1 / 19

LDAP

LDAP. Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998. What is LDAP ?. LDAP is the abbreviate of Lightweight Directory Access Protocol. It is a standard protocol used by applications to access information in a directory. Vs. DAP, which is the underlining protocol of X.500.

tabib
Télécharger la présentation

LDAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LDAP Jianwen Luo School of CTI, Depaul Univ. Oct.23, 1998

  2. What is LDAP ? • LDAP is the abbreviate of Lightweight Directory Access Protocol. • It is a standard protocol used by applications to access information in a directory. • Vs. DAP, which is the underlining protocol of X.500

  3. What does directory mean here? • The directory here means a type of database that has been optimized for searching and retrieving structure data. • Most commonly, the directory are used to store information about user profile. Like user name, permission.

  4. Why LDAP is necessary ? • Traditionally, every department has its own user database. • User has more account today, email, web, Unix, NT,... • How to synchronize the user info. when his work is related to more than one department? • When Intranet/Extranet used, how to efficiently control the user access?

  5. Why LDAP is necessary -2 ? • How to identify the source over network. • Vs, DNS, too simple, only includes host information. • NDS, not based natively on TCP/IP, vendor supplied. • X.500 too complicated, require OSI stack.

  6. History of LDAP?. • X.500, complex, using OSI • LDAP version 1, RFC 1487,1993 • client interact with a LDAP service which interacts with one or more X.500 server • LDAP version 2, RFC 1777, 1995 • LDAP servers could run independently of X.500. • LDAP version 3, RFC 2251, 1997 • Communication between master servers. • Referral capacity

  7. Protocol Model of LDAP 3. • Client/Server structure. • Objective: minimize the complexity of clients.

  8. Data Model of LDAP 3 -2 • DIT tree (Directory Information Tree) • Entry: Tree is made of entries. • DN (Distinguished Name): a set of attribute=value group which uniquely identify an object • RDN(Relative distinguished name) • Naming Context

  9. Data Model of LDAP 3 -2. • DIT tree

  10. Attributes of Entries. • Entries consist of a set of attributes. • An attribute is a type with one or more associated value. • An attribute type is identified by a short description name and object identifier. • Object identifier decides what kind of value you can have.

  11. Elements of Protocol • LDAP protocol is described using ASN.1. (Abstract Syntax Notation) • All protocol operations are encapsulated in a common envelope, the LDAPMessage.

  12. LDAP message envelop. • LDAPMessage ::= SEQUENCE { • messageID MessageID, • protocolOp CHOICE { • bindRequest BindRequest, • bindResponse BindResponse, • unbindRequest UnbindRequest, • searchRequest SearchRequest, • searchResEntry SearchResultEntry, • searchResDone SearchResultDone, • searchResRef SearchResultReference, • modifyRequest ModifyRequest, • modifyResponse ModifyResponse, • addRequest AddRequest, • addResponse AddResponse, • delRequest DelRequest, • delResponse DelResponse, • modDNRequest ModifyDNRequest, • modDNResponse ModifyDNResponse, • compareRequest CompareRequest, • compareResponse CompareResponse, • abandonRequest AbandonRequest, • extendedReq ExtendedRequest, • extendedResp ExtendedResponse }, • controls [0] Controls OPTIONAL } • MessageID ::= INTEGER (0 .. maxInt) • maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --

  13. Message ID • For the outstanding Message, message ID is unique. Result Message: LDAPResult ::= SEQUENCE { resultCode Enumerated {…}; matchedDN LDAPDN, errorMessage LDAPString, referral Referral OPTIONAL }

  14. Applications(actions) • Search • Add • Delete • Modify • Compare • Bind: allow authentication information to be exchanged between client and server • unbind:

  15. Authentication and security • Authentication Choice ::simple ( clear text password) • SASL (Simple Authentication and Security Layer, RFC 2222) • allows for integrity and privacy services to be negotiated.

  16. Where do you go tomorrow? • LDAP over SSL, Netscape extension. • Replication supporting, Netscape extension • More complex. • From Lightweight to middleweight

  17. Authentication and security • Authentication Choice ::simple ( clear text password) • SASL (Simple Authentication and Security Layer, RFC 2222) • allows for integrity and privacy services to be negotiated.

  18. Netscape Directory Server 3.1 configuration-1

  19. Advanced configuration of Directory server.

More Related