Scribd Logo
Upload

Welcome to Scribd!

  • Ldap Light Weight Directory Access Protocol: - Presentation by Alakesh Apurva Dhan and Ash

    Uploaded by

    Suhas Salve
    4 views30 pages
    LDAP

    Original Title

    LDAP

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    LDAP

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views30 pages

    Ldap Light Weight Directory Access Protocol: - Presentation by Alakesh Apurva Dhan and Ash

    Uploaded by

    Suhas Salve
    LDAP

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    LDAP

    LIGHT WEIGHT DIRECTORY


    PRESENTATION BY ALAKESH
    ACCESS
    APURVAPROTOCOL
    DHAN AND ASH
    WHAT IS LDAP

    LDAP IS LIGHT WEIGHT


    SUFFICIENT STRAIGHT FORWARD
    EASY TO IMPLEMENT AS AGAINST
    X.500 DAP WHICH IS HEAVY
    WEIGHT
    LDAP

    DIRECTORY BECAUSE DATA IS


    ORGANISED IN THE FORM OF TREE
    MUCH LIKE UNIX FILE SYSTEM
    USES SIMPLIFIED SET OF
    ENCODING
    RUNS DIRECTLY ABOVE TCP/IP
    USES STRING TO REPRESENT DATA
    LDAP

    LDAP SECURITY MODEL : DEFINES


    HOW INFORMATION CAN BE
    PROTECTED FROM UNAUTHORISED
    ACCESS
    LDAP

    LDAP API
    THERE ARE SEVERAL LDAP API
    APPLICATION PROGRAMMING
    INTERFACE OLDEST ONES WRITTEN
    IN C
    NOW A DAYS LDAP API S ARE
    AVAILABLE IN OTHER PROGRAMMING
    LANGUAGES LIKE PERL JAVA
    HOW LDAP WORKS

    LDAP DIRECTORY SERVICE IS BASED


    ON CLIENT SERVER MODEL
    LDAP IS A MESSAGE ORIENTED
    PROTOCOL

    CLIENT CONSTRUCTS AN LDAP


    MESSAGE CONTAINING A REQUEST
    AND SENDS IT TO THE SERVER
    HOW LDAP WORKS

    SERVER PROCESSES THE


    REQUEST AND SENDS IT BACK TO
    THE CLIENT IN THE FORM OF LDAP
    MESSAGE
    LDAP BACKENDS

    THE BASIC DAEMON PROCESS


    THAT RUNS ON THE LDAP SERVER
    CALLED SLAPD COMES WITH
    THREE DIFFERENT BACKEND
    DATABASES
    WE ASSUME THAT IN OUR CASE
    WE USE LDBM THE MOST USED
    ONE
    HOW LDAP WORKS

    LDAP DATABASE WORKS BY


    ADDING A COMPACT FOUR BYTE
    UNIQUE IDENTIFIER
    INDEX FILES ARE MAINTAINED FOR
    REFERRING TO DATA
    LDAP PROTOCOL
    OPERATION
    INTERROGATION OPERATION :
    SEARCH , COMPARE
    ADD DELETE OPERATOIN :
    ADD , DELETE , MODIFY , MODIFY
    DN
    AUTHENTICATION AND CONTROL
    OPERATION :
    BIND , UNBIND , ABANDON
    LDAP INFORMATION
    MODEL
    BASIC UNIT IS ENTRY ( A
    COLLECTION OF INFORMATION
    ABOUT AN OBJECT )
    AN ENTRY IS COMPOSED OF A
    SET OF ATTRIIBUTES
    LDIF

    LDIF STANDS FOR LDAP DATA


    INTERCHANGE FORMAT
    DIRECTORY ENTRIES IN LDAP ARE
    IN THE FORM OF LDIF
    LDIF FORMAT

    BASIC FORM OF LDIF :


    #COMMENT
    DN: <DISTINGUSHED
    NAME> <ATTRDESC>:
    <ATTRVALUE> <ATTRDESC>:
    <ATTRVALUE> ..
    EXAMPLE : DN:
    UID=ALAKESH DC=IIT DC=EDU
    LDAP

    IN ADDITION TO BEING A NETWORK


    PROTOCOL IT ALSO DEFINES FOUR
    MODELS
    LDAP INFORMATION MODEL :
    DEFINES THE KIND OF DATA U PUT
    LDAP NAMING MODEL : HOW U
    ORGANISE AND REFER TO
    DIRECTORY INFORMATION
    LDIF FORMAT

    LINES STARTING WITH # ARE


    CONSIDERED TO BE COMMENTS
    ALL OTHER ATTRIBUTES ARE
    WRITTEN IN <ATTRDESC > =
    <VALUE> FORM
    LDIF

    EACH ENTRY IS UNIQUELY IDENTIFIED BY A


    DISTINIGUISHED NAME OR DN . THE DN
    CONSISTS OF THE NAME OF THE ENTRY
    PLUS A PATH IN THE DIRECTORY TREE
    TRACING BACK TO THE TOP OF THE
    DIRECTORY HIERARCHY

