1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Slides:



Advertisements
Similar presentations
Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.
Advertisements

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Active Directory: Final Solution to Enterprise System Integration
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
Databases. Database Information is not useful if not organized In database, data are organized in a way that people find meaningful and useful. Database.
Introduction to Network Administration. Objectives.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Overview of Active Directory Domain Services Lesson 1.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.
The Directory A distributed database Distributed maintenance.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Scis.regis.edu ● CS 468: Advanced UNIX Class 2 Dr. Jesús Borrego Regis University 1.
INTRODUCTION What is a Web-Enabled Database? Problem and its Importance Two-tier Architecture Three-tier Architecture Need for a compatible centralized.
Directory Service
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.
LDAP: Introduction CNS 4650 Fall 2004 Rev. 2. LDAP History Simplify directory access protocol Front-end to X.500 Developed my UMich.
Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.
LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.
Identity Management Technical Training LDAP and Directory Services Joachim Andres Guillaume Andru Renaud Métrich Sun Microsystems, Inc.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
Application Layer Honolulu Community College Cisco Academy Training Center Semester 1 Version
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
LDAP- Protocol and Applications. Role of LDAP Allow clients to access a directory service Directories hold hierarchical structured information Clients.
Introduction to Active Directory
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
1 CEG 2400 Fall 2012 eDirectory – Directory Service.
1 CEG 2400 Fall 2012 Directory Services Directory Services eDirLDAP Active Directory.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Planning an Active Directory Deployment Lesson 1.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Application Layer Honolulu Community College
Introduction to LDAP Frank A. Kuse.
Overview of Active Directory Domain Services
(ITI310) SESSIONS 6-7-8: Active Directory.
Directory Access Protocol
Introduction to Name and Directory Services
Architecture Competency Group
UNIVERSITY INSTITUTE OF TECHNOLOGY
A Network Operating System Edited By Maysoon AlDuwais
Windows Active Directory Environment
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
APACHE WEB SERVER.
Designing IIS Security (IIS – Internet Information Service)
CCNA 4 v3.1 Module 6 Introduction to Network Administration
Presentation transcript:

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of Directory Services

2 What is a Directory Service? A directory service is the collection of software, hardware, processes, policies, and administrative procedures involved in making the information in your directory available to the users of your directory. Your directory service includes at least the following components:  Information contained in the directory  S/W servers holding this information  S/W clients acting on behalf of users or other entities accessing this information  H/W on which these clients and servers run  Policies governing access  S/W and procedures for maintainance and monitoring

3 Directory Service

4  Early directory services were designed for a specific application (e.g. X.400 application)  Later, (1988) X.500 was introduced as a standard directory service to service different applications. It was revised several times, currently 5 th edition (2005).  Implemented as a distributed database  All network entities are implemented as objects with attributes  Schema defines the directory “blueprint”  X.509 subset of X.500 specification (public key certification) became a common stand-alone standard for authentication

5 Directory as a Database Directory is a specialized database  Directories typically have a higher read-to-write ratio than databases.  Directories are typically more easily extended  Directories are usually more widely distributed  Directories are often replicated on a higher scale  Directories usually have very different performance characteristics  Support for standards is important in directories, less so in databases.

6 Directory entry with attributes

7 Directory Naming Model  All objects are arranged into a hierarchical tree structure (DIT)

8 Directory Naming Model  All objects are arranged into a hierarchical tree structure (DIT)  Each object has RDN – simple object name that is unique within a tree level (e.g. Printer1, dglazer)  Each object is identified by it’s distinguished name (DN) that’s unique in the directory (e.g. cn=ChocCookie,ou=recipes,dc=foobar,dc=com; Printer1.is.umbc.edu; dglazer.umbc.edu)

9 Distributed DIT

10 Distributed DIT

11 Distributed DIT

12 Directory Management Domains

13 Client/Server architecture

14 X.500 components and protocols

15 LDAP vs X.500  LDAP was originally developed as an alternative to X.500 DAP protocol  It was designed to use TCP/IP instead of OSI protocol stack (“lighter protocol”).  LDAP evolved into a complete directory service  LDAP’s architecture and naming structure are based on X.500 standard  Although today’s version of DAP also runs over TCP/IP, LDAP remains the popular option for connection to a Directory.

16 LDAP functional model  LDAP operations are divided into 3 areas: Authentication, Interrogation, Update Some examples include:  Authentication: Open, bind and unbind  Interrogation: Search, compare  Update: Add, Modify, Delete

17 LDAP security model  Authentication Assurance that the opposite party (machine or person) really is who he/she/it claims to be.  Integrity Assurance that the information that arrives is really the same as what was sent.  Confidentiality Protection of information disclosure by means of data encryption to those who are not intended to receive it.  Authorization Assurance that a party is really allowed to do what he/she/it is requesting to do. This is usually checked after user authentication. In LDAP Version 3, this is currently not part of the protocol specification and is therefore implementation- (or vendor-) specific.

18 LDAP security model  No authentication  Basic authentication  Simple Authentication and Security Layer (SASL) SASL is a framework for adding additional authentication mechanisms to connection-oriented protocols. I SSL and its successor, TLS, are the mechanisms commonly used in SASL for LDAP

19 Directory Services Implementations  Microsoft Active Directory  NetIQ (Novell) eDirectory  Sun Microsystems OpenDS  OpenLDAP  Apple Open Directory  Oracle Internet Directory  Apache Directory Server

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.