CIT 470: Advanced Network and System Administration

Slides:



Advertisements
Similar presentations
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Debugging.
Advertisements

Chapter One The Essence of UNIX.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Active Directory: Final Solution to Enterprise System Integration
NIS Consistent configuration across the network. Why NIS? Primary reason is to provide same user configuration across the network Users go any machine.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
NIS – Network Information System WeeSan Lee
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
Linux+ Guide to Linux Certification, Second Edition
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Kerberos and LDAP Jason Heiss February Why is everybody still using NIS? NIS is easy to setup Easy to administer Scales fairly well Widely supported.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Lesson 17. Domains and Active Directory. Objectives At the end of this Presentation, you will be able to:
Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.
Bynari, Inc. Sharing made easy Doug Finch Director of Technical Support Bynari, Inc.
Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu LTS comes with MIT Kerberos Admin through CLI, but from.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.
SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.
Setting up NIS and HTTP. Network Information Service Reading: 1. Linux NIS HOWTO: howto/HOWTOhttp://
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.
OpenLDAP: Building and Configuring CNS 4650 Fall 2004 Rev. 2.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
Scis.regis.edu ● CS 468: Advanced UNIX Class 2 Dr. Jesús Borrego Regis University 1.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
LDAP: LDIF & DSML Fall 2004 Rev. 2. LDIF Light-weight Data Interchange Format RFC 2849 Common format to exchange data entry schema.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Accounts and Namespaces.
Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.
10.1 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.4 File System Mounting A file system must be mounted before it can be accessed.
A Brief Documentation.  Provides basic information about connection, server, and client.
LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.
1 COP 4343 Unix System Administration Unit 13: LDAP.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Disaster Recovery.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Change and Configuration Management.
1 Network Information System (NIS). 2 Module – Network Information System (NIS) ♦ Overview This module focuses on configuring and managing Network Information.
AACLS Documentation LDAP and releasing information issue ACL and ACI AACLS Model Physical Architecture Logical Architecture Example : a French university.
LDAP (Lightweight Directory Access Protocol)
Linux Operations and Administration
Introduction to Active Directory
Michael Tinker September 16, 2004
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Lightweight Directory Access Protocol Objectives –This chapter will first show you how to install and use LDAP Contents –The LDAP Database Structure –Scenario.
1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.
LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.
Chapter 17: Sharing System Files Stephen Workman.
Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport
CIT 470: Advanced Network and System Administration
Unix System Administration
CIT 470: Advanced Network and System Administration
Introduction to LDAP Frank A. Kuse.
Configuring LDAP-UX Module 13 H3065S F.00 [Course Title]
Active Directory Administration
Implementation and configuration of LDAP
Authentication Servers سرورهای تشخیص هویت
Introduction to Name and Directory Services
CIT 470: Advanced Network and System Administration
EGEE Middleware: gLite Information Systems (IS)
Introduction to Active Directory Directory Services
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL
Presentation transcript:

CIT 470: Advanced Network and System Administration Directories CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Topics Directories LDAP Structure LDIF Distinguished Names Replication OpenLDAP Configuration http://www.blinn.edu/personnel/training/11-6-08/11-6-08_print.html CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration What is a Directory? Directory: A collection of information that is primarily searched and read, rarely modified. Directory Service: Provides access to directory information. Directory Server: Application that provides a directory service. http://www.mscd.edu/~ittsdba/oradoc817/ois.817/a83729/adois09.htm CIT 470: Advanced Network and System Administration

Directories vs. Databases Directories are optimized for reading. Databases balanced for read and write. Directories are tree-structured. Databases typically have relational structure. Directories are usually replicated. Databases can be replicated too. Both are extensible data storage systems. Both have advanced search capabilities. CIT 470: Advanced Network and System Administration

System Administration Directories Types of directory data Accounts Mail aliases and lists (address book) Cryptographic keys IP addresses Hostnames Printers Common directory services DNS, LDAP, NIS CIT 470: Advanced Network and System Administration

Advantages of Directories Make administration easier. Change data only once: people, accounts, hosts. Unify access to network resources. Single sign on. Single place for users to search (address book) Improve data management Improve consistency (one location vs many) Secure data through only one server. CIT 470: Advanced Network and System Administration

NIS: Network Information Service Originally called Sun Yellow Pages Clients run ypbind. Servers run ypserv. Data stored under /var/yp on server. Server shares NIS maps with clients Each UNIX file may provide multiple NIS maps. NIS maps map keys like UID, username to data. passwd: passwd.byname, passwd.byuid Slave servers replicate master server content. Easy to use, but insecure, difficult to extend. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration LDAP Lightweight Directory Access Protocol Lightweight compared to X.500 directories. Directory, not a database, service. Access Protocol, not a directory itself. CIT 470: Advanced Network and System Administration

LDAP Clients and Servers Standalone directory browsers. Embedded clients (mail clients, logins, etc.) Cfg /etc/nsswitch.conf on UNIX to use LDAP. Common LDAP servers CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration LDAP Structure An LDAP directory is made of entries. Entries may be employee records, hosts, etc. Each entries consists of attributes. Attributes can be names, phone numbers, etc. objectClass attribute identifies entry type. Each attribute is a type / value pair. Type is a label for the information stored (name) Value is value for the attribute in this entry. Attributes can be multi-valued. CIT 470: Advanced Network and System Administration

