LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2.

Slides:

Advertisements

Similar presentations

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Advertisements

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

OpenLDAP Directory Administration Replication, Referrals, Searching, and SASL Explained.

Directory & Naming Services CS-328 Dick Steflik. A Directory.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

CIT 470: Advanced Network and System Administration

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Managing Enterprise Directories: Operational Issues Performance Monitoring Brendan Bellina, University of Notre Dame Base CAMP – Tempe, Arizona February.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.

1 Kaseya Advanced Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.2 Last updated on June 25, 2012 DAY TWO.

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin

The EU DataGrid – Information and Monitoring Services The European DataGrid Project Team

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

K. Stoeckigt, E. Verharen, Secure real-time audio/video communication – H.350,

EDirectory Update with Gary J Porter MindWorks, Inc.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.

Introduce LDAP 张海鹏 SOA Mult - Little system User Manager System (share between other systems) How to store user Information How to access.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

OpenLDAP: Building and Configuring CNS 4650 Fall 2004 Rev. 2.

Extending OpenLDAP Luke Howard PADL Software Pty Ltd Copyright © 2003 PADL Software Pty Ltd. All rights reserved. PADL is a registered trademark of PADL.

LDAP: LDIF & DSML Fall 2004 Rev. 2. LDIF Light-weight Data Interchange Format RFC 2849 Common format to exchange data entry schema.

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.

The LDAP Schema Registry and its requirements on Slapd development OpenLDAP Developers' Day San Francisco 21 March 2003 Peter Gietz, DAASI International.

LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.

29 October 2001Terena TF-LSD1 Certificate Retrieval With OpenLDAP David Chadwick.

4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs.

Paulo Repa Lightweight Directory Access Protocol Paulo Repa

LDAP (Lightweight Directory Access Protocol)

GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.

Spring LDAP Dima Ionut Daniel.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.

Active Directory CNS 4650 Fall 2004 Rev. 2. Active Directory Introduced with Windows 2000 Server X.500 based Can emulate NT-style network environments.

The EU DataGrid – Information and Monitoring Services The European DataGrid Project Team

Introduction to Directory Services CNS 4650 Fall 2004 Rev. 2.

LDAP for PKI Problems Cannot search for particular certificates or CRLs Cannot retrieve particular certificates or CRLs.

LDAP: Bind and Modify CNS 4650 Fall 2004 Rev. 2. Source Code PERL bind.pl Shows how to bind to the LDAP directory modattrs.pl Shows how to modify an object.

The LDAP Protocol. Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model Mapping.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

PERMISSION ANALYZER 2 Reports NTFS permissions from the file system combined with user and group data from the Active Directory.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Finding Information in an LDAP Directory Info. Tech. Svcs. University of Hawaii Russell Tokuyama 05/02/01 University of Hawaii © 2001.

IBM Tivoli Software © 2007 IBM Corporation Support Technical Exchange Web sitehttp://www-306.ibm.com/software/sysmgmt/products/support/supp_tech_exch.html.

LDAP: Creating Object Classes and Attributes CNS 4650 Fall 2004 Rev. 2.

LDAP: Synchronizing LDAP Information CNS 4650 Fall 2004 Rev. 2.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.

Migrating to LDAP What is LDAP? Fedora Directory Server LdapImport

gLite Information System

Prepared by : Moshira M. Ali CS490 Coordinator Arab Open University

Introduction to LDAP Frank A. Kuse.

LDAP APIs CNS 4650 Fall 2004 Rev. 2.

The EU DataGrid – Information and Monitoring Services

Index Object Schema and Replication Infrastructure

Implementation and configuration of LDAP

CEG 2400 Fall 2012 Directory Services - LDAP

LDAP – Light Weight Directory Access Protocol

Introduction to Name and Directory Services

Lightweight Directory Access Protocol (LDAP)

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

COMPUTER NETWORKS PRESENTATION

Some experiences on LDAP deployment in the RedIRIS network

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL

Presentation transcript:

LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2

Server Information Allows developer/admin to not have to make assumptions about directory Often termed the “root object” or root DSE (p.174) Server is required to recognize the the attributes Server is NOT required to have the attributes or values in those attributes

Root DSE attributes altServer Other servers that can be contacted if this server is unavailable namingContexts List of naming contexts held by the LDAP server supportedControl List of the OIDs of controls the LDAP server supports supportedExtension List of the OIDs of the extensions the LDAP server supports

Root DSE attributes supportedLDAPVersion Lists LDAP version supported supportedSASLMechanisms Lists the SASL mechanisms supported by the LDAP server Can also have custom (vendor specific) attributes supportedFeature (OpenLDAP)

OpenLDAP Controls From the ldap.h file: /* LDAP Controls */ #define LDAP_CONTROL_MANAGEDSAIT" " #define LDAP_CONTROL_NOOP" " #define LDAP_CONTROL_SORTREQUEST " " #define LDAP_CONTROL_SORTRESPONSE" " #define LDAP_CONTROL_VLVREQUEST " " #define LDAP_CONTROL_VLVRESPONSE " " #define LDAP_CONTROL_VALUESRETURNFILTER " "

OpenLDAP Extensions From the ldap.h file: #define LDAP_EXOP_START_TLS" " #define LDAP_EXOP_MODIFY_PASSWD" " #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID((ber_tag_t) 0x80U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD((ber_tag_t) 0x81U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW((ber_tag_t) 0x82U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN((ber_tag_t) 0x80U) #define LDAP_EXOP_X_WHO_AM_I" "

How to Query for Operational Information Set the search base to “” Set scope to “base” Set the search filter to: ‘(objectclass=*)’ Query for certain attributes: namingContexts Query for all attributes “+” (RFC 3673)

Example Query ldapsearch -h b "" -s base -x -W '(objectclass=*)' "+"

Subschema Contains the schema definitions No standard place That is what the operational attributes are used for! Query the root DSE for “subschemasubentry” OpenLDAP - cn=Subschema eDirectory/Active Directory - cn=schema

Subschema The subschema contains all objectclasses and attributes the server supports Developer/Admin could query and search for objectclass or attribute Example: inetOrgPerson

Subschema Search Objectclasses ldapsearch -h b "cn=Subschema" -s base -x -W '(objectclass=*)' attributetypes Attributes ldapsearch -h b "cn=Subschema" -s base -x -W '(objectclass=*)' attributetypes Combination of Both ldapsearch -h b "cn=Subschema" -s base -x -W '(objectclass=*)' objectclassses attributetypes

Subschema Search Matching Rules ldapsearch -h b "cn=Subschema" -s base -x -W '(objectclass=*)' matchingRules LDAP Syntaxes ldapsearch -h b "cn=Subschema" -s base -x -W '(objectclass=*)' ldapSyntaxes Ask for it all ldapsearch -h b "cn=Subschema" -s base -x -W '(objectclass=*)' subschema

Monitor Used to store other server information in the entry Server version (not LDAP but release) Total connections Startup time Bytes sent Information different from root DSE This entry is more on the running condition, network information, etc.

Monitor Usually can be queried by: Base = “cn=Monitor” Scope = “base” Filter = ‘(objectclass=*)’ But DN can differ from server to server Best to query root DSE and return “monitor” For OpenLDAP it must be specified at compile time