1 / 32

Lightweight Directory Access Protocol (LDAP) Implementation Overview

This presentation covers the motivation, related work, and implementation details of LDAP, X.500, and LDIT protocols. Learn about directory services architecture, depiction, and implementation.

dgross
Download Presentation

Lightweight Directory Access Protocol (LDAP) Implementation Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22

  2. Outline • Motivation • Related Work • Directory Service • X.500 • LDAP • Depiction • Architecture • LDIT • Implementation • Conclusion • Reference

  3. Motivation User FTP server Account Mail server Application server Samba server Web server

  4. Motivation (cont) • Each services has its own configuration file or resource record • A server doesn’t have many services • Administration (ex: account) • Data repetitively.

  5. Related Work • Directory services (DS) • A set of applications • Stores and organizes information about a computer network's users and network resources • X.500 • X.500 is a series of computer networking standards covering electronic directory services

  6. Directory services

  7. X.500 • A hierarchical organization of entries which is distributed across one or more servers

  8. LDAP • Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running over TCP/IP. • Optimized for lookups • Much higher read ratio • More easily extended • Implementation Software • OpenLDAP

  9. Application

  10. Internet Application (cont) Client Client FTP server Switch Samba server LDAP server NAT Mail server Client

  11. History • RFC 1777 • Lightweight Directory Access Protocol(v1) • RFC 2251-2256 • Lightweight Directory Access Protocol (v3) • RFC 2829 • Authentication Methods for LDAP • RFC 2830 • Lightweight Directory Access Protocol (v3) : Extension for Transport Layer Security • RFC 3377 • Lightweight Directory Access Protocol (v3) : Technical Specification

  12. X.500 Application Presentation LDAP Session Application OSI protocol Transport TCP UDP Network IP TCP/IP Protocol Data link Physical media Physical Internet Background • Relatively simple protocol (X.500was heavy weighted). • Universal design for directory services.

  13. Company Department_A Department_B employee employee employee employee Depiction • An LDAP directory is organized in a simple tree hierarchy consisting . • LDAP directory can be distributed among many servers.

  14. DIT • Directory Information Tree (DIT) • Entity • Describes an object (Class) • Ex: people, devices • Class • Attribute • A type/syntax and a value • Value

  15. DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw The attribute and value of the property ou=people ou=devices cn=AliceobjectClass: personsn:cartertelephoneNumber:555-1234 cn=Alice dn: cn=Alice , ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN

  16. LDAP Interchange Format • LDIF (LDAP Interchange Format) • RFC 2849 • A set of entry • Attribute and value • Stores configuration information of LDAP and stand text format of directory • More instruction • Schema

  17. Schema • Defines what object classes allowed • Where they are stored • What attributes they have (objectClass) • Which attributes are optional (objectClass) • Type/syntax of each attribute (objectClass)

  18. Schema (cont) core.schema objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )

  19. LDAP Interchange Format (cont) • DN (Distinguished Name): • A record • RDN (Relative Distinguished Name): • cn and value of cn • CN (Common Name): • Name • OU (Organizational Unit): • DC (Domain Component):

  20. LDIF dn: cn=alice,dc=john, dc=ipv6,dc=club, dc=tw objectClass: person sn=: carter telephoneNumber: 555-1234 DIT LDAP DIT dc=john, dc=ipv6, dc=club,dc=tw The attribute and value of the property ou=people ou=devices cn=AliceobjectClass: personsn:cartertelephoneNumber:555-1234 cn=Alice dn: cn=Alice , ou=people, dc=john, dc=ipv6, dc=club,dc=tw RDN

  21. Model • Information model • Basic unit: Entry • DIT (Directory information Tree) • Naming model • Define entry or data of DIT by RDN (Relative distinguished name) • DN (distinguished name) • Functional model • Define data operating procedure • Security model • Authentication mechanism • ACL (Access control list)

  22. Implementation • OpenLDAP • OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. • http://www.openldap.org/ • Experimental Version • OpenLDAP-server-2.3.37 • Download • http://www.openldap.org/software/download/

  23. Configuration file • slapd.conf (/usr/local/etc/openldap/) • Schema • Log record • SSL/TLS • Database area • ACL

  24. Configuration file - schema Path : /usr/local/etc/openldap/schema/

  25. Configuration file – database area

  26. Configuration file – database area • Define database • dabatase bdb • Define root suffix • Suffix “dc=john,dc=ipv6,dc=club,dc=tw” • Define root DN • rootdn “cn=admin, dc=john,dc=ipv6,dc=club,dc=tw” • Define root passwd • rootpw XXX • Define directory path • Directory /var/db/xxx/

  27. White page LDIT dn: cn=alice,dc=john,dc=ipv6, dc=club, dc=tw objectClass: person sn=: carter telephoneNumber: 555-1234 LDAP DIT dc=john,dc=ipv6, dc=club, dc=tw The attribute and value of the property ou=people ou=devices cn=AliceobjectClass: personsn:cartertelephoneNumber:555-1234 cn=Alice dn: cn=Alice , ou=people, dc=john,dc=ipv6, dc=club, dc=tw RDN

  28. White page (cont) people.ldif #create root dn: dc=john,dc=ipv6,dc=club,dc=tw dc: john objectClass: dcObject objectClass: organizationalUnit #create ou dn: ou=people, dc=john,dc=ipv6,dc=club,dc=tw ou: people objectClass: organizationalUnit #create person dn: cn=alice, ou=people, dc=john,dc=ipv6,dc=club,dc=tw cn:alice objectClass: person sn: carter telephoneNumber:555-1234

  29. Instruction • Start • /usr/local/libexec/slapd • Input data • slapadd –v- l /xxx/people.ldif • Show data • ldapsearch –x –b “dc=john,dc=ipv6,dc=club,dc=tw”

  30. Instruction (cont) • Offline tools • slapadd, slapcat, slapindex, slappasswd • Online tools • ldapsearch, ldapadd, ldapdelete, ldapmodify, ldapmodrdn

  31. Conclusion • Used to access and update information in a directory built on the X.500 model • Specification defines the content of messages between the client and the server • Includes operations to establish and disconnect a session from the server

  32. Reference • Lightweight Directory Access Protocol • RFC 2251 • OpenLDAP • http://www.openldap.org/ • LDAP system Administration • Gerald Carter, O’REILLY, 2003

More Related