Professional Documents
Culture Documents
03 23, 2010
Phin bn
1.0
Trng thi
Hon thnh
Tc gi
Trng Th Mai
Reviewed by
[Name, Position]
Approved by
[Name, Position]
Lch s thao tc
Ngy
Phin bn
M t
Tc gi
03 23 2010
1.0
Trng Th Mai
Mc Lc
1 GII THIU......................................................................................4
1.1 MC CH...............................................................................................................................................4
1.2 PHM VI..................................................................................................................................................4
1.3 NH NGHA T VIT TT.......................................................................................................................4
1.4 TI LIU THAM KHO..............................................................................................................................5
1.5 TNG QUAN.............................................................................................................................................5
3 HNG DN CI T OPENDS.................................................24
4 P DNG VO KHOA CNTT........................................................31
4.1 XY DNG CSDL BAN U.................................................................................................................31
4.2 S ....................................................................................................................................................31
4.3 NI DUNG FILE LDIF.............................................................................................................................32
1 Gii thiu
1.1
Mc ch
Gii thiu chung v cng ngh Ldap dng chng thc tp trung, m hnh lm vic ca n v
xy dng m hnh ph hp vi khoa CNTT.
1.2
Phm vi
STT
1
nh ngha t vit tt
Tn
M t
Ldap
Ldif
RDN
DIT
OID
SSL
TSL
SASL
1.4
1.5
Gii thiu c bn
2.1.1
nh ngha v LDAP
LDAP (Lightweight Directory Access Protocol) l giao thc truy cp nhanh cc dch v
th mc - l mt chun m rng cho nghi thc truy cp th mc.
LDAP c to ra c bit cho hnh ng "c". Bi th, xc thc ngi dng bng
phng tin "lookup" LDAP nhanh, hiu sut, t tn ti nguyn, n gin hn l truy vn
n 1 ti khon ngi dng trn CSDL
Hnh 1. X.500 thng qua m hnh OSI LDAP thng qua TCP/IP
2. Directory
LDAP ch l mt giao thc, n l tp thng tin cho vic x l cc loi d liu. Mt giao
thc khng th bit d liu c lu tr u. LDAP khng h tr x l v nhng c
trng khc nh ca c s d liu.
2.1.2
Giao thc giao tip client/sever l mt m hnh giao thc gia mt chng trnh client
chy trn mt my tnh gi mt yu cu qua mng n cho mt my tnh khc ang chy
mt chng trnh sever (phc v).
Server ng kt ni.
Do client v sever giao tip thng qua cc thng ip, Client to mt thng ip (LDAP
message) cha yu cu v gi n n cho server. Server nhn c thng ip v x l
yu cu ca client sau gi tr cho client cng bng mt thng ip LDAP.
Do nghi thc LDAP l giao thc hng thng ip nn client c php pht ra nhiu
thng ip yu cu ng thi cng mt lc. Trong LDAP, message ID dng phn bit
cc yu cu ca client v kt qu tr v ca server.
Vic cho php nhiu thng ip cng x l ng thi lm cho LDAP linh ng hn cc
nghi thc khc.
