Your SlideShare is downloading. ×
0
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Ldap intro
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ldap intro

1,594

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,594
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
88
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Introduction to LDAPYousry Ibrahim Mabrouk ©2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. AGENDA• Understanding LDAP.• LDAP Servers.• Information Structure.• Protocol overview.• LDAP Operations.• How to use LDAP?• Using JNDI For LDAP Thursday, October 25,2 2012
  • 3. Understanding LDAP• Lightweight Directory Access Protocol.• open network protocol standard designed to provide access to distributed directories.• using TCP/IP protocols.• The phrase “write once read many times“ describes the best use of LDAP.• standard and allowing directories to be managed.• No transactions, No rollback Thursday, October 25,3 2012
  • 4. LDAP Servers• 389 Directory Server (formerly Fedora/Red Hat Directory Server)• Active Directory from Microsoft• Apache Directory Server• Apple Open Directory• FreeIPA• IBM Tivoli Directory Server• Mandriva Directory Server• Novell eDirectory• OpenDJ - A fork of the OpenDS project• OpenDS• OpenLDAP• Optimal IdM• Oracle Internet Directory• Radiant Logic VDS• Sun Java System Directory Server Thursday, October 25,4 2012
  • 5. Information Structure• Presents information in the form of a hierarchical tree structure called a DIT (Directory Information Tree). Thursday, October 25,5 2012
  • 6. Information Structure (con)• Each information, called Entry (or even DSE, Directory Service Entry).• Each entry in the LDAP directory relates to an abstract or real object (for example a person, a piece of hardware, parameters, etc.).• Each entry is made up of a collection of key/value pairs called attributes.• Types of attributes : • Normal attributes: these are the usual attributes (cn, name,o, ...) distinguishing the object. • Operational attributes: these are the attributes which only the server can access in order to manipulate the directory data (modification dates, etc,). Thursday, October 25,6 2012
  • 7. Information Structure (con II)• Every entry in the directory has a distinguished name (DN).• DN is made up of attribute=value pairs, separated by commas, for example: • dn:o=hp,ou=people,uid=yousry.ibrahim@hp.com• Some keys which are generally used: o Organization ou Organizational unit cn Common name sn Surname givenname First name uid Userid mail Email address Thursday, October 25,7 2012
  • 8. Information Structure (con III) HP Directory Information Tree (DIT). Thursday, October 25,8 2012
  • 9. Protocol overview • client starts an LDAP session by connecting to an LDAP server. • The default TCP port is 389. • Bind to the server (think of this as authentication). • client then sends an operation request to the server. • the server sends responses in return. Thursday, October 25,9 2012
  • 10. LDAP Operations Operation What it does Search Search directory for matching directory entries Compare Compare directory entry to a set of attributes Add Add a new directory entry Modify Modify a particular directory entry Delete Delete a particular directory entry Rename Rename or modify the DN Bind Start a session with an LDAP server Unbind End a session with an LDAP server Abandon Abandon an operation previously sent to the server Extended Extended operations command Thursday, October 25,10 2012
  • 11. How to use LDAP?• Can use any Java LDAP SDK, for example:• JNDI LDAP : standard .• Spring LDAP: http://www.springsource.org/ldap − (it is better to use it when using spring framework)• LDAP API: from apache http://cwiki.apache.org/confluence/display/LDAPA PI/Index• NetScape LDAP : http://www- archive.mozilla.org/directory/javasdk.html Thursday, October 25,11 2012
  • 12. Using JNDI For LDAP1- Connect to the server: − you must obtain a reference to an object that implements the DirContext interface. − In most applications, this is done by using an InitialDirContext object that takes a Hashtable as an argument. − The Hashtable contains various entries, such as the hostname, port, and JNDI service provider classes to use: Thursday, October 25,12 2012
  • 13. Using JNDI For LDAP (con)2- Bind to the Server: - Once connected, the client may need to authenticate itself; this process is also known as binding to the server. - in LDAP version 2, all clients had to authenticate while connecting, but version 3 defaults to anonymous and, if the default values are used, the connections are anonymous as well - LDAP supports three different security types: - Simple: Authenticates fast using plain text usernames and passwords. - SSL: Authenticates with SSL encryption over the network. - SASL: Uses MD5/Kerberos mechanisms. SASL is a simple authentication and security layer-based scheme Thursday, October 25,13 2012
  • 14. Using JNDI For LDAP (conII)3- Search: -Search Scopes: - Sub Tree Scope: search of the entire subtree searches the named object and all of its descendants. - Object Scope: search the named object. This is useful, for example, to test whether the named object satisfies a search filter -OnLevel Scope (default): specifies that the search is to be performed in the named context -Filters :Used to filter the search results according to attribute’s value. Thursday, October 25,14 2012
  • 15. Examples ….. Let’s work. Thursday, October 25,15 2012
  • 16. Thursday, October 25,16 2012

×