Ldap Light Weight Directory Access Protocol
-
Upload
nightmaredragon -
Category
Documents
-
view
232 -
download
0
description
Transcript of Ldap Light Weight Directory Access Protocol
![Page 1: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/1.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 1/30
LDAPLIGHT WEIGHT DIRECTORY
ACCESS PROTOCOL• PRESENTATION BY ALAKESH
APURVA DHAN AND ASH
![Page 2: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/2.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 2/30
WHAT IS LDAP
• LDAP IS LIGHT WEIGHT• SUFFICIENT STRAIGHT FORWARD• EASY TO IMPLEMENT AS AGAINST
X.500 DAP WHICH IS HEAVYWEIGHT
![Page 3: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/3.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 3/30
LDAP
• DIRECTORY BECAUSE DATA ISORGANISED IN THE FORM OF TREEMUCH LIKE UNIX FILE SYSTEM
• USES SIMPLIFIED SET OFENCODING
• RUNS DIRECTLY ABOVE TCP/IP• USES STRING TO REPRESENT DATA
![Page 4: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/4.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 4/30
LDAP
• LDAP SECURITY MODEL : DEFINESHOW INFORMATION CAN BEPROTECTED FROM UNAUTHORISEDACCESS
![Page 5: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/5.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 5/30
LDAP
• LDAP API• THERE ARE SEVERAL LDAP API
APPLICATION PROGRAMMINGINTERFACE OLDEST ONES WRITTENIN C
• NOW A DAYS LDAP API S AREAVAILABLE IN OTHER PROGRAMMINGLANGUAGES LIKE PERL JAVA
![Page 6: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/6.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 6/30
HOW LDAP WORKS
• LDAP DIRECTORY SERVICE IS BASEDON CLIENT SERVER MODEL
• LDAP IS A MESSAGE ORIENTEDPROTOCOL
• CLIENT CONSTRUCTS AN LDAPMESSAGE CONTAINING A RE UESTAND SENDS IT TO THE SERVER
![Page 7: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/7.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 7/30
HOW LDAP WORKS
• SERVER PROCESSES THERE UEST AND SENDS IT BACK TO
THE CLIENT IN THE FORM OF LDAPMESSAGE
![Page 8: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/8.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 8/30
LDAP BACKENDS
• THE BASIC DAEMON PROCESS THAT RUNS ON THE LDAP SERVERCALLED SLAPD COMES WITH
THREE DIFFERENT BACKENDDATABASES
• WE ASSUME THAT IN OUR CASEWE USE LDBM THE MOST USEDONE
![Page 9: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/9.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 9/30
HOW LDAP WORKS
• LDAP DATABASE WORKS BYADDING A COMPACT FOUR BYTEUNI UE IDENTIFIER
• INDEX FILES ARE MAINTAINED FORREFERRING TO DATA
![Page 10: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/10.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 10/30
LDAP PROTOCOLOPERATION• INTERROGATION OPERATION :
SEARCH ! COMPARE• ADD DELETE OPERATOIN :
ADD ! DELETE ! MODIFY ! MODIFY
DN• AUTHENTICATION AND CONTROLOPERATION :
BIND ! UNBIND ! ABANDON
![Page 11: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/11.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 11/30
LDAP INFORMATIONMODEL
• BASIC UNIT IS ENTRY " ACOLLECTION OF INFORMATIONABOUT AN OBJECT #
• AN ENTRY IS COMPOSED OF ASET OF ATTRIIBUTES
![Page 12: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/12.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 12/30
LDIF
• LDIF STANDS FOR LDAP DATAINTERCHANGE FORMAT
• DIRECTORY ENTRIES IN LDAP AREIN THE FORM OF LDIF
![Page 13: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/13.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 13/30
LDIF FORMAT
• BASIC FORM OF LDIF :$COMMENT
DN: %DISTINGUSHEDNAME& %ATTRDESC&:%ATTRVALUE& %ATTRDESC&:
%ATTRVALUE& '..• EXAMPLE : DN:UID(ALAKESH DC(IIT DC(EDU
![Page 14: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/14.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 14/30
LDAP
• IN ADDITION TO BEING A NETWORKPROTOCOL IT ALSO DEFINES FOUR
MODELS• LDAP INFORMATION MODEL :
DEFINES THE KIND OF DATA U PUT
• LDAP NAMING MODEL : HOW UORGANISE AND REFER TODIRECTORY INFORMATION
![Page 15: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/15.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 15/30
LDIF FORMAT
• LINES STARTING WITH $ ARECONSIDERED TO BE COMMENTS
• ALL OTHER ATTRIBUTES AREWRITTEN IN %ATTRDESC & (%VALUE& FORM
![Page 16: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/16.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 16/30
LDIF
• EACH ENTRY IS UNI UELY IDENTIFIED BY ADISTINIGUISHED NAME OR DN . THE DNCONSISTS OF THE NAME OF THE ENTRYPLUS A PATH IN THE DIRECTORY TREE
