Embed Size (px)
DESCRIPTION
Citation preview
Net::LDAP
Clément OUDOTFOSDEM 2014
2
Clément::OUDOT
Work
10
Free software
3
Table::of::contents● LDAP protocol● Net::LDAP● Usage examples
4
LDAP
5
LDAP::protocol● Defined by standards (RFC)● LDAPv2 in 1995, LDAPv3 in 1997● TCP/IP, LBER, ASN1 ● 9 core operations, and extended
operations● Schema define object classes, attributes,
syntaxes and matching rules● Data organized hierarchically (tree)
6
Directory::Information::Tree
dc=linid,dc=org
ou=people ou=groupsou=structures
uid=coudot cn=admin
Entry::Attribute::Value
Attribute Attribute
AttributeAttribute
Entry
Attribute
Value
Value
Value
LDIF● LDAP Data Interchange Format
dn: uid=coudot,ou=users,dc=example,dc=comobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: personobjectClass: topuid: coudotmail: [email protected]: Clément OUDOTsn: OUDOYgivenName: Clément
Tips::Devel::LDAP● LDAP is a connected protocol: 1 connection,
several operations● For each operation, a return code: test it!● LDAPS is deprecated, use startTLS● Use LDAPv3● Say hello! (BIND)● Say goodbye! (UNBIND)● Use search parameters to improve
performances
10
Net::LDAP
11
A module with modules● Net::LDAP: main module● Net::LDAP::LDIF: manipulate LDIF files● Net::LDAP::RFC: list of RFC (POD)● Net::LDAP::Schema: parse schema● Net::LDAP::Extensions::*● Net::LDAP::Control::*● And many others...
12
Credits● Graham Barr <[email protected]>● Peter Marschall <[email protected]>● Chris Ridd <[email protected]>
13
Create a connection● Create a new Net::LDAP object● Specify host, port, scheme● Other options:
● dsebug● IO::Socket options● async● version (v3 is the default)● onerror
14
Authentication● Bind with a DN and a password● Bind anonymously● Bind with SASL● Client certificate with startTLS
15
Search● You need to provide:
● Base● Scope● Filter● Attributes
● Search can return 0 entries and be successful
16
Entry● Entries object are returned by search or
generated from LDIF, or generated from scratch
● Methods to:● browse attributes and values● to add/modify/delete values● export to LDIF
17
Add and delete● Add method parameters:
● Net::LDAP::Entry● DN and list of attributes
● Delete method parameters:● Net::LDAP::Entry● DN
18
Modification● Add, replace, delete values● Modification applies to one entry:
● Net::LDAP::Entry● DN
● To rename/move an entry, use moddn:● Define a new RDN● Define a new superior
19
Password::Policy● Password policy controls password quality
at modification, and prevent brute force attack at authentication
● Net::LDAP::Control::PasswordPolicy:● Sent by client● Sent back by server
20
Usage::examples
21
Apache::Session::LDAP● Implements Apache::Session interface● Store sessions as entries in LDAP● See also
Apache::Session::Browseable::LDAP for indexed sessions
22
Scripts● Provided by LDAP Tool Box project:
● Monitoring scripts:– Check LDAP response time– Check OpenLDAP syncrepl status– Check OpenLDAP monitor data
● Data manipulation:– CSV to LDIF or LDIF to LDIF– Convert data from SUN/Oracle to OpenLDAP
23
LemonLDAP::NG● WebSSO, Access Control and Identity
Federation free software● Authentication against LDAP● Password modification in LDAP● Session storage in LDAP● Configuration storage in LDAP● Notification storage in LDAP● Implements Password Policy
24
Almost the end...
25
Thanks● Special thanks to:
● FOSDEM and their organizers● Company LINAGORA● All Perl developers
● Keep in touch:● Twitter: @clementoudot ● IRC: KPTN #linagora@freenode● Web: http://coudot.blogs.linagora.com
26
Questions?
Thanks for your attention
http://www.linid.org
Logiciels et services Open Source80 rue Roque de Fillol l 92800 PUTEAUXTel : 0810 251 251 l Fax : +33 1 46 96 63 64www.linagora.com
