ldap
play

LDAP (Lightweight Directory Access Protocol) tzute Computer - PowerPoint PPT Presentation

Mar 05, 2023 •446 likes •854 views

LDAP (Lightweight Directory Access Protocol) tzute Computer Center, CS, NCTU What is Directory Service? What is Directory Service ( ) Highly optimized for reads. Implements a distributed model for storing

  1. LDAP (Lightweight Directory Access Protocol) tzute

  2. Computer Center, CS, NCTU What is Directory Service?  What is Directory Service ( 目錄服務 ) • Highly optimized for reads. • Implements a distributed model for storing information. • Can extend the type of information it stores • Has advanced search capabilities. • Has loosely consistent replication among directory servers.  Domain Name Service 2

  3. Computer Center, CS, NCTU What is LDAP  Lightweight Directory Access Protocol (LDAP) • LDAP v3: RFC 3377 • RFC 2251-2256, 2829, 2830, 3377  Why LDAP is lightweight • subset of X.500 • X.500 is based on OSI model • LDAP is based on TCP/IP model • LDAP omits many X.500 operations that are rarely used • Providing a smaller and simpler set of operations 3

  4. Computer Center, CS, NCTU LDAP Directory Information Tree (DIT) dc=cc dc=nctucs dc=na ou=Group ou=People cn=nata cn=sata cn=tzute cn=zswu cn=tzute,ou=People,dc=na,dc=nctucs,dc=cc o =“ na, nctucs , cc”, c=Taiwan o=na.nctucs.cc 4

  5. Computer Center, CS, NCTU LDAP Directory Information Tree (DIT) dn: ou=People,dc=na,dc=nctucs,dc=cc dc=cc ou: People objectClass: top dc=nctucs objectClass: organizationalUnit objectClass: domainRelatedObject dc=na associatedDomain: na.nctucs.cc ou=Group ou=People objectClass: person cn: tzute sn: abc cn=tzute telephoneNumber: 123-4567 DN(distinguished name): cn=tzute,ou=People,dc=na,dc=nctucs,dc=cc RDN: relative distinguished name 5

  6. Computer Center, CS, NCTU LDAPv3 overview – LDIF  LDAP Interchange Format (LDIF) • Defined in RFC 2849 • standard text file format for storing LDAP configuration information and directory contents • An LDIF file is 1. A collection of entries separated from each other by blank lines 2. A mapping of attribute names to values 3. A collection of directives that instruct the parser how to process the information • The data in the LDIF file must obey the schema rules of your LDAP directory 6

  7. Computer Center, CS, NCTU LDAPv3 overview – LDIF  Sample LDIF dc=cc # sample entry dn: cn=tzute,ou=people,dc=na,dc=nctucs,dc=cc dc=nctucs objectClass: person cn: tzute dc=na telephoneNumber: 123-4567 ou=people ou=group dn: distinguished name rdn: relative dn ou: organizational unit cn=tzute dc: domain component cn: comman name DN(distinguished name): cn=tzute,ou=people,dc=nap,dc=nctucs,dc=cc 7 RDN: relative distinguished name

  8. Computer Center, CS, NCTU LDAPv3 overview – LDIF  Sample LDIF - Modify one dn # modify user info dn: cn=tzute, ou=people,dc=na,dc=nctucs,dc=cc changetype: modify add: description description : NA TA - replace: telephoneNumber telephoneNumber : 0987654321 objectClass: person objectClass: person cn: tzute cn: tzute sn: abc sn: abc telephoneNumber : 123-4567 description : NA TA telephoneNumber : 0987654321 8

  9. Computer Center, CS, NCTU LDAPv3 overview – LDIF  Sample LDIF - Modify more than one dn # modify user info dn: cn=tzute, ou=people,dc=na,dc=nctucs,dc=cc changetype: modify add: description description : NA TA dn: cn=zswu, ou=people,dc=na,dc=nctucs,dc=cc changetype: modify add: description description : NA TA 9

  10. Computer Center, CS, NCTU LDAPv3 overview - objectClass  /usr/local/etc/openldap/schema/core.schema http://www.openldap.org/doc/admin24/schema.html 10

