ldap
DESCRIPTION
TRANSCRIPT
![Page 1: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/1.jpg)
Lightweight Directory Access Protocol
![Page 2: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/2.jpg)
Page 2
Outline
o Introduction
o Directory vs Database
o Current directory
o Directory features
o History
o Understanding LDAP Information model
Naming model
Ldap directory structure
Functional model
Security Model
Replication model
o LDAP software
o Configure a LDAP on a server
o Conclusion
![Page 3: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/3.jpg)
Page 3
Introduction (1/2)
To improve functionality and ease-of-use, and to enable cost-effective administration of distributed applications:
information about the services: resources users and other objects accessible from the applications
needs to be organized in a clear and consistent manner.
Much of this information can be shared among many applications.
![Page 4: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/4.jpg)
Page 4
Introduction (2/2)
But it must also be protected
Such information is often collected into a special database that is sometimes called a directory.
The Lightweight Directory Access Protocol (LDAP) is an open industry standard that has evolved to meet these needs
.
![Page 5: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/5.jpg)
Page 5
Before moving to the following!!!!
What is a Directories Is it a data base as commonly saidLet us knowing the difference
Directory vs Database
![Page 6: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/6.jpg)
Page 6
Directory vs Database!!!!(1/2)
o A directory is often described as a database
oBut it has special characteristics different from general databases:
They are accessed much more than they are updated. And they are optimized for read access
They are not suited for information that changes rapidly
(number of jobs in a printer queue)
![Page 7: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/7.jpg)
Page 7
Directory vs Database!!!!(2/2)
Many directory services don’t support transactions
Directories normally limits the type of information that can be stored
Databases use powerful query languages like SQL but Directories normally use very simple access methods
Hence directories can be optimized to economically provide more applications with rapid access
![Page 8: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/8.jpg)
Page 8
Current directories
o Paper Directories
Phonebook
Address Book
Sales Catalog
o Electronic Directories
DNS
Windows registry
![Page 9: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/9.jpg)
Page 9
Directory features
oA directory is a listing of information about objects arranged in some order that gives details about each object.
o Dynamic (real time update)
o Flexible (easy change of type and data organization)
o Secure (who sees what)
o Personalized (how to present data,…)
![Page 10: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/10.jpg)
Page 10
History:(1/2)
![Page 11: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/11.jpg)
Page 11
History:(2/2)
o LDAP version 3
Consideration of special characters
Security : SASL authentication and TLS encryption (Transport Layer Security)
Overloading operations
![Page 12: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/12.jpg)
Page 12
Understanding LDAP?(1/2)
What’s LDAP!!! Lightweight Directory Access Protocol
An application protocol for querying and modifying directory services running over TCP/IP
Information Structure of information stored in an LDAP directory.
![Page 13: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/13.jpg)
Page 13
Understanding LDAP?(2/2)
Naming • How information is organized and identified.
Functional / Operations• Describes what operations can be performed on the
information stored in an LDAP directory.
Security Describes how the information can be protected from
unauthorized access.
![Page 14: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/14.jpg)
Page 14
Information model
o Based on X.500 model
o Information stored in DIT (Directory Information Tree)
Hierarchical model
o An entry contains a set of attributes
type of attribute- attribute value(s)
![Page 15: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/15.jpg)
Page 15
Each Tree has
o DIT ( Directory Information Tree) : top of the Tree
o Nodes called DSE (Directory service Entry)
o RootDSE (contains a description of the tree and its content), specific to each LDAP server
![Page 16: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/16.jpg)
Page 16
Each entry is an object
Attribute
Attribute
Attribute
Entry
Type
Value Value
Value
![Page 17: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/17.jpg)
Page 17
Two types of attributes
o Normal attributes : accessible to users
(givenname attribute)
o Operational attributes : used only for server administration data
(modifyTimeStamp attribute )
![Page 18: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/18.jpg)
Page 18
An attribute is characterized by
Name
Object Identifier (OID)
If single or multi-valued attribute
Syntax and comparison rules
Use indicator
size limit value
![Page 19: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/19.jpg)
Page 19
Object class
o Contains real or abstract objects
o It characterizes them by a list of optional and required attributes
o All object classes are contained in the directory schema
![Page 20: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/20.jpg)
Page 20
An object class is defined by
o A name that identifies
o An OID that also identifies
o Required attributes
o Optional attributes
o A type (structural, auxiliary or abstract)
![Page 21: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/21.jpg)
Page 21
Three types of object class
Contains objects that can add
additional informations to
structural objects
Description of basic objects in the directory.
