Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998."— Presentation transcript:

1

2 LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998

3 What is LDAP ? n LDAP is the abbreviate of Lightweight Directory Access Protocol. n It is a standard protocol used by applications to access information in a directory. n Vs. DAP, which is the underlining protocol of X.500

4 What does directory mean here? n The directory here means a type of database that has been optimized for searching and retrieving structure data. n Most commonly, the directory are used to store information about user profile. Like user name, permission.

5 Why LDAP is necessary ? n Traditionally, every department has its own user database. n User has more account today, email, web, Unix, NT,... n How to synchronize the user info. when his work is related to more than one department? n When Intranet/Extranet used, how to efficiently control the user access?

6 Why LDAP is necessary -2 ? n How to identify the source over network. n Vs, DNS, too simple, only includes host information. n NDS, not based natively on TCP/IP, vendor supplied. n X.500 too complicated, require OSI stack.

7 History of LDAP?. n X.500, complex, using OSI n LDAP version 1, RFC 1487,1993 u client interact with a LDAP service which interacts with one or more X.500 server n LDAP version 2, RFC 1777, 1995 u LDAP servers could run independently of X.500. n LDAP version 3, RFC 2251, 1997 u Communication between master servers. u Referral capacity

8 Protocol Model of LDAP 3. n Client/Server structure. n Objective: minimize the complexity of clients.

9 Data Model of LDAP 3 -2 n DIT tree (Directory Information Tree) n Entry: Tree is made of entries. n DN (Distinguished Name): a set of attribute=value group which uniquely identify an object n RDN(Relative distinguished name) n Naming Context

10 Data Model of LDAP 3 -2. n DIT tree

11 Attributes of Entries. n Entries consist of a set of attributes. n An attribute is a type with one or more associated value. n An attribute type is identified by a short description name and object identifier. n Object identifier decides what kind of value you can have.

12 Elements of Protocol n LDAP protocol is described using ASN.1. (Abstract Syntax Notation) n All protocol operations are encapsulated in a common envelope, the LDAPMessage.

13 LDAP message envelop. n LDAPMessage ::= SEQUENCE { n messageID MessageID, n protocolOp CHOICE { n bindRequest BindRequest, n bindResponse BindResponse, n unbindRequest UnbindRequest, n searchRequest SearchRequest, n searchResEntry SearchResultEntry, n searchResDone SearchResultDone, n searchResRef SearchResultReference, n modifyRequest ModifyRequest, n modifyResponse ModifyResponse, n addRequest AddRequest, n addResponse AddResponse, n delRequest DelRequest, n delResponse DelResponse, n modDNRequest ModifyDNRequest, n modDNResponse ModifyDNResponse, n compareRequest CompareRequest, n compareResponse CompareResponse, n abandonRequest AbandonRequest, n extendedReq ExtendedRequest, n extendedResp ExtendedResponse }, n controls [0] Controls OPTIONAL } n MessageID ::= INTEGER (0.. maxInt) n maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --

14 Message ID n For the outstanding Message, message ID is unique. Result Message: LDAPResult ::= SEQUENCE { resultCode Enumerated {…}; matchedDN LDAPDN, errorMessage LDAPString, referral Referral OPTIONAL }

15 Applications(actions) n Search n Add n Delete n Modify n Compare n Bind: allow authentication information to be exchanged between client and server n unbind:

16 Authentication and security n Authentication Choice ::simple ( clear text password) n SASL (Simple Authentication and Security Layer, RFC 2222) u allows for integrity and privacy services to be negotiated.

17 Where do you go tomorrow? n LDAP over SSL, Netscape extension. n Replication supporting, Netscape extension n More complex. n From Lightweight to middleweight

18 Authentication and security n Authentication Choice ::simple ( clear text password) n SASL (Simple Authentication and Security Layer, RFC 2222) u allows for integrity and privacy services to be negotiated.

19 Netscape Directory Server 3.1 configuration-1

20 Advanced configuration of Directory server.

Download ppt "LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998."

Similar presentations

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
EsMD Harmonization Use Case 1: Initial Technical Approach HPD Plus Erik Pupo.

EsMD Harmonization Use Case 1: Initial Technical Approach HPD Plus Erik Pupo.
Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.

Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
CS603 Directory Services January 30, 2002. Name Resolution: What would you like? Historical? –Mail –Telephone DNS? X.500 / LDAP? DCE? ActiveDirectory?

CS603 Directory Services January 30, Name Resolution: What would you like? Historical? –Mail –Telephone DNS? X.500 / LDAP? DCE? ActiveDirectory?
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
Naming And Directory Services Geetika Sharma 09/22/200 8 CSC8320.

Naming And Directory Services Geetika Sharma 09/22/200 8 CSC8320.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.

Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
©Copyright 1999 Peter Shipley LDAP Security Peter Shipley Chief Security Architect +1 650 404 3292.

©Copyright 1999 Peter Shipley LDAP Security Peter Shipley Chief Security Architect
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Similar presentations

Ads by Google