  11. Computer Center, CS, NCTU LDAPv3 overview - objectClass http://www.openldap.org/doc/admin24/schema.html 11

  12. Computer Center, CS, NCTU LDAPv3 overview - Attribute Matching rules Type Server should support values of this length http://www.openldap.org/doc/admin24/schema.html 12

  13. Computer Center, CS, NCTU Comparison with relational databases  It is tempting to think that having a RDBMS backend to the directory solves all problems. However, it is wrong.  This is because the data models are very different. Representing directory data with a relational database is going to require splitting data into multiple tables. 13

  14. OpenLDAP

  15. Computer Center, CS, NCTU OpenLDAP (on FreeBSD)  Installation • pkg install openldap-server • cd /usr/ports/net/openldap-server24 ; make install clean  slapd.conf • Blank lines and lines beginning with a pound sign (#) are ignored • Parameters and associated values are separated by whitespace characters • A line with a blank space in the first column is considered to be a continuation of the previous one. 15

  16. Computer Center, CS, NCTU slapd.conf include /usr/local/etc/openldap/schema/core.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args loglevel 256 modulepath /usr/local/libexec/openldap moduleload back_mdb moduleload back_ldap # ACL rules here for global database mdb maxsize 1073741824 suffix "dc=na,dc=nctucs,dc =cc“ rootdn "cn=Manager,dc=na,dc=nctucs,dc=cc" rootpw <generated by slappasswd> directory /var/db/openldap-data # Indices to maintain index objectClass eq # ACL rules here for specify database 16

  17. Computer Center, CS, NCTU Directory ACL access to dn.exact="cn=Manager,dc=na,dc=nctucs,dc=cc" by peername.ip =“127.0.0.1" auth by users none by anonymous none by * none access to attrs=userPassword by self write by anonymous auth by dn.base="cn=Manager,dc=na,dc=nctucs,dc=cc" write by * none access to attrs=englishname,birthdate by self write by users read by anonymous read 17

  18. Computer Center, CS, NCTU Directory ACL http://www.openldap.org/doc/admin24/access-control.html 18

  19. Computer Center, CS, NCTU Overlay  Software components that provide hooks to functions analogous to those provided by backends, which can be stacked on top of the backend calls and as callbacks on top of backend responses to alter their behavior.  Frontend Frontend • handles network access and protocol processing  Backend Overlay • deals strictly with data storage Backend https://www.openldap.org/doc/admin24/overlays.html https://en.wikipedia.org/wiki/OpenLDAP#Overlays 19

  20. Computer Center, CS, NCTU Overlay - memberOf dc=cc  Membership dc=nctucs dc=na ou=People ou=Group cn=nata cn=tzute objectClass: posixGroup objectClass: posixGroup objectClass: top objectClass: top objectClass: posixAccount cn: nata cn: tzute displayName: nata gidNumber: 1234 description: Domain Unix group gidNumber: 1234 20

  21. Computer Center, CS, NCTU Overlay - memberOf  Installation • Ports • make config -> enable option https://www.openldap.org/doc/admin24/overlays.html 21

  22. Computer Center, CS, NCTU Overlay - memberOf  slapd.conf  restart slapd  Schema dn: cn=nata,ou=MemberGroup,dc=na,dc=nctucs,dc=cc objectclass: groupOfNames cn: nata member: cn=tzute,ou=People,dc=na,dc=nctucs,dc=cc https://www.openldap.org/doc/admin24/overlays.html 22

  23. Computer Center, CS, NCTU OLC - on-line configuration  OpenLDAP version 2.3 -> new feature  OpenLDAP version 2.4 -> still optional  Uses a configuration DIT to control the operational configuration  Modifying entries in this DIT immediate changes to slapd's operational https://www.openldap.org/doc/admin24/slapdconf2.html http://www.zytrax.com/books/ldap/ch6/slapd-config.html 23

  24. Computer Center, CS, NCTU OLC - on-line configuration 24

  25. Computer Center, CS, NCTU OLC - on-line configuration # {1}mdb, config dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/db/openldap-data/na olcSuffix: dc=na,dc=nctucs,dc=cc olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=na,dc=nctucs,dc=cc olcRootPW: password 25

