Your SlideShare is downloading. ×
0
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
LDAP
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

LDAP

651

Published on

Concepts of LDAP

Concepts of LDAP

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
651
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. LDAP<br />(Lightweight Directory Access Protocol)<br />Presented by<br />Chandana<br />9/16/2010<br />1<br />© YIIT- confidential and proprietary<br />
  • 2. 9/16/2010<br />2<br />Directory:<br /><ul><li>A directory is a specialized list that lets you quickly look up information about the things the directory references.
  • 3. At its most basic definition, a directory is any </li></ul>database specialized more for reading than <br />for writing.<br /><ul><li>Directory server is used to maintain information about some set of entities (entities like people or organizations), and it provides for accessing that information
  • 4. LDAP, provides a standard language that directory client applications and directory servers use to communicate with one another about data in directories.</li></ul>© YIIT- confidential and proprietary<br />
  • 5. LDAP (Lightweight Directory Access Protocol):<br /><ul><li>LDAP is a protocol for accessing specialized databases called directories.
  • 6. LDAP is designed to be a standard way of providing access to directory services.
  • 7. In computer networking, LDAP is a protocol for querying and modifying directory services running over network. Fundamentally it is a Network Protocol.</li></ul>© YIIT- confidential and proprietary<br />9/16/2010<br />3<br />
  • 8. 9/16/2010<br />4<br />The Structure of a Directory Entry<br />Organization Name: YIIT Services Ltd.<br />Street Address: Vijayanagar Colony, Trichanoor Road<br />City: Tirupathi<br />State: Andhra Pradesh<br />Countey: India<br />Phone Number: +91 XXXX-XXXXXX<br />Our company is located at Secunderabad, and a branch of the company located in another place Tirupathi.<br />How can we distinguish between these records?<br />© YIIT- confidential and proprietary<br />
  • 9. 9/16/2010<br />5<br />Distinguished name (DN):<br /><ul><li>One way of distinguishing between two very similar records is to create a</li></ul>unique name for each record in the directory<br /><ul><li>Strategy adopted by LDAP ; each record in the directory has a distinguished name (DN).
  • 10. The DN is always indexed and will always be returned in any search.</li></ul>A DN is composed of a combination of directory information, and looks<br />something like this :<br />dn: o=YIIT Services, l=Secundarabad, st=Andhrapradesh, c=INDIA<br />dn: o=YIIT Services, l=Tirupathi, st=Andhrapradesh, c=INDIA<br />© YIIT- confidential and proprietary<br />
  • 11. 9/16/2010<br />6<br />LDAP Entry<br /><ul><li> An LDAP entry, or record, is the directory unit that stores information about an individual item in the directory
  • 12. An entry is composed of a DN and one or more attributes</li></ul> – The DN serves as a unique identifier within an LDAP directory information tree<br /> – Attributes provide information about that entry<br />© YIIT- confidential and proprietary<br />
  • 13. 9/16/2010<br />7<br />An Example LDAP Entry:<br />Here the o=YIIT services, l=Secunderabad, st=Andhrapradesh, c=INDIA are the special attribute in this entry that is the DNs and the rest are normal attributes.<br />© YIIT- confidential and proprietary<br />
  • 14. 9/16/2010<br />8<br />In our example there are eight attributes each representing the following :<br /><ul><li>Organization Name (o)
  • 15. Mailing address (postal Address)
  • 16. Locality (l), which may be the name of a city, town, village, and so forth
  • 17. State or Province (st)
  • 18. Postal Code or ZIP Code (postalCode)
  • 19. Country (c)
  • 20. Telephone Number (telephone Number)
  • 21. Object Class (object class), which specifies what type (or types) of record this entry is</li></ul>© YIIT- confidential and proprietary<br />
  • 22. 9/16/2010<br />9<br /><ul><li>Attribute names, like “o” the organization name and postalAddress, refer to well-defined attribute definitions contained in an LDAP schema. They cannot be "invented" on the fly, or made up as you go.
  • 23. Creating new attributes requires writing a schema
  • 24. You can add schema definitions to LDAP directories, making the LDAP entries easily extensible.
  • 25. Each LDAP server has a schema.
  • 26. The schemais the blue print of the server and it specifies all the object classes and attributes that are available to be searched and stored in a LDAP server.</li></ul>© YIIT- confidential and proprietary<br />
  • 27. 9/16/2010<br />10<br />The Object Class Attributes<br /><ul><li>The last attribute in the given record is object class attribute. This is a special attribute that provides information about type of entry.
  • 28. An object class determines what attributes may be given to a record</li></ul>Operational Attributes<br /><ul><li>In addition to regular attributes, the directory server may also attach special operational attributes to anentry
  • 29. Operational attributes are used by the directory it self to store information about entries
  • 30. This attributes are not designed for use by end user</li></ul>© YIIT- confidential and proprietary<br />
  • 31. 9/16/2010<br />11<br />The Directory Information Tree<br /><ul><li>Information in an LDAP directory is organized into one or more hierarchies where, at the top of the hierarchy, this is a base entry, and other entries are organized in tree-like structures beneath the base entry
  • 32. Each node on the hierarchy is an entry, with a DN and more than one attributes</li></ul>The protocol accesses LDAP directories:<br /><ul><li>A directory is a tree of directory entries.
  • 33. An entry consists of a set of attributes.
  • 34. An attribute has a name (an attribute type or attribute description) and one or more values.
  • 35. The attributes are defined in a schema</li></ul>© YIIT- confidential and proprietary<br />
  • 36. 9/16/2010<br />12<br />The Data Format:<br /><ul><li>The data in an LDAP server is organized in a hierarchical/relational format.
  • 37. The top level is called the domain and </li></ul>the branches are in the form of <br />organizational units, normally departments<br />in an company.<br /><ul><li>These organizational units can then be sub-divided into sub-divisions.
  • 38. Each entry that is neither a domain or organizational unit is called a leaf. </li></ul>© YIIT- confidential and proprietary<br />
  • 39. 9/16/2010<br />13<br />Basic LDAP hierarchy:<br />© YIIT- confidential and proprietary<br />
  • 40. 9/16/2010<br />14<br />Example:<br />© YIIT- confidential and proprietary<br />
  • 41. 9/16/2010<br />15<br />The basic operations are, in order:<br /><ul><li>Bind - authenticate, and specify LDAP protocol version,
  • 42. Start TLS - protect the connection with Transport Layer Security (TLS), to have a more secure connection,
  • 43. Search - search for and/or retrieve directory entries,
  • 44. Compare - test if a named entry contains a given attribute value,
  • 45. Add a new entry,
  • 46. Delete/ Modify an entry,
  • 47. Modify DN - move or rename an entry,
  • 48. Abandon - abort a previous request,
  • 49. Extended Operation - generic operation used to define other operations,
  • 50. Unbind - close the connection, not the inverse of Bind. </li></ul>© YIIT- confidential and proprietary<br />
  • 51. 9/16/2010<br />16<br />“Thank You”<br />© YIIT- confidential and proprietary<br />

×