An entry belongs always at least to
one structural object class
Contains basic LDAP objects like
top or alias
Structural class Auxiliary class Abstract class
![Page 22: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/22.jpg)
Page 22
Naming model
o Naming constraints to ensure interoperability between directories
o Each entry is uniquely identified by:
Relative Distinguished Name (RDNs)
Distinguished Name (DN)
![Page 23: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/23.jpg)
Page 23
LDAP Data Interchange Format (LDIF)
o LDAP data represented in standard text format
o It is used to view or edit the data base
o The format used is ASCII, binary data are encoded in base 64
o LDIF is used : to import / export base
to make changes to entries
![Page 24: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/24.jpg)
Page 24
LDAP directory structure
![Page 25: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/25.jpg)
Page 25
Example
![Page 26: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/26.jpg)
Page 26
Functional model
o The functional model describes how to access data
o Update functions : add, modify, delete, rename
o Session functions : bind, unbind
![Page 27: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/27.jpg)
Page 27
Basic operations
LDAP operation Description
Search search directory objects using criteria
Compare comparing the contents of two objects
Add Adding an entry
Modify modifying the contents of an entry
Delete Deleting an object
Rename (Modify DN) modifying the DN of an entry
Bind server connection
Unbind logout
Abandon Giving up a running operation
Extended extended operation (v3)
![Page 28: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/28.jpg)
Page 28
Search/compare queries parameters
Parameter Description
base object the location of the tree where the search must begin
scope depth research
derefAliases if you follow the links or not
size limit limit number of responses
time limit maximum time allocated for research
attrOnly returns or not the value of attributes in addition to their type
search filter Search Filter
list of attributes list of attributes that you want to know
![Page 29: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/29.jpg)
Page 29
Security model
o Define for each user data access rights (authentication control list access)
o Ensuring the confidentiality of trade (encryption)
![Page 30: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/30.jpg)
Page 30
Replication model
o Duplicate a directory on multiple servers
o Prevent network outages, overload ofservice or the server crashes
o Master-slave structure
![Page 31: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/31.jpg)
Page 31
LDAP software
o Server software
OpenLDAP server
Netscape Directory Server
IBM's DSSeries LDAP Directory
o Client software
Netscape Communicator
Microsoft Outlook
![Page 32: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/32.jpg)
Page 32
Configure a LDAP on a server
Installation of the package slapd and ldap-utils:
Modifying the configuration:
A password for the administrator:
Edit the configuration file «/etc/ldap/slapd.conf »
suffix "dc=example,dc=com" directory "/var/lib/ldap" rootdn "cn=admin,dc=example,dc=com" rootpw {SSHA}d2BamRTgBuhC6SxC0vFGWol31ki8iq5m
sudo apt-get install slapd ldap-utils
sudo dpkg-reconfigure slapd
sudo slappasswd
![Page 33: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/33.jpg)
Page 33
Conclusion
o LDAP can become the information system key now
o LDAP is available on many types of platforms
o It can centralize information from different sources for different applications and different users
o To simplify data management
![Page 34: Ldap](https://reader033.vdocuments.mx/reader033/viewer/2022061206/5477f772b4af9ff0358b4601/html5/thumbnails/34.jpg)
Page 34
Thanks for your attention ..