Presentation is loading. Please wait.

Presentation is loading. Please wait.

Todd K. Watson Information Technology Services LDAP Authentication 2003 IT Fall Retreat Associated Colleges of the.

Published byMarshall James Modified over 9 years ago

Similar presentations

Presentation on theme: "Todd K. Watson Information Technology Services LDAP Authentication 2003 IT Fall Retreat Associated Colleges of the."— Presentation transcript:

1 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net LDAP Authentication 2003 IT Fall Retreat Associated Colleges of the South Todd K. Watson Senior System/Network Administrator Southwestern University tkw@southwestern.edu

2 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Disclosure: I am not an LDAP expert!! ● Brief background ● Overview of current technologies. ● Tell what SU is doing ● Rhodes will follow ● Everyone else chimes in with their plans, etc

3 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Traditional Systems Authentication ● Unix -- /etc/passwd, /etc/shadow, NIS ● Microsoft -- NT LANMan, hacks prior to NT ● Apple -- “At Ease”, Multi-user (OS-9) ● WWW – local passwd DB (eg. htaccess) Kerberos was only viable existing solution for cross-platform system and application authentication. Was complex and required specialized clients and servers, which limited choice and flexibility.

4 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Enter LDAP..... (Lightweight Directory Access Protocol)

5 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net LDAP – The Big Picture What's most useful to us in the discussion about authentication Graph from “LDAP Directories Explained” by Brian Arkills -- Published by Addison Wesley A vendor independent method of consolidating information about users across different systems and services on different OS`s.

6 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Historical LDAP Authentication Problems ● LDAP was originally designed as a directory, not an authentication, server. Evolved from X.500, and was pioneered at Univ. Michigan. ● Lack of support by clients ● Lack of encryption – passwords in the clear ● Lack of Access Control – Authorization ● LDAP v3 RFCs and vendor implementations address these issues

7 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Where to Start with LDAP ● RESEARCH!!! -- Read and study as much as you can prior to building your LDAP install. (references appendix later) ● LDAP has a natural mapping to your DNS space. Use this to your advantage, and avoid straying from this. ● Choose a vendor product wisely! LDAP consists of only 10 basic funtions ((un)bind, abandon, search, compare, add, modify, delete,..) so each product differs on the extras, the interface, schemas, etc. ● Make sure all of your systems and services will integrate with that vendor's LDAP implementation. (eg. Does Datatel or Banner recommend/support?)

8 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Some LDAP Vendors/Products

9 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Southwestern`s LDAP Requirements ● Unix systems, which provide POP, IMAP, SMTP ● Web services -- webmail, software downloads, timeclocks, MySU portal, Campus Notices (W&L), library catalogs,... ● Lab computers – both Macs and PCs ● Wired and Wireless network access (via NetReg) ● Datatel WebAdvisor ● Group calendaring (currently CorpTime – now Oracle) Unified Authentication for: Authoritative source of data must reside on Unix server, and have a web- based management interface with multiple levels of access-control.

10 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Southwestern Univ. Active Directory(AD) ● This summer ('03) we implemented MS Active Directory on a Win2K Advanced Server for WinXP and MacOS-X clients. – This provided seamless data storage to our Network Appliance file server (also used via NFS to our Unix servers) from any lab computer on campus. – MacOS-X -- we use the “Admit Mac” product by Thursby Software to allow Macs to “join the Active Directory domain”. Macs are treated just like PCs on domain with transparent Desktop and (My)Documents folder mappings like on PC. – Currently NO synchronization between AD and Unix hosted LDAP and NIS. – Old (pre-existing) accounts had to have new password for AD, though can reset – New accounts are created after Unix/email account and use the same passwords – Password changes must be done on both systems! VERY CONFUSING..... – Account management done from Win/Mac/Linux using VNC. Plans to possibly add web scripts with Perl LDAP/ActiveDir module hooks.

11 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Future Goals for Southwestern Univ. LDAP Infrastructure ● Unix-based product (need Enterprise stability!) ● Datatel supported (for WebAdvisor) ● **Synchronization/Replication to/from Active Directory** ● Flexibility/Extensibility. Need Access to data stores without complex API. ● Standards based – extremely important for future product integration

12 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net And now another perspective... Doug Walker and Richie Trenthem from Rhodes College

13 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net Discussion.... ● What is everyone else doing/thinking? ● Who has experience with LDAP products besides Microsoft Active Directory? ● Washington & Lee uses Novell eDirectory, but could not be here to talk about it. Ask Julie during the break how it is working for them. ● What requirements does your campus have? What are your strengths and weaknesses in playing the LDAP game?

14 Todd K. Watson Information Technology Services tkw@southwestern.edu http://tkdubs.net References “LDAP Directories Explained: An Introduction and Analysis” by Brian Arkills (Addison Wesley – 2003) “LDAP System Administration”, by Gerald Carter (O'Reilly & Associates – 2003) “Understanding and Deploying LDAP Directory Services (2 nd Ed.)”, by Timothy Howes (Addison Wesley – 2003) [the bridge book] ● http://www.openldap.org ● http://www.kingsmountain.co m – the “LDAP RoadMap and FAQ” has many great resources ● http://perl- ldap.sourceforge.net – Net::LDAP module provides ability to create hooks into LDAP via CGI or CLI scripts to do custom management funtions

Download ppt "Todd K. Watson Information Technology Services LDAP Authentication 2003 IT Fall Retreat Associated Colleges of the."

Similar presentations

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Network-Attached Storage

Network-Attached Storage
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.

Deliver your Technology-Based Labs with VMware Lab Manager 5/6/2010 Michael Fudge.
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Chapter 12 Reading assignment n From “Running Linux”, on reserve at PSU Main library (2-hour checkout) Chapter 1 (pages 1 through 41)Chapter 1 (pages 1.

Chapter 12 Reading assignment n From “Running Linux”, on reserve at PSU Main library (2-hour checkout) Chapter 1 (pages 1 through 41)Chapter 1 (pages 1.
Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.

Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –

Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Gale D. Fritsche Lehigh University Library and Technology Services Client Service Insanity A Campus-wide Novell to Active Directory Migration EDUCAUSE.

Gale D. Fritsche Lehigh University Library and Technology Services Client Service Insanity A Campus-wide Novell to Active Directory Migration EDUCAUSE.
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.
Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.

Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Stanford University StanfordNetDB Stanford NetDB- An Open Source Network Management Application for DNS, DHCP, IP Address Spaces, etc.

Stanford University StanfordNetDB Stanford NetDB- An Open Source Network Management Application for DNS, DHCP, IP Address Spaces, etc.

Similar presentations

Ads by Google