Presentation is loading. Please wait.

Presentation is loading. Please wait.

Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP.

Published byJonas Walton Modified over 9 years ago

Similar presentations

Presentation on theme: "Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP."— Presentation transcript:

1 Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP

2 Course objectives OpenLDAP Know what directory server are. Know what is OpenLDAP. Know how to install and configure OpenLDAP. By completing this course, you will :

3 Course topics OpenLDAP Directories. Which purposes. LDAP. Theory and protocol. OpenLDAP. Practice. Course’s plan :

4 Directories From X.500 to nowadays OpenLDAP

5 Preview Directories What is it ? What is it intended for ? Evolution.

6 The yellow pages Directories Mapping "name" to “telephone number" Sort by category Sort by city Find the information As fast as possible

7 A database ? Directories A database ? Not exactly. Arborescent structure Like a filesystem No limit on attributes No columns, no tables Optimized for read and search operations

8 History Directories X.500 OSI Directory Access Protocol Created by telecom operators Created in 1988 Impossible to port on micro-computers Not compatible with TCP/IP( OSI )

9 Problems Directories Need for classified data Need for security. Need for speed.

10 LDAP v3 Lightweight Directory Access Protocol OpenLDAP

11 Preview LDAP v3 Advantages Components Models

12 LDAPv3 advantages LDAP v3 SASL (single-sign-on) authentification SSL/TLS encryption Schemas discovery

13 Data model LDAP v3 Defines the type of stored data An entry is an LDAP object It contains some attributes  An attribute match a data type  An attribute can have multiple values Directory

14 Attributes LDAP v3 Two kinds of attributes : User attributes System attributes Easy to remember names : Cn : Common Name userPassword : Password objectClass : Class of the object

15 Inheritance LDAP v3 The entries inherits from their parent

16 Naming convention LDAP v3 Directory Information Tree (DIT) creation Organizes the entries Defines inheritances The DIT is important, it must reflect the reality

17 DIT example LDAP v3

18 Stop-and-think LDAP v3 Do we have to create the data model ? Is the DIT important ?

19 OpenLDAP A free Implementation of LDAP protocol OpenLDAP

20 Preview OpenLDAP Installation Configuration First step inside the system Let’s practice

21 Server side OpenLDAP The daemon is slapd Standalone LDAP Daemon Replication daemon : slurpd Standalone LDAP Update Replication Daemon The configuration file is slapd.conf Located in : /etc/openldap

22 Slapd.conf OpenLDAP Important statements : include file : include a schema database type : may be bdb, ldbd,... suffix path : our tree suffix rootdn path : Who is root ? rootpw secret : the root password ! pidfile : file holding the server PID argfile : file holding default server arguments.

23 Example OpenLDAP include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema databasebdb suffix"c=FR, o=Labo-linux" rootdn"cn=admin,c=FR,o=Labo-linux" rootpw {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema databasebdb suffix"c=FR, o=Labo-linux" rootdn"cn=admin,c=FR,o=Labo-linux" rootpw {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN

24 ACL OpenLDAP Restrict access to attributes access to by access to attr=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=example,dc=com" write by * none access to attr=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=example,dc=com" write by * none

25 ACL OpenLDAP * Anonymous Self Everybody Anonymous users User associated with concerned attribute dn.style= User matching the regex Object name * means all objects.

26 ACL OpenLDAP base One Subtree  dn.style=  style: Exact matching One child below matching expression Subtree beginning with matching expression Children Like subtree but excluding matching head

27 ACL OpenLDAP Example : 0: o=suffix 1: cn=Manager,o=suffix 2: ou=people,o=suffix 3: uid=kdz,ou=people,o=suffix 4: cn=addresses,uid=kdz,ou=people,o=suffix 5: uid=hyc,ou=people,o=suffix dn.base="ou=people,o=suffix" dn.one="ou=people,o=suffix" dn.subtree="ou=people,o=suffix" 2 3, 5 2,3,4,5 dn.children="ou=people,o=suffix" 3,4,5

28 ACL OpenLDAP None Auth Search  Permissions  : No rights at all Requiered to authentificate Apply search filters Read Reading data Write Writing data

29 Data adding OpenLDAP LDIF files Contains structured data Added with the ldapadd command # ldapadd -D 'cn=Manager,o=Labo-linux' -W -f file.ldif

30 LDIF Files OpenLDAP dn: o=Labo-linux objectclass: organization o: Labo-linux dn: o=Labo-linux objectclass: organization o: Labo-linux dn: ou=Ressources, o=Labo-linux objectclass: organizationalUnit ou: Ressources description: Ressources de l'organisation dn: ou=Ressources, o=Labo-linux objectclass: organizationalUnit ou: Ressources description: Ressources de l'organisation

31 Starting server OpenLDAP Add a special user for LDAP for security purposes. And then look at the logs... # slapd -u ldapuser -g ldapgroup \ > -h 'ldap://localhost/' # slapd -u ldapuser -g ldapgroup \ > -h 'ldap://localhost/' # tail /var/log/ldap/ldap.log

32 Stop-and-think OpenLDAP The only way to learn is to practice !

33 Course Summary OpenLDAP What is directory LDAP OpenLDAP Administration

34 For more OpenLDAP CoursesPublications Web sites www.openldap.org -Kerberos Conferences www.labo-linux.org http://www.oreilly.com/catalog/ldapsa/

35 Congratulations You have successfully completed the SUPINFO course OpenLDAP

36 The end

Download ppt "Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP."

Similar presentations

Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL 03 AUGUST 2005 LINUX SYSTEM ADMINISTRATION AND SECURITY VINEET BHARDWAJ VINAY KUMAR THOTA.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
Understanding Active Directory

Understanding Active Directory
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Understanding Active Directory

Understanding Active Directory
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
Directory services Unit objectives

Directory services Unit objectives
Windows Server 2008 Chapter 4 Last Update 2012.05.01 1.0.0.

Windows Server 2008 Chapter 4 Last Update
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
K. Stoeckigt, E. Verharen, Secure real-time audio/video communication – H.350,

K. Stoeckigt, E. Verharen, Secure real-time audio/video communication – H.350,
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu 10.04 LTS comes with MIT Kerberos 1.8.1 Admin through CLI, but from.

Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu LTS comes with MIT Kerberos Admin through CLI, but from.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

Similar presentations

Ads by Google