developer conference 2011 jan včelák
TRANSCRIPT
![Page 1: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/1.jpg)
OpenLDAPDeveloper Conference 2011
Jan VčelákPRESENTED BY:
Red Hat
Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) http://creativecommons.org/licenses/by-sa/3.0/
![Page 2: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/2.jpg)
topics
● what is LDAP
● database structure
● difference from other Dbs
● server architecture
● data distrubution
● configuration
![Page 3: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/3.jpg)
LDAP
● Lightweight Directory Access Protocol
● X.500 (DAP, DSP, DISP, DOP)
● address book
● user management
● authentication (password, SSH key, ...)
● central configuration (DNS, DHCP, autofs, ...)
● authentication backend (Kerberos, Radius, ...)
● ....
![Page 4: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/4.jpg)
Directory Information Tree
dc=example,dc=com
ou=Development ou=Accounting ou=Sales
cn=John Doecn=Jan Novák
l=New Yorkl=Brno
![Page 5: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/5.jpg)
entries
● DN (Distinguish Name)● RDN (Relative Distinguish Name)
cn=John Doe,ou=Sales,l=New York,dc=example,dc=com
![Page 6: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/6.jpg)
LDIF
dn: uid=jdoe,dc=example,dc=comobjectClass: topobjectClass: personobjectClass: inetOrgPersoncn: John Doesn: Doeuid: fbargivenName: JohnuserPassword: secretdepartmentNumber: 2220mobile: +1 213 151-5816mail: [email protected];binary:: MIIBvjCCASegAwIBAgIBAjANBgkqhki G9w0BAQQFADAnMQ8wDQYDVQQDEwZjb25maWcxFDASBgNVBAMTC01NUi BDQSBDZXJ0MB4XDTAxMDQwNTE1NTEwNloXDTExMDcw...
![Page 7: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/7.jpg)
schema – classes
objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
![Page 8: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/8.jpg)
schema – attributes
attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
![Page 9: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/9.jpg)
difference from other DBs
● data organization
● data operations
● referential integrity● transactions
● distribution by design
● schema
![Page 10: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/10.jpg)
OpenLDAP server architecture
overlays
LDAP operations
backends
request
storage
![Page 11: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/11.jpg)
available modules
accesslogauditlogback_sqlchaincollectconstraintddsderef
rwmseqmodsmbk5pwdsssvlvsyncprovtranslucentuniquevalsort
dyngroupdynlistmemberofpbindpcacheppolicyrefintretcode
![Page 12: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/12.jpg)
data distribution - referrals
dc=example,dc=com
l=New York,dc=example,
dc=com
l=Brno,dc=example,
dc=com
![Page 13: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/13.jpg)
data distribution - replication
l=Brno,dc=example,
dc=com
l=Brno,dc=example,
dc=com
ldap.brno.example.com ldap-backup.brno.example.com
![Page 14: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/14.jpg)
configuration
● cn=config
● since 2.3● LDIF backend - /etc/openldap/slapd.d● on-the-fly modification● man slapd-config
● /etc/openldap/slapd.conf
● works – but please, do not use● man slapd.conf
![Page 15: Developer Conference 2011 Jan Včelák](https://reader036.vdocuments.mx/reader036/viewer/2022062620/62b6ef081a820c2dd30ba280/html5/thumbnails/15.jpg)
Questions?
Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) http://creativecommons.org/licenses/by-sa/3.0/