  26. Computer Center, CS, NCTU Enable slapd  Edit /etc/rc.conf • slapd_enable =“YES” • slapd_flags for specific options  service slapd start http://www.openldap.org/doc/admin24/runningslapd.html 26

  27. Computer Center, CS, NCTU Slapd tools  slapcat • This tool reads records from a slapd database and writes them to a file or standard output  slapadd • This tool reads LDIF entries from a file or standard input and writes the new records to a slapd database  slapindex • This tool regenerates the indexes In a slapd database  slappasswd • This tool generates a password hash suitable for use as an Lq in slapd.conf 27

  28. Computer Center, CS, NCTU LDAP tools  ldapsearch • This tool issues LDAP search queries to directory servers  ldapadd, ldapmodify • These tools send updates to directory servers  ldapcompare • This tool asks a directory server to compare two values  ldapdelete • This tool deletes entries from an LDAP directory 28

  29. Computer Center, CS, NCTU ldapsearch  Options • -b searchbase • -s {base|one|sub|children} #defult is sub • -D binddn • -x #Use simple authentication instead of SASL. • -W #password for simple authentication • -H ldapuri  ldapsearch [options] filter • default filter, (objectClass=*) • ldapsearch -H ldap://ldap.na.nctucs.cc - D “ cn=tzute,dc=na,dc=nctucs,dc =cc” - b “dc= na,dc=nctucs,dc =cc” -s one  man ldapsearch 29

  30. Computer Center, CS, NCTU ldapsearch dc=cc dc=nctucs dc=na ou=Group ou=People cn=nata cn=sata cn=tzute cn=zswu 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP LDAP Servers Information Structure Protocol Overview LDAP operations UNDERSTANDING LDAP LDAP stands for Lightweight Directory Access

268 views • 12 slides
How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

Getting Started What do you already know about ldap ? . . . . . . . . . . . . . . slide #3 What Do You Want? . . . . . . . . . . . . . . . . . . . . . . . . . . . . slide #4 Argument for LDAP Account Information . . . . . . . . . . . . . . . . .

442 views • 26 slides
LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com http://www.samba.org/~idra What is LDB ? LDB is an LDAP-like database interface LDAP-like data model support LDAP like search expressions but it

1.03k views • 24 slides
DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999 Peter Gietz, University of Tbingen Peter.Gietz@directory.dfn.de DESIRE LDAP Index system

855 views • 12 slides
Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002 andrew.findlay@skills-1st.co.uk Security with LDAP Applications of LDAP White Pages NIS (Network Information System) Authentication

257 views • 15 slides
LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

What is LDAP Lightweight Directory Access Protocol Phonebook Based on X.500 DAP on OSI stack Developed in '93 @ UMich LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many implementations OpenLDAP

544 views • 6 slides
KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC attributes except for those used to store key data Keys Extension draft: Defines attributes used to store key data Flow of Data to LDAP

798 views • 10 slides
From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg &lt;roland.hedberg@adm.umu.se&gt; The transition -starting point Admin interface LDAP Scripts The transition - toward nirvana Admin interface LDAP Scripts

497 views • 22 slides
Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't

Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't

Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't need it... We have users ! We have users ! LDAP project phases Initial analysis Development + tests Costs Conformance tests Tests are

501 views • 27 slides
dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit of History Number of systems Own user administra:on system Some users had access

519 views • 10 slides
UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity System UCSBnetID authentication UCSB-wide student and employee info http://www.identity.ucsb.edu/ LDAP Overview Lightweight Directory Access Protocol

604 views • 24 slides
Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic Poitou OpenDS ludovic.poitou@sun.com A poor man's choice: JNDI or JLDAP/Netscape LDAP SDK Good News: Apache Directory Client API OpenDS

678 views • 20 slides
Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP entry Indicate on attendance sheet Announcements Plan for today Its Co-op time Building a software system Orientation

475 views • 3 slides
How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories Nick Urbanik How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of Vocational Education (Tsing Yi), Department of ICT Nick Urbanik

1.17k views • 106 slides
Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail

Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail

Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail (Cant change in mycourses) Jon, your mail bounced March 17 Lets settle things after class Enter stage left Spacethe final

382 views • 5 slides
The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to

The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to

The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to Access Control The Design Process The available Standards Best Practices The User object The plumbing Implementing the Schema

494 views • 47 slides
EI4Africa Demonstrators Dr. Amos Nungu Dar Es Salaam Institute of Technology Tanzania

EI4Africa Demonstrators Dr. Amos Nungu Dar Es Salaam Institute of Technology Tanzania

EI4Africa Demonstrators Dr. Amos Nungu Dar Es Salaam Institute of Technology Tanzania Technology Transfer Alliance - TTA History Communication System Design (CSD) Course @ KTH Sweden Now TTA Alliance The Website -

968 views • 11 slides
Indicators+of+Environmental+Exposures+ Eleanor+Se6on,+PhD+ Karla+Poplawski,+MSc+ !

Indicators+of+Environmental+Exposures+ Eleanor+Se6on,+PhD+ Karla+Poplawski,+MSc+ !

Indicators+of+Environmental+Exposures+ Eleanor+Se6on,+PhD+ Karla+Poplawski,+MSc+ ! Environmental!Exposures! ! Spa2al!Sciences!Research!Lab! University!of!Victoria,!B.C.! 1 CAREX+Canada++Environmental+Indicators+ Goal+for+indicators:+

687 views • 29 slides
o o s t p i b e i c h t x u E s Theres Still More to See. World ATM Congress is

o o s t p i b e i c h t x u E s Theres Still More to See. World ATM Congress is

4 6, March, 2014 Operated by CANSO in association with ATCA Madrid, Spain IFEMA, Feria de Madrid r P r o o s t p i b e i c h t x u E s Theres Still More to See. World ATM Congress is Back in 2014 M p T a i r k e

384 views • 7 slides
AN UPDATE ON LEGAL TRACEABILITY OF GPS POSITIONS IN AUSTRALIA Guorong Hu, Michael Moore, John

AN UPDATE ON LEGAL TRACEABILITY OF GPS POSITIONS IN AUSTRALIA Guorong Hu, Michael Moore, John

AN UPDATE ON LEGAL TRACEABILITY OF GPS POSITIONS IN AUSTRALIA Guorong Hu, Michael Moore, John Dawson and Craig Harrison Geoscience Australia, Canberra, Australia Background With the growing societal dependency on GPS, the need for the legal

593 views • 21 slides
rt

rt

rt rst s rr r r

534 views • 28 slides
fo5 ,0,frha..&lt; t^a&quot; xr.^e*83 Tbrcr *Ltt( 4.he1 | EFTL l-r,,.sry t .--.

fo5 ,0,frha..&lt; t^a&quot; xr.^e*83 Tbrcr *Ltt( 4.he1 | EFTL l-r,,.sry t .--.

Cha1&quot;.&quot;1.rt cr^cs a^1&quot; s.7&lt;**rc $,.., t+ro\- Sta.lel .heq/ ?}sres Zrro,r( fo5 ,0,frha..&lt; t^a&quot; xr.^e*83 Tbrcr *Ltt( 4.he1 | EFTL l-r,,.sry t .--. nry|'tv&gt; 1n9 f r-urr o / rl1pTl l..4.Ltros

903 views • 63 slides
Key points 4 state energy savings schemes are the biggest game in town (and under review)

Key points 4 state energy savings schemes are the biggest game in town (and under review)

Energy Efficiency Expo 24 October 2019, Melbourne Energy Saving Schemes Panel Topic and Participant Talking Points Introduction: Energy efficiency schemes and incentives 2019 unprecedented year of opportunity Australias energy

490 views • 18 slides
Topological field theories beyond the semisimplicity Christoph Schweigert Mathematics Department

Topological field theories beyond the semisimplicity Christoph Schweigert Mathematics Department

Topological field theories beyond the semisimplicity Christoph Schweigert Mathematics Department Hamburg University based on work with J urgen Fuchs and Gregor Schaumann June 6, 2018 Topological field theory on the way to Cortona

717 views • 51 slides

More recommend