ldap
DESCRIPTION
TRANSCRIPT
Lightweight Directory Access Protocol
Page 2
Outline
o Introduction
o Directory vs Database
o Current directory
o Directory features
o History
o Understanding LDAP Information model
Naming model
Ldap directory structure
Functional model
Security Model
Replication model
o LDAP software
o Configure a LDAP on a server
o Conclusion
Page 3
Introduction (1/2)
To improve functionality and ease-of-use, and to enable cost-effective administration of distributed applications:
information about the services: resources users and other objects accessible from the applications
needs to be organized in a clear and consistent manner.
Much of this information can be shared among many applications.
Page 4
Introduction (2/2)
But it must also be protected
Such information is often collected into a special database that is sometimes called a directory.
The Lightweight Directory Access Protocol (LDAP) is an open industry standard that has evolved to meet these needs
.
Page 5
Before moving to the following!!!!
What is a Directories Is it a data base as commonly saidLet us knowing the difference
Directory vs Database
Page 6
Directory vs Database!!!!(1/2)
o A directory is often described as a database
oBut it has special characteristics different from general databases:
They are accessed much more than they are updated. And they are optimized for read access
They are not suited for information that changes rapidly
(number of jobs in a printer queue)
Page 7
Directory vs Database!!!!(2/2)
Many directory services don’t support transactions
Directories normally limits the type of information that can be stored
Databases use powerful query languages like SQL but Directories normally use very simple access methods
Hence directories can be optimized to economically provide more applications with rapid access
Page 8
Current directories
o Paper Directories
Phonebook
Address Book
Sales Catalog
o Electronic Directories
DNS
Windows registry
Page 9
Directory features
oA directory is a listing of information about objects arranged in some order that gives details about each object.
o Dynamic (real time update)
o Flexible (easy change of type and data organization)
o Secure (who sees what)
o Personalized (how to present data,…)
Page 10
History:(1/2)
Page 11
History:(2/2)
o LDAP version 3
Consideration of special characters
Security : SASL authentication and TLS encryption (Transport Layer Security)
Overloading operations
Page 12
Understanding LDAP?(1/2)
What’s LDAP!!! Lightweight Directory Access Protocol
An application protocol for querying and modifying directory services running over TCP/IP
Information Structure of information stored in an LDAP directory.
Page 13
Understanding LDAP?(2/2)
Naming • How information is organized and identified.
Functional / Operations• Describes what operations can be performed on the
information stored in an LDAP directory.
Security Describes how the information can be protected from
unauthorized access.
Page 14
Information model
o Based on X.500 model
o Information stored in DIT (Directory Information Tree)
Hierarchical model
o An entry contains a set of attributes
type of attribute- attribute value(s)
Page 15
Each Tree has
o DIT ( Directory Information Tree) : top of the Tree
o Nodes called DSE (Directory service Entry)
o RootDSE (contains a description of the tree and its content), specific to each LDAP server
Page 16
Each entry is an object
Attribute
Attribute
Attribute
Entry
Type
Value Value
Value
Page 17
Two types of attributes
o Normal attributes : accessible to users
(givenname attribute)
o Operational attributes : used only for server administration data
(modifyTimeStamp attribute )
Page 18
An attribute is characterized by
Name
Object Identifier (OID)
If single or multi-valued attribute
Syntax and comparison rules
Use indicator
size limit value
Page 19
Object class
o Contains real or abstract objects
o It characterizes them by a list of optional and required attributes
o All object classes are contained in the directory schema
Page 20
An object class is defined by
o A name that identifies
o An OID that also identifies
o Required attributes
o Optional attributes
o A type (structural, auxiliary or abstract)
Page 21
Three types of object class
Contains objects that can add
additional informations to
structural objects
Description of basic objects in the directory.
An entry belongs always at least to
one structural object class
Contains basic LDAP objects like
top or alias
Structural class Auxiliary class Abstract class
Page 22
Naming model
o Naming constraints to ensure interoperability between directories
o Each entry is uniquely identified by:
Relative Distinguished Name (RDNs)
Distinguished Name (DN)
Page 23
LDAP Data Interchange Format (LDIF)
o LDAP data represented in standard text format
o It is used to view or edit the data base
o The format used is ASCII, binary data are encoded in base 64
o LDIF is used : to import / export base
to make changes to entries
Page 24
LDAP directory structure
Page 25
Example
Page 26
Functional model
o The functional model describes how to access data
o Update functions : add, modify, delete, rename
o Session functions : bind, unbind
Page 27
Basic operations
LDAP operation Description
Search search directory objects using criteria
Compare comparing the contents of two objects
Add Adding an entry
Modify modifying the contents of an entry
Delete Deleting an object
Rename (Modify DN) modifying the DN of an entry
Bind server connection
Unbind logout
Abandon Giving up a running operation
Extended extended operation (v3)
Page 28
Search/compare queries parameters
Parameter Description
base object the location of the tree where the search must begin
scope depth research
derefAliases if you follow the links or not
size limit limit number of responses
time limit maximum time allocated for research
attrOnly returns or not the value of attributes in addition to their type
search filter Search Filter
list of attributes list of attributes that you want to know
Page 29
Security model
o Define for each user data access rights (authentication control list access)
o Ensuring the confidentiality of trade (encryption)
Page 30
Replication model
o Duplicate a directory on multiple servers
o Prevent network outages, overload ofservice or the server crashes
o Master-slave structure
Page 31
LDAP software
o Server software
OpenLDAP server
Netscape Directory Server
IBM's DSSeries LDAP Directory
o Client software
Netscape Communicator
Microsoft Outlook
Page 32
Configure a LDAP on a server
Installation of the package slapd and ldap-utils:
Modifying the configuration:
A password for the administrator:
Edit the configuration file «/etc/ldap/slapd.conf »
suffix "dc=example,dc=com" directory "/var/lib/ldap" rootdn "cn=admin,dc=example,dc=com" rootpw {SSHA}d2BamRTgBuhC6SxC0vFGWol31ki8iq5m
sudo apt-get install slapd ldap-utils
sudo dpkg-reconfigure slapd
sudo slappasswd
Page 33
Conclusion
o LDAP can become the information system key now
o LDAP is available on many types of platforms
o It can centralize information from different sources for different applications and different users
o To simplify data management
Page 34
Thanks for your attention ..