Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paulo Repa 1. 1. 2 0 10 1 Lightweight Directory Access Protocol Paulo Repa

Published bySteven Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "Paulo Repa 1. 1. 2 0 10 1 Lightweight Directory Access Protocol Paulo Repa"— Presentation transcript:

1 Paulo Repa 1. 1. 2 0 10 1 Lightweight Directory Access Protocol Paulo Repa repapaul@gmail.com

2 2 LDAP Paulo Repa What is a directory?

3 3 LDAP Paulo Repa Directory Information Tree o=acme ou=Salesou=Marketingou=Product Development cn=Fred cn=Joe cn=Lotty cn=Fred,ou=Sales,o=acme DN for Fred in Sales: cn=eng_lw3 cn=lpr1

4 4 LDAP Paulo Repa Directory Solutions  Netscape Directory Server (iPlanet)  SCO UnixWare 7  IBM SecureWay (formerly eNetwork)  Novell NDS  OpenLdap (Linux)  Recommended

5 5 LDAP Paulo Repa  Directory server setup  Schema  ACLs  Data backup and restore  LDIF UnixWare 7 Directory

6 6 LDAP Paulo Repa Directory Setup scoadmin ldap

7 7 LDAP Paulo Repa Backend Setup

8 8 LDAP Paulo Repa  Directory server setup  Schema  ACLs  Data backup and restore  LDIF UnixWare 7 Directory

9 9 LDAP Paulo Repa Attribute Schema  Defined in slapd.at.conf  Specifies attribute syntax attributejpegphotobin attributetelephonenumbertel attributeuserpasswordces

10 10 LDAP Paulo Repa Objectclass Schema objectclass simplePerson requires cn, sn, objectClass allows jpegPhoto, mail, telephoneNumber, userPassword, creatorsName, createtimestamp, modifiersname, modifytimestamp  Defines object contents  Defined in slapd.oc.conf

11 11 LDAP Paulo Repa  Directory server setup  Schema  ACLs  Data backup and restore  LDIF UnixWare 7 Directory

12 12 LDAP Paulo Repa ACLs access to attr=userPassword by self write by * none ldapstop -i acme ldapstart -i acme  Controls access for read, write, search, compare and delete operations  Entry or attribute level  Defined in slapd.acl.conf

13 13 LDAP Paulo Repa  Directory server setup  Schema  ACLs  Data backup and restore  LDIF UnixWare 7 Directory

14 14 LDAP Paulo Repa Data Backup and Restore  ldbmcat -n id2entry.dbb  ldif2ldbm -i data.ldif  Don’t forget directory configuration

15 15 LDAP Paulo Repa  Directory server setup  Schema  ACLs  Data backup and restore  LDIF UnixWare 7 Directory

16 16 LDAP Paulo Repa LDIF  LDAP Data Interchange Format  Portable  Human readable (almost...) dn: o=acme objectclass: organization o: acme

17 17 LDAP Paulo Repa LDIF Update Statements  add  delete  modify (attribute add, delete, replace)  moddn dn: cn=Joe, ou=Product Development, o=acme changetype: modify replace: telephoneNumber telephoneNumber: 958-1234

18 18 LDAP Paulo Repa LDAP Commands  ldapsearch  ldapmodify  ldapadd  ldapdelete  ldapmodrdn

19 19 LDAP Paulo Repa ldapsearch ldapsearch -h ldapsvr.acme.com -D “cn=admin” -w “secret” -b “o=acme” -s one “objectclass=*”

20 20 LDAP Paulo Repa ldapmodify ldapmodify -h ldapsvr.acme.com -D “cn=admin” -w “secret” -f modifications.ldif dn: cn=Joe, ou=Product Development, o=acme replace: telephoneNumber telephoneNumber: 958-1234

21 21 LDAP Paulo Repa ldapadd ldapmodify -a -h ldapsvr.acme.com -D “cn=admin” -w “secret” -f additions.ldif ldapadd -h ldapsvr.acme.com -D “cn=admin” -w “secret” -f additions.ldif

22 22 LDAP Paulo Repa ldapdelete ldapdelete -h ldapsvr.acme.com -D “cn=admin” -w “secret” cn=Fred,ou=Sales,o=acme

23 23 LDAP Paulo Repa ldapmodrdn ldapmodrdn -h ldapsvr.acme.com -D “cn=admin” -w “secret” -r cn=lpr,ou=Sales,o=acme cn=sales_lw1

