Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Lightweight Directory Access Protocol Introduction Danny Conte Conte Consultants Inc. Jan 31 st 2002.

Published byWinifred Rodgers Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Lightweight Directory Access Protocol Introduction Danny Conte Conte Consultants Inc. Jan 31 st 2002."— Presentation transcript:

1 Introduction to Lightweight Directory Access Protocol Introduction Danny Conte Conte Consultants Inc. http://www.conte.on.ca Jan 31 st 2002

2 Overview  History  Functional Overview  Protocol Overview  Data Model  Replication / Architechture  Vendor Landscape  Security Considerations  Applications  Operational Challenges  The LAB Analysis  Tools & References

3 LDAP History  X.500 Jointly developed by the ITU, and the ISO for different needs.  X.500 Good: distributed, extensible.  X.500 Bad: Based on OSI protocol, poor performance, designed for large service providers in non-internet fashion.  DAP X.500 Client, not well suited for desktop PC, (HEAVYWEIGHT Client).  Two Independent groups developed a 'lighter' client.  Directory Assistance Service (DAS RFC1202) & Directory Interface to X.500 (DIXIE RFC1249), still tied to X.500.  Wengyik Yeong, Steve Kille, Colin Robbins, and Tim Howes Publish the first LDAP spec in 1993 RFC1487.  LDAP v2 vs V3 (ACL, Replication, and many more)

4 LDAP Overview  Client Operations (functions):  Interrogate: Search, compare.  Update: Add, delete, modify.  Authentication: bind, unbind, abandon.  Protocol is Message based.  Allowing for multiple concurrent requests, and responses.  Client and server handle messages concurrently.  Speedy Search operations.  Server functions:  Implement LDAP RFC's, store data, index data, backup functions.  Provide Access Control.  Provide Transactional record keeping (rollback).

5 LDAP Protocol Overview LDAP Client LDAP Server 1. Bind Request 2. Bind Result 3. Operation Request (search) 4. Operation Result Entry #1 5. Operation Result Entry #2 6. Result of Operation (search) 7. Unbind Operation 8. Close Operation " Server port 389 for standard LDAP " Server port 636 for LDAP over SSL " Step 2 and Step 6 are KEY for LDAP trouble shooting! http://www.conte.on.ca Jan 31/2002

6 LDAP Protocol Mesgages LDAP Client LDAP Server Bind Request Bind Result Search Operation msgid=1 Unbind Operation Close Operation Search Operation msgid=2 Result Code msgid=2 Result Code msgid=1 http://www.conte.on.ca Jan 31/2002

7 LDAP Data Model dc=3lg, dc=com Ou=People ou=Groups ou=Servers uid: Dconte givenName: Danny sn: Conte telephonenumber: 416-575-3166 mail: danny@conte.on.cadanny@conte.on.ca cn: Danny objectClass: top objectClass: Person objectClass: organizationalPerson objectClass: inetorgperson Attribute: A name, and Data associated to an object Object: Collection of Attributes, and values ObjectClass: Tied to the schema, defines what attributes are required/optional Distinguished Name: 'dn: uid=dconte, ou=people,o=Canada, dc=3lg, dc=com' Relative Distinguished Name (RDN): (ie) uid=dconte Must be UNIQUE Schema: Set of rules that govern what and how data is stored LDIF: LDAP Data Interchange Forma (structured text) o=Asia o=United States o=Canada http://www.conte.on.ca Jan 31/2002

8 LDAP Replication  Means of making a backup of a dataset to another server.  Used to distribute data, to provide redundancy, local access.  Usually incremental, and live driven by changes.  Referals: Point to the true 'authoritative' datasource, and are inherent in the data.  Single Master vs Multimaster. Master Server Master Server Client Update Replication Replica Client Referal Update http://www.conte.on.ca Jan 31/2002

9 LDAP Architechture dc=3lg, dc=com o=Canada LDAP Server LDAP Server LDAP Server LDAP Server LDAP Server LDAP Server LDAP Server LDAP Server LDAP Server LDAP Server o=Asia o=UnitedStates o=UnitedKingom Local Clients Multimaster scenario Each Region is authoritative for local data Each Region has ALL data Master server 'glues' each region together via replication All clients have access to all data locally http://www.conte.on.ca Jan 31/2002

