Ldap Light Weight Directory Access Protocol

7/21/2019 Ldap Light Weight Directory Access Protocol

http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 1/30

LDAPLIGHT WEIGHT DIRECTORY

ACCESS PROTOCOL• PRESENTATION BY ALAKESH

APURVA DHAN AND ASH

WHAT IS LDAP

• LDAP IS LIGHT WEIGHT• SUFFICIENT STRAIGHT FORWARD• EASY TO IMPLEMENT AS AGAINST

X.500 DAP WHICH IS HEAVYWEIGHT

• DIRECTORY BECAUSE DATA ISORGANISED IN THE FORM OF TREEMUCH LIKE UNIX FILE SYSTEM

• USES SIMPLIFIED SET OFENCODING

• RUNS DIRECTLY ABOVE TCP/IP• USES STRING TO REPRESENT DATA

• LDAP SECURITY MODEL : DEFINESHOW INFORMATION CAN BEPROTECTED FROM UNAUTHORISEDACCESS

• LDAP API• THERE ARE SEVERAL LDAP API

APPLICATION PROGRAMMINGINTERFACE OLDEST ONES WRITTENIN C

• NOW A DAYS LDAP API S AREAVAILABLE IN OTHER PROGRAMMINGLANGUAGES LIKE PERL JAVA

HOW LDAP WORKS

• LDAP DIRECTORY SERVICE IS BASEDON CLIENT SERVER MODEL

• LDAP IS A MESSAGE ORIENTEDPROTOCOL

• CLIENT CONSTRUCTS AN LDAPMESSAGE CONTAINING A RE UESTAND SENDS IT TO THE SERVER

HOW LDAP WORKS

• SERVER PROCESSES THERE UEST AND SENDS IT BACK TO

THE CLIENT IN THE FORM OF LDAPMESSAGE

LDAP BACKENDS

• THE BASIC DAEMON PROCESS THAT RUNS ON THE LDAP SERVERCALLED SLAPD COMES WITH

THREE DIFFERENT BACKENDDATABASES

• WE ASSUME THAT IN OUR CASEWE USE LDBM THE MOST USEDONE

HOW LDAP WORKS

• LDAP DATABASE WORKS BYADDING A COMPACT FOUR BYTEUNI UE IDENTIFIER

• INDEX FILES ARE MAINTAINED FORREFERRING TO DATA

LDAP PROTOCOLOPERATION• INTERROGATION OPERATION :

SEARCH ! COMPARE• ADD DELETE OPERATOIN :

ADD ! DELETE ! MODIFY ! MODIFY

DN• AUTHENTICATION AND CONTROLOPERATION :

BIND ! UNBIND ! ABANDON

LDAP INFORMATIONMODEL

• BASIC UNIT IS ENTRY " ACOLLECTION OF INFORMATIONABOUT AN OBJECT #

• AN ENTRY IS COMPOSED OF ASET OF ATTRIIBUTES

• LDIF STANDS FOR LDAP DATAINTERCHANGE FORMAT

• DIRECTORY ENTRIES IN LDAP AREIN THE FORM OF LDIF

LDIF FORMAT

• BASIC FORM OF LDIF :$COMMENT

DN: %DISTINGUSHEDNAME& %ATTRDESC&:%ATTRVALUE& %ATTRDESC&:

%ATTRVALUE& '..• EXAMPLE : DN:UID(ALAKESH DC(IIT DC(EDU

• IN ADDITION TO BEING A NETWORKPROTOCOL IT ALSO DEFINES FOUR

MODELS• LDAP INFORMATION MODEL :

DEFINES THE KIND OF DATA U PUT

• LDAP NAMING MODEL : HOW UORGANISE AND REFER TODIRECTORY INFORMATION

LDIF FORMAT

• LINES STARTING WITH $ ARECONSIDERED TO BE COMMENTS

• ALL OTHER ATTRIBUTES AREWRITTEN IN %ATTRDESC & (%VALUE& FORM

• EACH ENTRY IS UNI UELY IDENTIFIED BY ADISTINIGUISHED NAME OR DN . THE DNCONSISTS OF THE NAME OF THE ENTRYPLUS A PATH IN THE DIRECTORY TREE