Tree-structure of LDAP Directories CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration LDAP Schemas Schemas specify allowed objectClasses and attributes. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration LDIF LDAP Interchange Format. Standard text format for storing LDAP configuration data and directory contents. LDIF Files Collection of entries separated by blank lines. Mapping of attribute names to values. Uses Import new data into directory. Export directory to LDIF files for backups. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration LDIF Output Example CIT 470: Advanced Network and System Administration

LDIF Backups and Restores Backing up an LDAP directory slapcat > backup.ldif OR to do a daily backup use date in name slapcat > backup-`date +%F`.ldif Restoring an LDAP directory service ldap stop rm -rf /var/lib/ldap/* slapadd < backup.ldif service ldap start CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Distinguished Names Distinguished Names (DNs) Uniquely identify an LDAP entry. Provides path from LDAP root to the named entry. Similar to an absolute pathname. dn:cn=Jeff Foo,ou=Sales,dc=plainjoe,dc=org Relative DNs (RDNs) Any unique attribute pair in directory’s container. ex: cn=Jeff Foo OR username=fooj Similar to a relative pathname. Except may have multiple components. cn=Jane Smith+ou=Sales cn=Jane Smith+ou=Engineering CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration (R)DN Example #1 http://www.zytrax.com/books/ldap/apa/dn-rdn.html CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration (R)DN Example #2 http://www.zytrax.com/books/ldap/apa/dn-rdn.html CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration ldapsearch Options -LLL removes comments and LDAP version info. -b base supplies base DN (uses ldap.conf if no -b.) -x uses simple authentication instead of SASL. -H ldap://your.server.edu accesses that server. If -H not specified, uses ldap.conf to find server. Search for all elements ldapsearch -LLL -x -b "dc=gkar,dc=nku,dc=edu" "(objectclass=*)" CIT 470: Advanced Network and System Administration

ldapsearch -LLL -x "(DN)" > ldapsearch -LLL -x "(uid=fooj)" dn: uid=fooj,ou=People,dc=gkar,dc=nku,dc=edu objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount uid: fooj uidNumber: 10101 cn: fooj homeDirectory: /home/c/fooj loginShell: /bin/bash gidNumber: 10101 CIT 470: Advanced Network and System Administration

ldapsearch -LLL -x "(DN)" > ldapsearch -LLL -x "(uidNumber=10101)" dn: uid=fooj,ou=People,dc=gkar,dc=nku,dc=edu objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount uid: fooj uidNumber: 10101 cn: fooj homeDirectory: /home/c/fooj loginShell: /bin/bash gidNumber: 10101 CIT 470: Advanced Network and System Administration

Multiple Record Matches > ldapsearch -LLL -x "(loginShell=/bin/bash)" dn: uid=fooj,ou=People,dc=gkar,dc=nku,dc=edu objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount uid: fooj uidNumber: 10101 cn: fooj homeDirectory: /home/b/fooj loginShell: /bin/bash ... Size limit exceeded (4) CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Wildcard Matches > ldapsearch -LLL -x "(uid=smith*)" dn: uid=smitha,ou=People,dc=gkar,dc=nku,dc=edu uid: smitha uidNumber: 10221 cn: smitha homeDirectory: /home/f/smitha loginShell: /bin/bash ... dn: uid: smithj uidNumber: 12302 cn: smithj homeDirectory: /home/g/smithj CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Open source LDAPv3 server. LDAP server: slapd Client commands: ldapadd, ldapsearch Backend storage: BerkeleyDB Backend commands: slapadd, slapcat Schemas: /etc/openldap/schema Data: /var/lib/ldap Configuration files Client: /etc/openldap/ldap.conf Server: /etc/openldap/slapd.conf CIT 470: Advanced Network and System Administration

Building an OpenLDAP Server Install OpenLDAP. Configure LDAP for your domain. Edit slapd.conf OR use Run Time Configuration (RTC) Start server Immediate: service ldap start Permanent: chkconfig --level 35 ldap on Add data with ldapadd. Verify functionality with ldapsearch. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration slapd.conf (Server) File Locations (usually accept defaults) Schema files Configuration files Database directory Database suffix = DN of topmost node in directory rootdn = DN of LDAP administrative user rootpw = Password of LDAP administrator Access Control CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration ldap.conf (Client) # # LDAP Defaults # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com (match suffix in slapd.conf) #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration References Brian Arkills, LDAP Directories Explained: An Introduction and Analysis, Addison-Wesley, 2003. Gerald Carter, LDAP System Administration, O’Reilly, 2003. LDAP Howtos, Links, and Whitepapers, http://www.bind9.net/ldap/, 2005. http://www.ldapman.org/, 2005. LDAP for Rocket Scientists, http://www.zytrax.com/books/ldap/, 2009. Thomas Limoncelli, Christine Hogan, Strata Chalup, The Practice of System and Network Administration, 2nd ed, Limoncelli and Hogan, Addison-Wesley, 2007. Luiz Malere, “Linux LDAP HOWTO,” http://www.tldp.org/HOWTO/LDAP-HOWTO/, 2004. Evi Nemeth et al, UNIX System Administration Handbook, 3rd edition, Prentice Hall, 2001. OpenLDAP, OpenLDAP Administrator’s Guide, http://www.openldap.org/devel/admin/, 2005. CIT 470: Advanced Network and System Administration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.