TRACING BACK TO THE TOP OF THEDIRECTORY HIERARCHY
• THE OBJECT CLASS DEFINES THE CLASS OF THE ATTRIBUTES THAT CAN BE USED TODEFINE AN ENTRY
![Page 17: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/17.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 17/30
LDIF
• DIRECTORY DATA ISREPRESENTED AS ATTRIBUTE)VALUE PAIR . ANY SPECIFICPIECE OF INFORMATION ISASSOSICATED WITH A
DESCRIPTIVE ATTRIBUTE
![Page 18: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/18.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 18/30
LDAP CONFIGURATION
• THE CONFIGURATION FILESLAPD.OC.CONF CONTAINS THEDEFINITION OF ALL THE OBJECTCLASSES
• THE ATTRIBUTES OF THE OBJECT
CLASSES ARE DEFINED INSLAPD.AT.CONF FILE
![Page 19: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/19.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 19/30
LDAP CONFIGURATION
• EACH OBJECT CLASS HASRE UIRED AND ALLOWEDATTRIBUTE
• RE UIRED ATTRIBUTES MUST BEPRESENT WHILE ALLOWED ARE
OPTIONAL
![Page 20: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/20.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 20/30
LDAP CONFIGURATION
• EACH ATTRIBUTE HASCORRESPONDING SYNTAXDEFINITION
![Page 21: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/21.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 21/30
LDAP ACCESS CONTROL
• ACCESS TO %WHAT& * BY %WHO&%ACCESS LEVEL& %CONTROL& +
• THIS DIRECTIVE GRANTS ACCESS TO A SET OF ENTRIES/ATTRIBUTESBY ONE OR MORE RE UESTERS
• EXAMPLE : ACCESS TO , BY ,READ
![Page 22: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/22.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 22/30
LDAP ACCESS CONTROL
• THE ABOVE DIRECTIVE GIVESREAD PERMISSION TO EVERYONE
• FOR EXAMPLE ACCESS TODN(- . , ! C(INDIA BY , SEARCH
GIVES SEARCHING PERMS TOENTRIES UNDER C(INDIA SUBTREE
![Page 23: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/23.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 23/30
LDAPADD
• OPENLDAP PACKAGE COMESWITH SHELL EXECUTABLENAMED LDAPADD USED TO ADDENTRIES TO THE DATABASEWHILE LDAP SERVER IS RUNNING
• BASIC SYNTAX ISLDAPADD )F %DATAFILE& )D%DN& ) %PASSWD& / )W " IF
PASSWORD IS TO BE PROMPTED .
![Page 24: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/24.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 24/30
LDAPDELETE
• ANOTHER SHELL EXECUTABLEFOR DELETING ENTRIES
• ITS SYNTAX ISLDAPDELETE
CN(HI!O(IITB!C(INDIA1
![Page 25: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/25.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 25/30
LDAPMODIFY
• ITS ANOTHER SHELLEXECUTABLE TO MODIFY DATA IN
THE DIRECTORY DATABASE
• IT HAS SIMILAR SYNTAX TOLDAPADD
![Page 26: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/26.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 26/30
LDAPSEARCH
• SHELL ACCESSIBLE INTERFACE TOLDAP2SEARCH"# C ROUTINE
• LDAPSEARCH OPENS CONNECTION TO THE LDAPSERVER PERFORMSSEARCH WHICH FOLLOWS
FILTERING RULES DEFINED INRFC3554
![Page 27: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/27.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 27/30
LDAPSEARCH
• FOR EXAMPLE LDAPSEARCH )B-C(INDIA -O(IITB IF , IS
ALLOWED READ ACCESS BYDEFAULT THE O(IITB WILL BERETURNED
• )B OPTION SEARCHES FOR THESEARCH BASE
![Page 28: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/28.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 28/30
LDAP AND JAVACONNECTIVITY
• THERE EXISTS A PACKAGECALLED JNDI " JAVA NAMINGAND DIRECTORY INTERFACE #
• IT CONTAINS API S NEEDED TOCONNECT LDAP SERVER
RETRIEVE INFORMATION
![Page 29: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/29.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 29/30
JNDI EXAMPLE
• A 6789 ; 9<=> WRITTEN USING JNDI TO DO LDAP SEARCH• 8;; ?> ;8@> 8 '..
• 8 7< . 8;.H ?;>
• 8 7< . 8;.E > 8< • 8 7< . 8 ., • 8 7< . 8 .=8 >9 < 6.,
• 9; S> 9 •
7 ?;89 89 <8= 8 "S 8 *+ #• H ?;> > ( > H ?;>"5 ! 0. 5 # • > .7 "C< > .INITIAL2CONTEXT2FACTORY!E .INITCTX# • > .7 "C< > .PROVIDER2URL ! E .MY2SERVICE # • '''''''''.
![Page 30: Ldap Light Weight Directory Access Protocol](https://reader034.fdocuments.us/reader034/viewer/2022051317/5695d0011a28ab9b02908815/html5/thumbnails/30.jpg)
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 30/30
• M< ;= 7 > > > <7 8 8 >= < > =)8 > 8 > <7> 8< .T ! < > 9 >> < => < 8 => =8 > > 9> >> =8 = < ;= 7 =8 >9 < 6 ><? 8 8 > > = < >; 8< ;= ? > > > <7 8 8 >= < OLTP.
• B>9 > < 8 <7 8 8 8< ! < > > !< LDAP =8 >9 < 8> > < 8 >= << 8 = > > 9 > > >Q > .
W 6 L= 7