OpenLDAP Developer Conference 2011 PRESENTED BY: Jan Velk Red Hat - - PowerPoint PPT Presentation

openldap
SMART_READER_LITE
LIVE PREVIEW

OpenLDAP Developer Conference 2011 PRESENTED BY: Jan Velk Red Hat - - PowerPoint PPT Presentation

Apr 17, 2023 220 likes •382 views

OpenLDAP Developer Conference 2011 PRESENTED BY: Jan Velk Red Hat Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) http://creativecommons.org/licenses/by-sa/3.0/ topics what is LDAP database structure difference from other

slide-1
SLIDE 1

OpenLDAP

Developer Conference 2011 Jan Včelák

PRESENTED BY:

Red Hat

Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) http://creativecommons.org/licenses/by-sa/3.0/

slide-2
SLIDE 2

topics

  • what is LDAP
  • database structure
  • difference from other Dbs
  • server architecture
  • data distrubution
  • configuration
slide-3
SLIDE 3

LDAP

  • Lightweight Directory Access Protocol
  • X.500 (DAP, DSP, DISP, DOP)
  • address book
  • user management
  • authentication (password, SSH key, ...)
  • central configuration (DNS, DHCP, autofs, ...)
  • authentication backend (Kerberos, Radius, ...)
  • ....
slide-4
SLIDE 4

Directory Information Tree

dc=example,dc=com

  • u=Development
  • u=Accounting
  • u=Sales

cn=John Doe cn=Jan Novák l=New York l=Brno

slide-5
SLIDE 5

entries

  • DN (Distinguish Name)
  • RDN (Relative Distinguish Name)

cn=John Doe,ou=Sales, l=New York,dc=example,dc=com

slide-6
SLIDE 6

LDIF

dn: uid=jdoe,dc=example,dc=com

  • bjectClass: top
  • bjectClass: person
  • bjectClass: inetOrgPerson

cn: John Doe sn: Doe uid: fbar givenName: John userPassword: secret departmentNumber: 2220 mobile: +1 213 151-5816 mail: fbar@example.com usercertificate;binary:: MIIBvjCCASegAwIBAgIBAjANBgkqhki G9w0BAQQFADAnMQ8wDQYDVQQDEwZjb25maWcxFDASBgNVBAMTC01NUi BDQSBDZXJ0MB4XDTAxMDQwNTE1NTEwNloXDTExMDcw...

slide-7
SLIDE 7

schema – classes

  • bjectclass ( 2.16.840.1.113730.3.2.2

NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )

slide-8
SLIDE 8

schema – attributes

attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

slide-9
SLIDE 9

difference from other DBs

  • data organization
  • data operations
  • referential integrity
  • transactions
  • distribution by design
  • schema
slide-10
SLIDE 10

OpenLDAP server architecture

  • verlays

LDAP operations backends request storage

slide-11
SLIDE 11

available modules

accesslog auditlog back_sql chain collect constraint dds deref rwm seqmod smbk5pwd sssvlv syncprov translucent unique valsort dyngroup dynlist memberof pbind pcache ppolicy refint retcode

slide-12
SLIDE 12

data distribution - referrals

dc=example,dc=com l=New York, dc=example, dc=com l=Brno, dc=example, dc=com

slide-13
SLIDE 13

data distribution - replication

l=Brno, dc=example, dc=com l=Brno, dc=example, dc=com

ldap.brno.example.com ldap-backup.brno.example.com

slide-14
SLIDE 14

configuration

  • cn=config
  • since 2.3
  • LDIF backend - /etc/openldap/slapd.d
  • on-the-fly modification
  • man slapd-config
  • /etc/openldap/slapd.conf
  • works – but please, do not use
  • man slapd.conf
slide-15
SLIDE 15

Questions?

jvcelak@redhat.com

CONT ACT:

Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) http://creativecommons.org/licenses/by-sa/3.0/