10 LDAP Vendor Landscape  Iplanet / Netscape Directory Server  Meta Directory Product  Directory Access Router Product  Microsoft Active Directory (LDAP is LDAP or is it?)  http://www.labmice.net/ActiveDirectory/AD_ldap.htm  Novell - Reinvents themselves as a 'directory company'  Openldap  The future is....wait and see.... http://www.conte.on.ca Jan 31/2002

11 LDAP Security  Access Control lists for search and modify functions must be created carefully.  Remember headhunters stealing phonebooks?  Target for the unscrupulous, or disgruntled employees.  Restrict number of results for searches (ie) display only first 10,20,30 options.  Clients suseptable to sniffing, keep directory manager passwords secure. http://www.conte.on.ca Jan 31/2002

12 LDAP Applications  LOTUS Notes / Domino.  Range of webservers: Apache (php/perl), IIS(asp).  NOS:Sun Solaris, Linux, Netware, Microsoft, IBM OS390.  Database: Oracle, Sybase.  EAM: Netegrity, Tivoli, Oblix, Peoplesoft  CISCO's Network Registrar DNS/DHCP.  Video Conferencing, IP Telephony  Public Key Infrastructure (uses LDAP for key distribution)  Many more vendors who require the need to use UID /Auth data are allowing clients to use an existing LDAP directory. http://www.conte.on.ca Jan 31/2002

13 Operational / Implementation Challenges  Determine your needs (ie) what you expect to store in the directory, then design the scheama and branches (DIT) accordingly.  Living with an abundance of 'directories': Distinguish NOS vs Enterprise directories.  Meta-Directories are probably needed.  DMZ Challenges.  New Roles and Responsibilities (NT Admins <> Directory Managers).  Document / Document / Document - Create a data source / process map oulining how/where/when data moves in and out of the directory.  Process definitions and flow must be clearly defined.  Directory Services team? http://www.conte.on.ca Jan 31/2002

14 LDAP LAB / Analysis LDAP Master LDAP Master LDAP Replica LDAP Replica 192.168.1.103 192.168.1.102 192.168.1.101 Software Used " Windows NT Worstation Ver4 SP6a " Iplanet Directory Server ver 5.1 " RedHat Linux 7.1 " Openldap-client ver 2.0.11 on linux " Vmware for Linux ver 3.0 " Ethereal Sniffer for Linux LDAP Operations LDAP Replication http://www.conte.on.ca Jan 31/2002 Openldap Client 192.168.1.100

15 LDAP Tools /References LDAP Clients http://www.ldapbrowser.com/ http://www-unix.mcs.anl.gov/~gawor/ldap/ http://perl-ldap.sourceforge.net/ http://www.polonia-online.com/ldap/ http://www.nwfusion.com/research/directories.html Vendor Pages http://www.iplanet.com/products/iplanet_directory/home_directory.html http://www.microsoft.com/activedirectory http://www.novell.com/products/edirectory/dirxml/ http://is-it-true.org/nt/nt2000/ad/ RFC's RFC1777 -Lightweight Directory Access Protocol RFC1778 -The String Representation of Standard Attribute Syntaxes RFC1959 -An LDAP URL Format RFC1823 -The LDAP API / RFC2251- RFC2256 - LDAP v3 Browsers / Addressbook Apps Netscapes 4x Browser is LDAP Compliant MS Outlook Express -addressbook Public Access LDAP Directories ldap://ldap.bigfoot.com http://www.emailman.com/ldap/public.html Some Graphics are from http://www.slashdot.orghttp://www.slashdot.org http://www.conte.on.ca Jan 31/2002

Download ppt "Introduction to Lightweight Directory Access Protocol Introduction Danny Conte Conte Consultants Inc. Jan 31 st 2002."

Similar presentations

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Application Architecture T H E S O C R A T E S G R O U P, I N C.

Application Architecture T H E S O C R A T E S G R O U P, I N C.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.

LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
©Copyright 1999 Peter Shipley LDAP Security Peter Shipley Chief Security Architect +1 650 404 3292.

©Copyright 1999 Peter Shipley LDAP Security Peter Shipley Chief Security Architect
1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.

1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.

Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.
Directory services Unit objectives

Directory services Unit objectives
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

Similar presentations

Ads by Google