24 24 LDAP Paulo Repa Using the UnixWare 7 LDAP API  Library / Binding to the server  Search  Compare  Add  Modify  Asynchronous LDAP calls

25 25 LDAP Paulo Repa LDAP C API  UnixWare 7 ldap package  LDAP C API - RFC1823  LDAP v2 - RFC1777 #include cc -o app -lldap -llber -lresolv src.c

26 26 LDAP Paulo Repa Binding to the server LDAP *ld; ld = ldap_open(“ldapsvr.acme.com”,LDAP_PORT); if (ldap_simple_bind_s(ld,“cn=admin”,“secret”) != LDAP_SUCCESS) { ldap_perror(ld,“bind example”); return; } if (ldap_unbind_s(ld) != LDAP_SUCCESS) { ldap_perror(ld,“bind example”); return; } … LDAP directory operations (search, modify,...)...

27 27 LDAP Paulo Repa Using the UnixWare 7 LDAP API  Library / Binding to the server  Search  Compare  Add  Modify  Asynchronous LDAP calls

28 28 LDAP Paulo Repa Search - API call LDAPMessage *res, *entry; BerElement *ber; char *attr, *dn, **vals, **vp; if (ldap_search_s(ld, “o=acme”, LDAP_SCOPE_SUBTREE, “telephoneNumber=958*”, 0, &res) != LDAP_SUCCESS) { ldap_perror(ld, “search example”); exit(EXIT_FAILURE); }

29 29 LDAP Paulo Repa Search - Process Data for (entry = ldap_first_entry(ld, res); entry != NULL; entry = ldap_next_entry(ld, entry)) { if (dn = ldap_get_dn(ld, entry)) { printf(“dn: %s\n”, dn); free(dn); } for (attr=ldap_first_attribute(ld, entry, &ber); attr != NULL; attr=ldap_next_attribute(ld, entry, ber)) { vals = ldap_get_values(ld, entry, attr); for (vp = vals; vp && *vp; vp++) printf(“%s: %s\n”, attr, *vp); ldap_value_free(vals); } if (ber) ber_free(ber, 0); } ldap_msgfree(res);

30 30 LDAP Paulo Repa Using the UnixWare 7 LDAP API  Library / Binding to the server  Search  Compare  Add  Modify  Asynchronous LDAP calls

31 31 LDAP Paulo Repa Compare - API call Matches for an attribute type of “tel” syntax if ((res = ldap_compare_s(ld, “cn=Fred, ou=Sales, o=acme”, “telephoneNumber”, “9589876”)) == -1) { ldap_perror(ld, “compare example”); exit(EXIT_FAILURE); } if (res = LDAP_COMPARE_TRUE) // Attribute type and value found else // Not found dn: cn=Fred, ou=Sales, o=acme objectclass: simplePerson cn: Fred sn: Jones telephoneNumber: 958-9876

32 32 LDAP Paulo Repa Using the UnixWare 7 LDAP API  Library / Binding to the server  Search  Compare  Add  Modify  Asynchronous LDAP calls

33 33 LDAP Paulo Repa LDAPMod structure  One structure per attribute type  Add, delete and replace operations  Text or binary data  Multiple values mod_op mod_type mod_values LDAP_MOD_ADD “mailAliasMembers” “Joe” “Lotty”

34 34 LDAP Paulo Repa char *cnvals[]={"John", NULL}, *snvals[]={"Smith", NULL}; char *objvals[]={”simplePerson", NULL}; LDAPMod mod[3], *mods[4]; mod[0].mod_op = LDAP_MOD_ADD; mod[0].mod_type = "cn"; mod[0].mod_values = cnvals; mod[1].mod_op = LDAP_MOD_ADD; mod[1].mod_type = "sn"; mod[1].mod_values = snvals; mod[2].mod_op = LDAP_MOD_ADD; mod[2].mod_type = "objectClass"; mod[2].mod_values = objvals; for (i=0; i < sizeof(mod) / sizeof(LDAPMod); i++) mods[i] = &mod[i]; mods[i] = NULL; Add Entry - Data

35 35 LDAP Paulo Repa if (ldap_add_s(ld, “cn=John,ou=Marketing,o=acme”,&mods[0]) != LDAP_SUCCESS) { ldap_perror(ld, “add example”); exit(EXIT_FAILURE); } Add Entry - API call dn: cn=John, ou=Marketing, o=acme objectclass: simplePerson cn: John sn: Smith

