Академический Документы
Профессиональный Документы
Культура Документы
Hewlett Packard
Background and Motivation X.500 What is LDAP? Understanding LDAP Discussion and Q/A
Originally inspired by Telecommunication companies Increased reliance on networked computers Need in information
Ease-of-Use Administration Clear and consistent organization Integrity Confidentiality
Organizes directory entries into a hierarchical namespace Powerful search capabilities Uses DAP (App. Layer) it is based on OSI.
Lightweight Directory Access Protocol Used to access and update information in a directory built on the X.500 model
Lightweight alternative to DAP Uses TCP/IP instead of OSI stack Much Simpler Uses strings rather than DAPs ASN.1 notation to represent data.
Example Entry:
InetOrgPerson(cn, sn, ObjectClass)
Example Attributes:
cn (cis), sn (cis), telephoneNumber (tel), ou (cis), owner (dn),
10
Attribute Type
CommonName LocalityName StateorProvinceName OrganizationName OrganizationalUnitName CountryName StreetAddress CN L ST O OU C STREET
String
domainComponent
Userid
DC
UID
11
Authentication
BIND/UNBIND ABANDON
Query
Search Compare entry
Update
Add or Delete Entry Modify an entry
Lightweight Directory Access Protocol 12
Client ends the session (UNBIND) Client can ABANDON the session
Lightweight Directory Access Protocol
13
Request includes LDAP version, the name the client wants to bind as, authentication type
Simple (clear text passwords, anonymous) Kerberos v4 to the LDAP server (krbv42LDAP) Kerberos v4 to the DSA server (krbv42DSA)
ABANDON:
MessageID to abandon Lightweight Directory Access Protocol
14
Request includes
Read and List implemented as searches Compare: similar to search but returns T/F
Lightweight Directory Access Protocol
baseObject: an LDAPDN Scope: how many levels to be searched derefAliases: handling of aliases sizeLimit: max number of entries returned timeLimit: max time allowed for search attrsOnly: return attribute types OR values also Filter: cond. to be fulfilled when searching Attributes: List of entrys attributes to be returned
15
ADD request
MODIFY request
DELETE request
16
Other authentication methods possible in future versions SASL support added in version 3
Kerberos deemed stronger than SASL
17
Authentication operation
18
19
20