2.1.3
tn thuc tnh : gi tr
10
dn: dc=hcmuaf,dc=edu,dc=vn
objectClass: domain
objectClass: top
dc: hcmuaf
entryUUID: a1255ce5-2710-388c-95a6-3c030a59a8d3
Node root:
dc=hcmuaf,dc=edu,dc=com
dn: o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: top
objectClass: organization
description: information technology
o: it
entryUUID: fbcb85d5-e17c-494e-a36d-5932fb503125
createTimestamp: 20100326000527Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
Node child :
o=it, [Node root]
dn: uid=mai,o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
givenName: mai
uid: mai
cn: mai
telephoneNumber: 0633649470
sn: mai
userPassword: {SSHA}EI41fLuan5bQ1FQA0u8Nvg4/hqRF+i51yrAnNA==
mail: mai
facsimileTelephoneNumber: 123i
entryUUID: b9cb6886-263d-4a0c-bd1f-e315dde47b30
createTimestamp: 20100326000919Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
pwdChangedTime: 20100326000919.471Z
Node leaf :
uid=mai, [path
parrent] hoc
cn=mai,[path parent]
11
dn: uid=tuanh,ou=Teacher,o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
givenName: tuanh
uid: tuanh
cn: tuanh
telephoneNumber: 125698742
sn: tuanh
userPassword: {SSHA}WixBYpdCo4bEZPRPwUriImctcWZ9sDgQQ/WElg==
mail: tuanh
facsimileTelephoneNumber: 5426
entryUUID: bc95b0ee-6e3e-480d-83c1-2c1e13c89dc9
createTimestamp: 20100326001110Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
pwdChangedTime: 20100326001110.323Z
STT
M t
dn
country 2 k t vit tt tn ca mt nc
organization t chc
ou
12
STT
Tn
M t
Mi gi tr objectClass hot ng nh mt khun
mu cho cc d liu c lu gi trong mt entry.
N nh ngha mt b cc thuc tnh phi c trnh
by trong entry (V d : entry ny c gi tr ca thuc
objectClass
givenName
tn
uid
id ngi dng
cn
telephoneNumber
s in thoi
10
sn
surname h
11
userPassword
12
a ch email
13
facsimileTelephoneNumber
s phch
14
createTimestamp
15
creatorsName
tn ngi to ra entry ny
16
pwdChangedTime
17
entryUUID
id ca entry
2.2
M hnh LDAP
M hnh LDAP Functional - nh ngha cch m bn truy cp v cp nht thng tin trong
th mc ca bn.
2.2.1
Khi nim
M hnh LDAP Information nh ngha ra cc kiu d liu v cc thnh phn thng tin c
bn m bn c th cha trong th mc. Hay n m t cch xy dng ra cc khi d liu
m chng ta c th s dng to ra th mc.
13
Thng tin m t d liu c lu tr theo cu trc trong tp tin *.ldif. Cu trc file Ldif
c gii thiu phn trn.
14
2.2.2
Khi nim
Cch sp xp d liu
Hnh 9. Mt cy th mc LDAP
15
Hnh 11.
V d nh hnh trn, mc d hai entry c cng RDN cn=Joohn Smith nhng hai entry
hai nhnh khc nhau.
16
nm trn cc server khc, do lm tng chi phi cho vic tm kim, l l do chnh m
cc phn mm khng h tr alias.
2.2.3
Khi nim
Vi version 3 nghi thc LDAP ngoi 3 nhm thao tc trn, cn c thao tc LDAP
extended, thao tc ny cho php nghi thc LDAP sau ny c th m rng mt cch c t
chc v khng lm thay i n nghi thc.
M t cc thao tc
1. Thao tc thm tra (LDAP Interrogation)
Tham s th hai l phm vi cho vic tm kim, chng ta c 3 phm vi thc hin
tm kim:
17
18
Delete
Rename
Update
4. Cc thao tc m rng
Ngoi 9 thao tc c bn, LDAP version 3 c thit k m rng thng qua 3 thao tc :
LDAP control
o
Bng cch s dng m hnh SASL thc hin chng thc, LDAP c th d
dng thch nghi vi cc phng thc xc thc mi khc.
19
2.2.4
Vn cui cng trong cc m hnh LDAP l vic bo v thng tin trong th mc khi
cc truy cp khng c php.
Hin nay LDAP cha nh ngha ra mt m hnh Access Control, cc iu kin truy cp
ny c thit lp bi cc nh qun tr h thng bng cc server software.
2.3
LDAP se vt qua lp truyn tai a c ma hoa nay trc khi thc hin bt c
hoat ng kt ni nao. Do o, tt ca thng tin ngi dung se c am bao an
toan (it nht la trong sut session o)
1. LDAP vi SSL
20
2. LDAP vi TSL
2.4
Bng cch kt hp cc thao tc LDAP n gin ny. Th mc client c th thc hin cc thao
tc phc tp nh cc v d sau y.
