• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Concepts of LDAP

Concepts of LDAP



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    LDAP LDAP Presentation Transcript

    • LDAP
      (Lightweight Directory Access Protocol)
      Presented by
      © YIIT- confidential and proprietary
    • 9/16/2010
      • A directory is a specialized list that lets you quickly look up information about the things the directory references.
      • At its most basic definition, a directory is any
      database specialized more for reading than
      for writing.
      • Directory server is used to maintain information about some set of entities (entities like people or organizations), and it provides for accessing that information
      • LDAP, provides a standard language that directory client applications and directory servers use to communicate with one another about data in directories.
      © YIIT- confidential and proprietary
    • LDAP (Lightweight Directory Access Protocol):
      • LDAP is a protocol for accessing specialized databases called directories.
      • LDAP is designed to be a standard way of providing access to directory services.
      • In computer networking, LDAP is a protocol for querying and modifying directory services running over network. Fundamentally it is a Network Protocol.
      © YIIT- confidential and proprietary
    • 9/16/2010
      The Structure of a Directory Entry
      Organization Name: YIIT Services Ltd.
      Street Address: Vijayanagar Colony, Trichanoor Road
      City: Tirupathi
      State: Andhra Pradesh
      Countey: India
      Phone Number: +91 XXXX-XXXXXX
      Our company is located at Secunderabad, and a branch of the company located in another place Tirupathi.
      How can we distinguish between these records?
      © YIIT- confidential and proprietary
    • 9/16/2010
      Distinguished name (DN):
      • One way of distinguishing between two very similar records is to create a
      unique name for each record in the directory
      • Strategy adopted by LDAP ; each record in the directory has a distinguished name (DN).
      • The DN is always indexed and will always be returned in any search.
      A DN is composed of a combination of directory information, and looks
      something like this :
      dn: o=YIIT Services, l=Secundarabad, st=Andhrapradesh, c=INDIA
      dn: o=YIIT Services, l=Tirupathi, st=Andhrapradesh, c=INDIA
      © YIIT- confidential and proprietary
    • 9/16/2010
      LDAP Entry
      • An LDAP entry, or record, is the directory unit that stores information about an individual item in the directory
      • An entry is composed of a DN and one or more attributes
      – The DN serves as a unique identifier within an LDAP directory information tree
      – Attributes provide information about that entry
      © YIIT- confidential and proprietary
    • 9/16/2010
      An Example LDAP Entry:
      Here the o=YIIT services, l=Secunderabad, st=Andhrapradesh, c=INDIA are the special attribute in this entry that is the DNs and the rest are normal attributes.
      © YIIT- confidential and proprietary
    • 9/16/2010
      In our example there are eight attributes each representing the following :
      • Organization Name (o)
      • Mailing address (postal Address)
      • Locality (l), which may be the name of a city, town, village, and so forth
      • State or Province (st)
      • Postal Code or ZIP Code (postalCode)
      • Country (c)
      • Telephone Number (telephone Number)
      • Object Class (object class), which specifies what type (or types) of record this entry is
      © YIIT- confidential and proprietary
    • 9/16/2010
      • Attribute names, like “o” the organization name and postalAddress, refer to well-defined attribute definitions contained in an LDAP schema. They cannot be "invented" on the fly, or made up as you go.
      • Creating new attributes requires writing a schema
      • You can add schema definitions to LDAP directories, making the LDAP entries easily extensible.
      • Each LDAP server has a schema.
      • The schemais the blue print of the server and it specifies all the object classes and attributes that are available to be searched and stored in a LDAP server.
      © YIIT- confidential and proprietary
    • 9/16/2010
      The Object Class Attributes
      • The last attribute in the given record is object class attribute. This is a special attribute that provides information about type of entry.
      • An object class determines what attributes may be given to a record
      Operational Attributes
      • In addition to regular attributes, the directory server may also attach special operational attributes to anentry
      • Operational attributes are used by the directory it self to store information about entries
      • This attributes are not designed for use by end user
      © YIIT- confidential and proprietary
    • 9/16/2010
      The Directory Information Tree
      • Information in an LDAP directory is organized into one or more hierarchies where, at the top of the hierarchy, this is a base entry, and other entries are organized in tree-like structures beneath the base entry
      • Each node on the hierarchy is an entry, with a DN and more than one attributes
      The protocol accesses LDAP directories:
      • A directory is a tree of directory entries.
      • An entry consists of a set of attributes.
      • An attribute has a name (an attribute type or attribute description) and one or more values.
      • The attributes are defined in a schema
      © YIIT- confidential and proprietary
    • 9/16/2010
      The Data Format:
      • The data in an LDAP server is organized in a hierarchical/relational format.
      • The top level is called the domain and
      the branches are in the form of
      organizational units, normally departments
      in an company.
      • These organizational units can then be sub-divided into sub-divisions.
      • Each entry that is neither a domain or organizational unit is called a leaf.
      © YIIT- confidential and proprietary
    • 9/16/2010
      Basic LDAP hierarchy:
      © YIIT- confidential and proprietary
    • 9/16/2010
      © YIIT- confidential and proprietary
    • 9/16/2010
      The basic operations are, in order:
      • Bind - authenticate, and specify LDAP protocol version,
      • Start TLS - protect the connection with Transport Layer Security (TLS), to have a more secure connection,
      • Search - search for and/or retrieve directory entries,
      • Compare - test if a named entry contains a given attribute value,
      • Add a new entry,
      • Delete/ Modify an entry,
      • Modify DN - move or rename an entry,
      • Abandon - abort a previous request,
      • Extended Operation - generic operation used to define other operations,
      • Unbind - close the connection, not the inverse of Bind.
      © YIIT- confidential and proprietary
    • 9/16/2010
      “Thank You”
      © YIIT- confidential and proprietary