Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.

Similar presentations


Presentation on theme: "LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22."— Presentation transcript:

1 LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22

2 2 Outline Motivation Related Work Directory Service X.500 LDAP Depiction Architecture LDIT Implementation Conclusion Reference

3 3 Motivation User Mail server Web server FTP server Application server Samba server Account

4 4 Motivation (cont) Each services has its own configuration file or resource record A server doesn’t have many services Administration (ex: account) Data repetitively.

5 5 Related Work Directory services (DS) A set of applications Stores and organizes information about a computer network's users and network resources X.500 X.500 is a series of computer networking standards covering electronic directory services

6 6 Directory services

7 7 X.500 A hierarchical organization of entries which is distributed across one or more servers

8 8 LDAP Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. Optimized for lookups Much higher read ratio More easily extended Implementation Software OpenLDAP

9 9 Application

10 10 Application (cont) Internet Client LDAP server Client FTP server Samba server Mail server NAT Switch

11 11 History RFC 1777 Lightweight Directory Access Protocol (v1) RFC 2251-2256 Lightweight Directory Access Protocol (v3) RFC 2829 Authentication Methods for LDAP RFC 2830 Lightweight Directory Access Protocol (v3) : Extension for Transport Layer Security RFC 3377 Lightweight Directory Access Protocol (v3) : Technical Specification

12 12 Background Relatively simple protocol (X.500 was heavy weighted). Universal design for directory services. Application TCP UDP IP Physical media TCP/IP Protocol LDAP Application Presentatio n Session Transport Network Data link Physical X.500 OSI protocol Internet

13 13 Depiction An LDAP directory is organized in a simple tree hierarchy consisting. LDAP directory can be distributed among many servers. Company Department_BDepartment_A employee

14 14 DIT Directory Information Tree (DIT) Entity Describes an object (Class) Ex: people, devices Class Attribute A type/syntax and a value Value

15 15 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber:555-1234 The attribute and value of the property

16 16 LDAP Interchange Format LDIF (LDAP Interchange Format) RFC 2849 A set of entry Attribute and value Stores configuration information of LDAP and stand text format of directory More instruction Schema

17 17 Schema Defines what object classes allowed Where they are stored What attributes they have (objectClass) Which attributes are optional (objectClass) Type/syntax of each attribute (objectClass)

18 18 Schema (cont) objectClass:person cn,sn userPassword telephoneNumber seeAlso description objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) core.schema

19 19 LDAP Interchange Format (cont) DN (Distinguished Name): A record RDN (Relative Distinguished Name): cn and value of cn CN (Common Name): Name OU (Organizational Unit) : DC (Domain Component) :

20 20 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber:555-1234 The attribute and value of the property LDIF dn: cn=alice,dc=john, dc=ipv6,dc=club, dc=tw objectClass: person sn=: carter telephoneNumber: 555-1234

21 21 Model Information model Basic unit: Entry DIT (Directory information Tree) Naming model Define entry or data of DIT by RDN (Relative distinguished name) DN (distinguished name) Functional model Define data operating procedure Security model Authentication mechanism ACL (Access control list)

22 22 Implementation OpenLDAP OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. http://www.openldap.org/ Experimental Version OpenLDAP-server-2.3.37 Download http://www.openldap.org/software/download/

23 23 Configuration file slapd.conf (/usr/local/etc/openldap/) Schema Log record SSL/TLS Database area ACL

24 24 Configuration file - schema SchemaDescript core.schema OpenLDAP core (required) RFC 2251~2256 inetorgperson.schema InetOrgPerson (useful) RFC 2798 cosine.schema Cosine and Internet X.500 (useful) RFC 1274 misc.schemaAssorted (experimental) nis.schema Network Information Services (FYI) RFC 2307 Path : /usr/local/etc/openldap/schema/

25 25 Configuration file – database area Database variableDescript bdbBerkeley DB ldbmGNU Database Manager passwdSystem password file shellExport database

26 26 Configuration file – database area Define database dabatase bdb Define root suffix Suffix“dc=john,dc=ipv6,dc=club,dc=tw” Define root DN rootdn“cn=admin, dc=john,dc=ipv6,dc=club,dc=tw” Define root passwd rootpwXXX Define directory path Directory/var/db/xxx/

27 27 White page LDAP DIT dc=john,dc=ipv6, dc=club, dc=tw ou=people ou=devices cn=Alice dn: cn=Alice, ou=people, dc=john,dc=ipv6, dc=club, dc=tw RDN cn=Alice objectClass: person sn:carter telephoneNumber:555-1234 The attribute and value of the property LDIT dn: cn=alice,dc=john,dc=ipv6, dc=club, dc=tw objectClass: person sn=: carter telephoneNumber: 555-1234

28 28 White page (cont) people.ldif #create root dn: dc=john,dc=ipv6,dc=club,dc=tw dc: john objectClass: dcObject objectClass: organizationalUnit #create ou dn: ou=people, dc=john,dc=ipv6,dc=club,dc=tw ou: people objectClass: organizationalUnit #create person dn: cn=alice, ou=people, dc=john,dc=ipv6,dc=club,dc=tw cn:alice objectClass: person sn: carter telephoneNumber:555-1234

29 29 Instruction Start /usr/local/libexec/slapd Input data slapadd –v- l /xxx/people.ldif Show data ldapsearch –x –b “dc=john,dc=ipv6,dc=club,dc=tw”

30 30 Instruction (cont) Offline tools slapadd, slapcat, slapindex, slappasswd Online tools ldapsearch, ldapadd, ldapdelete, ldapmodify, ldapmodrdn

31 31 Conclusion Used to access and update information in a directory built on the X.500 model Specification defines the content of messages between the client and the server Includes operations to establish and disconnect a session from the server

32 32 Reference Lightweight Directory Access Protocol RFC 2251 OpenLDAP http://www.openldap.org/ LDAP system Administration Gerald Carter, O’REILLY, 2003


Download ppt "LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22."

Similar presentations


Ads by Google