1. M hnh lu tr d liu
21
Netscape Message server c th s dng LDAP directory thc hin kim tra cc
mail.
Khi mt mail n t mt a ch, messeage server tm kim a ch email trong th
mc trn LDAP server lc ny Message server bit c hp th ngi s dng c
tn ti.
22
Dng LDAP xc thc mt user ng nhp vo mt h thng qua chng trnh thm
tra, chng trnh thc hin nh sau :
o u tin chng trnh thm tra to ra mt i din xc thc vi LDAP
thng qua (1)
o Sau so snh mt khu ca user A vi thng tin cha trong th mc. Nu
so snh thnh cng th user A xc thc thnh cng.
23
3 Hng dn ci t OpenDS
Dng cng c OpenDS lm LDAP server
Download OpenDS tai https://opends.dev.java.net/public/downloads_index.htm l
Ci t:
Giai nen, va chay file settup.sh trong th muc ..\OpenDS-1.2.0\bin i vi ubuntu, bng
on code
./setup.sh
24
Chn Next
25
Chn Next
Chn Base DN to cy th mc cha ti khon ngi dng ri chn Next (ch chn
import automaticcaly nu mun test th LDAP Server, Nu ci t tht th nn chn
Only Create Base Entry)
26
Chn Finish
Chn Lauch Control Panel ng nhp vo phn qun tr ca LDAP Server hoc chn
Close ng mn hnh setup
27
To cu trc cy ca LDAP:
V d: o=nonglam,ou=cntt,dc=com
Chn OK
28
Chn OK
29
in cc thng tin ca User v chn Naming Attribute mun tm kim trn cy LDAP (c
th chn l uid hoc l email) sau chn OK
30
4.2
31
4.3
dn: dc=hcmuaf,dc=edu,dc=vn
objectClass: domain
objectClass: top
dc: hcmuaf
entryUUID: a1255ce5-2710-388c-95a6-3c030a59a8d3
dn: o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: top
objectClass: organization
description: information technology
o: it
entryUUID: fbcb85d5-e17c-494e-a36d-5932fb503125
createTimestamp: 20100326000527Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
dn: ou=student,o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: organizationalUnit
objectClass: top
ou: student
entryUUID: a05481a4-f448-44a0-902f-a1f0cc6ee63f
createTimestamp: 20100326000608Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
dn: ou=Teacher,o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: organizationalUnit
objectClass: top
ou: Teacher
entryUUID: 675d5e04-fa4f-40fe-98fb-79fba17e2ba8
createTimestamp: 20100326000638Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
dn: ou=EduServices,o=it,dc=hcmuaf,dc=edu,dc=vn
objectClass: organizationalUnit
objectClass: top
ou: EduServices
entryUUID: 8150807d-d796-475d-968b-3fc1fcf231ff
createTimestamp: 20100326000705Z
creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
Sau ny th ta s dng account Directory Manager thay i, thm vo thng tin ngi
dng.
32
Chn Next
33
Chn Next
34
Chn Base DN to cy th mc cha ti khon ngi dng ri chn Next (ch chn import
automaticcaly nu mun test th LDAP Server, Nu ci t tht th nn chn Only Create Base
Entry)
Chn Finish
35
Chn Lauch Control Panel ng nhp vo phn qun tr ca LDAP Server hoc chn Close
ng mn hnh setup
Trong mn hnh Control panle ca OpenDS ng nhp vi tn ng nhp v mt khu ban u
Chn New Base DN to cu trc cy ca LDAP:
V d: o=nonglam,ou=cntt,dc=com
36
Chn OK
37
Chn OK
Lu : Bn c th chn v to cc cu trc cy th mc theo t chc LDAP Server ca mnh
38
in cc thng tin ca User v chn Naming Attribute mun tm kim trn cy LDAP (c th chn
l uid hoc l email) sau chn OK
Tip tc to cc User mi bng cc tng t.
39