36 36 LDAP Paulo Repa Using the UnixWare 7 LDAP API  Library / Binding to the server  Search  Compare  Add  Modify  Asynchronous LDAP calls

37 37 LDAP Paulo Repa char *snvals[] = { “Smithe”, NULL}; char *telvals[] = { “958-2357”, NULL}; LDAPMod mod[2], *mods[3]; mod[0].mod_op = LDAP_MOD_REPLACE; mod[0].mod_type = "sn"; mod[0].mod_values = snvals; mod[1].mod_op = LDAP_MOD_ADD; mod[1].mod_type = ”telephoneNumber"; mod[1].mod_values = telvals; for (i=0; i < sizeof(mod) / sizeof(LDAPMod); i++) mods[i] = &mod[i]; mods[i] = NULL; Modify Entry - Data

38 38 LDAP Paulo Repa if (ldap_modify_s(ld,“cn=John,ou=Marketing,o=acme”,&mods[0]) != LDAP_SUCCESS) { ldap_perror(ld, “modify example”); exit(EXIT_FAILURE); } Modify Entry - API call dn: cn=John, ou=Marketing, o=acme objectclass: simplePerson cn: John sn: Smithe telephoneNumber: 958-2357

39 39 LDAP Paulo Repa Using the UnixWare 7 LDAP API  Library / Binding to the server  Search  Compare  Add  Modify  Asynchronous LDAP calls

40 40 LDAP Paulo Repa Asynchronous LDAP calls  Client need not block  Operations may be multiplexed on a connection  Function names omit “_s” int msgid, rc; if ((msgid = ldap_search(ld, “o=acme”, LDAP_SCOPE_SUBTREE, “objectclass=*”, NULL, 0)) == -1) error_handler(); while ((rc = ldap_result(ld, msgid, 0, NULL, &result)) == LDAP_RES_SEARCH_ENTRY) { process_results(result); ldap_msgfree(result); }

41 41 LDAP Paulo Repa Bibliography  LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol –Howes, Smith  RFC1777 - Lightweight Directory Access Protocol  RFC1823 - The LDAP Application Program Interface

Download ppt "Paulo Repa 1. 1. 2 0 10 1 Lightweight Directory Access Protocol Paulo Repa"

Similar presentations

Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.

Lightweight Directory Access Protocol (LDAP) By Raghavendra Aekka Professor Dr. Ravi Mukkamala.
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
CPE 401 / 601 Computer Network Systems

CPE 401 / 601 Computer Network Systems
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
Tips and Tricks for Using Novell eDirectory ™ Utilities Roger G. Harrison Manager, Software Engineering Novell, Inc.

Tips and Tricks for Using Novell eDirectory ™ Utilities Roger G. Harrison Manager, Software Engineering Novell, Inc.
1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.

1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr. 2001 Michel Jouvin

23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – www.openldap.org docs –RFCs:

Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – docs –RFCs:
LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.

LDAP Search Criteria Fall 2004 Rev. 2. LDAP Searches Can be performed on Single directory entry Contents of a single container Entire subtree Required.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP.

Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.
Bynari, Inc. Sharing made easy Doug Finch Director of Technical Support Bynari, Inc.

Bynari, Inc. Sharing made easy Doug Finch Director of Technical Support Bynari, Inc.
Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu 10.04 LTS comes with MIT Kerberos 1.8.1 Admin through CLI, but from.

Building a KDC. Kerberos Implementations RedHat 5 comes with MIT Kerberos 1.6 Ubuntu LTS comes with MIT Kerberos Admin through CLI, but from.
Introduce LDAP 张海鹏 2008-07-25. SOA Mult - Little system User Manager System (share between other systems) How to store user Information How to access.

Introduce LDAP 张海鹏 SOA Mult - Little system User Manager System (share between other systems) How to store user Information How to access.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.
SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.

SPARCS 10 이대근 (harry). Contents  Directory Service  What is LDAP?  Installation  Configuration  ldap-utils  User authentication with LDAP.
® IBM Tivoli Directory Integrator Tivoli Directory Integrator Exercise 2 – Mapping to inetOrgPerson Eddie Hartman 2005.04.12

® IBM Tivoli Directory Integrator Tivoli Directory Integrator Exercise 2 – Mapping to inetOrgPerson Eddie Hartman

Similar presentations

Ads by Google