TRACING BACK TO THE TOP OF THEDIRECTORY HIERARCHY

• THE OBJECT CLASS DEFINES THE CLASS OF THE ATTRIBUTES THAT CAN BE USED TODEFINE AN ENTRY

• DIRECTORY DATA ISREPRESENTED AS ATTRIBUTE)VALUE PAIR . ANY SPECIFICPIECE OF INFORMATION ISASSOSICATED WITH A

DESCRIPTIVE ATTRIBUTE

LDAP CONFIGURATION

• THE CONFIGURATION FILESLAPD.OC.CONF CONTAINS THEDEFINITION OF ALL THE OBJECTCLASSES

• THE ATTRIBUTES OF THE OBJECT

CLASSES ARE DEFINED INSLAPD.AT.CONF FILE

LDAP CONFIGURATION

• EACH OBJECT CLASS HASRE UIRED AND ALLOWEDATTRIBUTE

• RE UIRED ATTRIBUTES MUST BEPRESENT WHILE ALLOWED ARE

OPTIONAL

LDAP CONFIGURATION

• EACH ATTRIBUTE HASCORRESPONDING SYNTAXDEFINITION

LDAP ACCESS CONTROL

• ACCESS TO %WHAT& * BY %WHO&%ACCESS LEVEL& %CONTROL& +

• THIS DIRECTIVE GRANTS ACCESS TO A SET OF ENTRIES/ATTRIBUTESBY ONE OR MORE RE UESTERS

• EXAMPLE : ACCESS TO , BY ,READ

LDAP ACCESS CONTROL

• THE ABOVE DIRECTIVE GIVESREAD PERMISSION TO EVERYONE

• FOR EXAMPLE ACCESS TODN(- . , ! C(INDIA BY , SEARCH

GIVES SEARCHING PERMS TOENTRIES UNDER C(INDIA SUBTREE

LDAPADD

• OPENLDAP PACKAGE COMESWITH SHELL EXECUTABLENAMED LDAPADD USED TO ADDENTRIES TO THE DATABASEWHILE LDAP SERVER IS RUNNING

• BASIC SYNTAX ISLDAPADD )F %DATAFILE& )D%DN& ) %PASSWD& / )W " IF

PASSWORD IS TO BE PROMPTED .

LDAPDELETE

• ANOTHER SHELL EXECUTABLEFOR DELETING ENTRIES

• ITS SYNTAX ISLDAPDELETE

CN(HI!O(IITB!C(INDIA1

LDAPMODIFY

• ITS ANOTHER SHELLEXECUTABLE TO MODIFY DATA IN

THE DIRECTORY DATABASE

• IT HAS SIMILAR SYNTAX TOLDAPADD

LDAPSEARCH

• SHELL ACCESSIBLE INTERFACE TOLDAP2SEARCH"# C ROUTINE

• LDAPSEARCH OPENS CONNECTION TO THE LDAPSERVER PERFORMSSEARCH WHICH FOLLOWS

FILTERING RULES DEFINED INRFC3554

LDAPSEARCH

• FOR EXAMPLE LDAPSEARCH )B-C(INDIA -O(IITB IF , IS

ALLOWED READ ACCESS BYDEFAULT THE O(IITB WILL BERETURNED

• )B OPTION SEARCHES FOR THESEARCH BASE

LDAP AND JAVACONNECTIVITY

• THERE EXISTS A PACKAGECALLED JNDI " JAVA NAMINGAND DIRECTORY INTERFACE #

• IT CONTAINS API S NEEDED TOCONNECT LDAP SERVER

RETRIEVE INFORMATION

JNDI EXAMPLE

• A 6789 ; 9<=> WRITTEN USING JNDI TO DO LDAP SEARCH• 8;; ?> ;8@> 8 '..

