USING LDAP CONNECTING LDAP SERVER NORMAL LDAP CONNECTION WORKS BY THE PORT 389 AUTHENTICATION METHODS DATA INTEGRITY AND CONFIDENTIALITY PROTECTION NETWORK SECURITY LDAPS

20 DATA INTEGRITY AND CONFIDENTIALITY PROTECTION LDAPv3 AND TSL NETWORK SECURITY SELECTIVE LISTENING IP FIREWALL AUTHENTICATION METHODS SIMPLE AND SASL TCP WRAPPERS

21 LDAPS VERIFICATION X.509 CERTIFICATES ALGORITHMS IN OPENSSL

22 LDAPv3 AND TLS RFC 2246 DESCRIBES TLS CLEANED UP AND STANDARDIZED VERSION OF SSL SWITCHING DATA INTEGRITY AND CONFIDENTIALITY PROTECTION SECURITY STRENGHT FACTORS SSF

23 AUTHENTICATION METHODS SIMPLE ANONYMOUS UNAUTHENTICATED AND USER/PASWORD AUTHENTICATED

24 SASL AN AUTHENTICATION FRAME WORK SNIFFING MECHANISMS LIKE CRAM-MD5 AND EXTERNAL

25 LDAP has broader applications, such as looking up services and devices on the Internet (and intranets). Netscape Communicator can store user preferences and bookmarks on an LDAP server. There is even a plan for linking all LDAP servers into a worldwide hierarchy, all searchable from your client. LDAP promises to save users and administrators time and frustration, making it easy for everyone to connect with people without frustrating searches for email addresses and other trivia. Most LDAP servers are simple to install, easily maintained, and easily optimized The LDAP protocol is both cross-platform and standards-based

26 LDAP is particularly useful for storing information that you wish to read from many locations, but update infrequently If the answer to each of the following questions is Yes, then storing your data in LDAP is a good idea. Would you like your data to be available cross-platform? Do you need to access this data from a number of computers or applications? Do the individual records you're storing change a few times a day or less, on average? Does it make sense to store this type of data in a flat database instead of a relational database? That is, could you effectively store all the data for a given item in a single record?

Download ppt "LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Layer 7- Application Layer

Layer 7- Application Layer
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Linux Operations and Administration

Linux Operations and Administration
Managing Client Access

Managing Client Access

Similar presentations

Ads by Google