Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2.

Published byAlberta Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2."— Presentation transcript:

1 LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2

2 Server Information Allows developer/admin to not have to make assumptions about directory Often termed the “root object” or root DSE (p.174) Server is required to recognize the the attributes Server is NOT required to have the attributes or values in those attributes

3 Root DSE attributes altServer Other servers that can be contacted if this server is unavailable namingContexts List of naming contexts held by the LDAP server supportedControl List of the OIDs of controls the LDAP server supports supportedExtension List of the OIDs of the extensions the LDAP server supports

4 Root DSE attributes supportedLDAPVersion Lists LDAP version supported supportedSASLMechanisms Lists the SASL mechanisms supported by the LDAP server Can also have custom (vendor specific) attributes supportedFeature (OpenLDAP)

5 OpenLDAP Controls From the ldap.h file: /* LDAP Controls */ #define LDAP_CONTROL_MANAGEDSAIT"2.16.840.1.113730.3.4.2" #define LDAP_CONTROL_NOOP"1.3.6.1.4.1.4203.1.10.2" #define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" #define LDAP_CONTROL_SORTRESPONSE"1.2.840.113556.1.4.474" #define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9" #define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10" #define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3"

6 OpenLDAP Extensions From the ldap.h file: #define LDAP_EXOP_START_TLS"1.3.6.1.4.1.1466.20037" #define LDAP_EXOP_MODIFY_PASSWD"1.3.6.1.4.1.4203.1.11.1" #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID((ber_tag_t) 0x80U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD((ber_tag_t) 0x81U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW((ber_tag_t) 0x82U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_GEN((ber_tag_t) 0x80U) #define LDAP_EXOP_X_WHO_AM_I"1.3.6.1.4.1.4203.1.11.3"

7 How to Query for Operational Information Set the search base to “” Set scope to “base” Set the search filter to: ‘(objectclass=*)’ Query for certain attributes: namingContexts Query for all attributes “+” (RFC 3673)

8 Example Query ldapsearch -h 161.28.116.244 -b "" -s base -x -W '(objectclass=*)' "+"

9 Subschema Contains the schema definitions No standard place That is what the operational attributes are used for! Query the root DSE for “subschemasubentry” OpenLDAP - cn=Subschema eDirectory/Active Directory - cn=schema

10 Subschema The subschema contains all objectclasses and attributes the server supports Developer/Admin could query and search for objectclass or attribute Example: inetOrgPerson

11 Subschema Search Objectclasses ldapsearch -h 161.28.116.244 -b "cn=Subschema" -s base -x -W '(objectclass=*)' attributetypes Attributes ldapsearch -h 161.28.116.244 -b "cn=Subschema" -s base -x -W '(objectclass=*)' attributetypes Combination of Both ldapsearch -h 161.28.116.244 -b "cn=Subschema" -s base -x -W '(objectclass=*)' objectclassses attributetypes

12 Subschema Search Matching Rules ldapsearch -h 161.28.116.244 -b "cn=Subschema" -s base -x -W '(objectclass=*)' matchingRules LDAP Syntaxes ldapsearch -h 161.28.116.244 -b "cn=Subschema" -s base -x -W '(objectclass=*)' ldapSyntaxes Ask for it all ldapsearch -h 161.28.116.244 -b "cn=Subschema" -s base -x -W '(objectclass=*)' subschema

13 Monitor Used to store other server information in the entry Server version (not LDAP but release) Total connections Startup time Bytes sent Information different from root DSE This entry is more on the running condition, network information, etc.

14 Monitor Usually can be queried by: Base = “cn=Monitor” Scope = “base” Filter = ‘(objectclass=*)’ But DN can differ from server to server Best to query root DSE and return “monitor” For OpenLDAP it must be specified at compile time

Download ppt "LDAP: Accessing Operational Information CNS 4650 Fall 2004 Rev. 2."

Similar presentations

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
OpenLDAP Directory Administration Replication, Referrals, Searching, and SASL Explained.

OpenLDAP Directory Administration Replication, Referrals, Searching, and SASL Explained.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
Managing Enterprise Directories: Operational Issues Performance Monitoring Brendan Bellina, University of Notre Dame Base CAMP – Tempe, Arizona February.

Managing Enterprise Directories: Operational Issues Performance Monitoring Brendan Bellina, University of Notre Dame Base CAMP – Tempe, Arizona February.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.

LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.
1 Kaseya Advanced Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.2 Last updated on June 25, 2012 DAY TWO.

1 Kaseya Advanced Workshop Developed by Kaseya University Powered by IT Scholars Kaseya Version 6.2 Last updated on June 25, 2012 DAY TWO.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
The EU DataGrid – Information and Monitoring Services The European DataGrid Project Team

The EU DataGrid – Information and Monitoring Services The European DataGrid Project Team
LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.
K. Stoeckigt, E. Verharen, Secure real-time audio/video communication – H.350,

K. Stoeckigt, E. Verharen, Secure real-time audio/video communication – H.350,
EDirectory Update with 8.7.1 Gary J Porter MindWorks, Inc.

EDirectory Update with Gary J Porter MindWorks, Inc.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.

GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP.

Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.

Similar presentations

Ads by Google