    THE OBJECT CLASS DEFINES THE CLASS OF


    THE ATTRIBUTES THAT CAN BE USED TO
    DEFINE AN ENTRY
    LDIF

    DIRECTORY DATA IS
    REPRESENTED AS ATTRIBUTE-
    VALUE PAIR . ANY SPECIFIC
    PIECE OF INFORMATION IS
    ASSOSICATED WITH A
    DESCRIPTIVE ATTRIBUTE
    LDAP CONFIGURATION

    THE CONFIGURATION FILE


    SLAPD.OC.CONF CONTAINS THE
    DEFINITION OF ALL THE OBJECT
    CLASSES
    THE ATTRIBUTES OF THE OBJECT
    CLASSES ARE DEFINED IN
    SLAPD.AT.CONF FILE
    LDAP CONFIGURATION

    EACH OBJECT CLASS HAS


    REQUIRED AND ALLOWED
    ATTRIBUTE
    REQUIRED ATTRIBUTES MUST BE
    PRESENT WHILE ALLOWED ARE
    OPTIONAL
    LDAP CONFIGURATION

    EACH ATTRIBUTE HAS


    CORRESPONDING SYNTAX
    DEFINITION
    LDAP ACCESS CONTROL

    ACCESS TO <WHAT> [ BY <WHO>


    <ACCESS LEVEL> <CONTROL> ]
    THIS DIRECTIVE GRANTS ACCESS
    TO A SET OF ENTRIES/ATTRIBUTES
    BY ONE OR MORE REQUESTERS
    EXAMPLE : ACCESS TO * BY *
    READ
    LDAP ACCESS CONTROL

    THE ABOVE DIRECTIVE GIVES


    READ PERMISSION TO EVERYONE

    FOR EXAMPLE ACCESS TO


    DN= . * , C=INDIA BY * SEARCH
    GIVES SEARCHING PERMS TO
    ENTRIES UNDER C=INDIA SUBTREE
    LDAPADD

    OPENLDAP PACKAGE COMES


    WITH SHELL EXECUTABLE
    NAMED LDAPADD USED TO ADD
    ENTRIES TO THE DATABASE
    WHILE LDAP SERVER IS RUNNING
    BASIC SYNTAX IS
    LDAPADD -F <DATAFILE> -D
    <DN> -w <PASSWD> / -W ( IF
    PASSWORD IS TO BE PROMPTED .
    LDAPDELETE

    ANOTHER SHELL EXECUTABLE


    FOR DELETING ENTRIES

    ITS SYNTAX IS
    LDAPDELETE
    CN=HI,O=IITB,C=INDIA
    LDAPMODIFY

    ITS ANOTHER SHELL


    EXECUTABLE TO MODIFY DATA IN
    THE DIRECTORY DATABASE

    IT HAS SIMILAR SYNTAX TO


    LDAPADD
    LDAPSEARCH

    SHELL ACCESSIBLE INTERFACE TO


    LDAP_SEARCH() C ROUTINE
    LDAPSEARCH OPENS CONNECTION
    TO THE LDAPSERVER PERFORMS
    SEARCH WHICH FOLLOWS
    FILTERING RULES DEFINED IN
    RFC1558
    LDAPSEARCH

    FOR EXAMPLE LDAPSEARCH -B


    C=INDIA O=IITB IF * IS
    ALLOWED READ ACCESS BY
    DEFAULT THE O=IITB WILL BE
    RETURNED

    -B OPTION SEARCHES FOR THE


    SEARCH BASE
    LDAP AND JAVA
    CONNECTIVITY
    THERE EXISTS A PACKAGE
    CALLED JNDI ( JAVA NAMING
    AND DIRECTORY INTERFACE )
    IT CONTAINS API S NEEDED TO
    CONNECT LDAP SERVER
    RETRIEVE INFORMATION
    JNDI EXAMPLE

    A typical code WRITTEN USING JNDI TO DO LDAP SEARCH


    will be like this ..

    import java.util.Hashable ;
    import java.util.Enumeration ;
    import javax.naming.* ;
    import javax.naming.directory.* ;

    class Search {
    public static void main(String[] args){
    Hashtable env = new Hashtable(5 , 0.75f) ;
    env.put(Context.INITIAL_CONTEXT_FACTORY,Env.INITCTX) ;
    env.put(Context.PROVIDER_URL , Env.MY_SERVICE ) ;
    .
    Why Ldap?

    Most ldap servers are optimized for read-


    intensive operations.Thus, one can see an
    order of magnitude difference when
    reading data from an ldap directory versus
    obtaining the same data from a relational
    database server optimized for OLTP.
    Because of this optimization , however ,
    most LDAP directories are not suited for
    storing data where changes are frequent.

    You might also like