• 8 7< . 8;.H ?;>

• 8 7< . 8;.E > 8< • 8 7< . 8 ., • 8 7< . 8 .=8 >9 < 6.,

• 9; S> 9 •

7 ?;89 89 <8= 8 "S 8 *+ #• H ?;> > ( > H ?;>"5 ! 0. 5 # • > .7 "C< > .INITIAL2CONTEXT2FACTORY!E .INITCTX# • > .7 "C< > .PROVIDER2URL ! E .MY2SERVICE # • '''''''''.

• M< ;= 7 > > > <7 8 8 >= < > =)8 > 8 > <7> 8< .T ! < > 9 >> < => < 8 => =8 > > 9> >> =8 = < ;= 7 =8 >9 < 6 ><? 8 8 > > = < >; 8< ;= ? > > > <7 8 8 >= < OLTP.

• B>9 > < 8 <7 8 8 8< ! < > > !< LDAP =8 >9 < 8> > < 8 >= << 8 = > > 9 > > >Q > .

W 6 L= 7

Ldap Light Weight Directory Access Protocol

Documents

Interactive LDAP in C/C++ Interpreter - Tech Communityhosteddocs.ittoolbox.com/InteractiveLDAP.pdf · LDAP stands for Lightweight Directory Access Protocol. A directory in LDAP is

LDAP Directory Integration - cisco.com · LDAP Directory Integration Revised: ... The Lightweight Directory Access Protocol ... Services SDK from the Cisco Developer Community at

LDAP Operation Guide - fanvil.com · LDAP is short for Lightweight Directory Access Protocol. Here it refers to the simplified edition of the X.500-based Directory Access Protocol

[MS-OXLDAP]: Lightweight Directory Access Protocol (LDAP ...interoperability.blob.core.windows.net/...OXLDAP/[MS-OXLDAP]-1503… · Lightweight Directory Access Protocol (LDAP) Version

Network Directories and their Structure Lightweight Directory Access Protocol (LDAP)

1 Internet Based Applications Lightweight Directory Access Protocol (LDAP) Piotr Wierzejewski

Lightweight Directory Access Protocol (LDAP): Directory ... fileThe Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services

LDAP Lightweight Directory Access Protocol LDAP

LDAP Injection - Help Net Security · PDF fileWeb Application and LDAP Injection Overview Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing information

Netprog: LDAP1 Lightweight Directory Access Protocol (LDAP) Refs: –Netscape LDAP server docs – U. of Michigan LDAP docs – docs –RFCs:

LDAP . Lightweight Directory Access Protocol LDAP

LDAP - Lightweight Directory Access Protocol

LDAP Lightweight Directory Access Protocol. Ce que pensent 100 directeurs informatique de LDAP :

LDAP (Lightweight Directory Access Protocol) LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations,

1 · Web view2. LDAP – Lightweight Directory Access Protocol 5 2.1. A brief history of LDAP 5 2.2. Introducing the Lightweight Directory Access Protocol 6 2.2.1. LDAP - The Data

LDAP (Lightweight Directory Access Protocol) · PDF fileLDAP – Lesson 1 LDAP (Lightweight Directory Access Protocol) Active Directory Win Server 2003 il LDAP Server CtOS 172.30.4.0/24

Lightweight Directory Access Protocol Objectives –Install dan menggunakan LDAP Contents –Struktur database LDAP –Scenario –Konfigurasi LDAP server –Konfigurasi

Lightweight Directory Access Protocol (LDAP) · Lightweight Directory Access Protocol (LDAP) Authentication allows user information to be maintained ... IP Address and port we provide

Using LDAP To Manage Usersdocshare04.docshare.tips/files/26485/264852902.pdfAdministrators integrate with a Lightweight Directory Access Protocol (LDAP) [1] directory to streamline

Introduction to LDAP and Tivoli Directory Server Overview · 3 ©2009 IBM Corporation What is LDAP ? Lightweight Directory Access Protocol. LDAP defines a standard method for accessing