Slaps
a Smalltalk LDAP server
by
Bruce Badger
OpenSkills
Intro
● Bruce Badger
– A founder of OpenSkills
– Smalltalk developer
● OpenSkills
– It's a global association of individua...
Agenda
● What is LDAP
● Why use it
● The LDAP spec
● Examples
● Benefits
Housekeeping
● Mobile phones off, please.
● Questions welcome during the talk
– But note ...
● “Question” = Single sentenc...
What is LDAP?
● Lightweight Directory Access Protocol
● “Lightweight” vs. X.400 DAP
● Wire protocol
● LDAP clients and Ser...
What does an LDAP server do?
● Can be thought of as a DBMS that uses LDAP
rather than SQL
● LDAP has equivalents of:
– Dat...
Why use an LDAP server?
● Widely used for:
– Authentication
– Authorisation
– Address Books
● e.g.
– Email client address ...
Why write an LDAP server?
● Fun (hahahahaha)
● Seemed like a good idea at the time.
– OpenSkills needed to handle authenti...
No, really. Why?
● Directory information exchange for OpenSkills
– Authentication- member login
– Authorisation -e.g. may ...
LDIF Example
● From Wikipedia:
dn: CN=John Smith,OU=Legal,DC=example,DC=com
changetype: modify
replace:employeeID
employee...
OK, so what's involved?
OK, so what's involved?
● ASN.1
● ASN.1
● ASN.1
● ASN.1
● ASN.1
● ASN.1
● ASN.1
● ASN.1
● ... and LDAP semantics
LDAP – as seen from space
● LDAP server listens on a TCP/IP port
● Client connects and the conversation goes like:
– > Bin...
ASN.1
● Abstract Syntax Notation 1
● Specification and implementation of wire
protocols
● LDAP is completely specified in ...
ASN.1 an example
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER (1 .. 127),
name LDAPDN,
authentication Authen...
ASN.1 Encoding
● Like Chinese in that:
– One written form (i.e. ASN.1)
– Many “spoken” forms
● BER – Basic Encoding Rules
...
Parsing BER
● TLD
– sometimes
– no sure way to jump, so must parse
● sequentially
● completely
● Demo of a BindRequest bei...
Why Bother – Part II
● Flexibility (really)
● A single object model can be viewed in many
ways
● No duplication of data
LDAP Schemas
● A number of defined structures
– posix account
– address book
– DNS configuration
– SMTP server configurati...
Slap me
● Plan
– What will query your LDAP server
● Configure
– Set up the “views”
● Go
– Start the server
Is it fast enough?
● Who knows?
– Slaps is at the “make it work stage”
● Probably fine for most long-tail apps
● If not, u...
Insane?
● The OpenSkills SkillsBase
– Runs as a http/html service in GemStone
– Led to the development of Sport
– Built 20...
Summary
● No need to understand ASN.1
● Everything in Smalltalk so:
– Easy to configure
– Easy (well, as easy as possible)...
Questions?
● Complaints:
– bbadger@openskills.org
Upcoming SlideShare
Loading in …5
×

Slaps - a Smalltalk LDAP server

2,716 views
2,560 views

Published on

Slaps - a Smalltalk LDAP server. Bruce Badger. ESUG 2007, Lugano

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,716
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Slaps - a Smalltalk LDAP server

  1. 1. Slaps a Smalltalk LDAP server by Bruce Badger OpenSkills
  2. 2. Intro ● Bruce Badger – A founder of OpenSkills – Smalltalk developer ● OpenSkills – It's a global association of individuals – Non profit corporation – Believe that open standards & FOSS help create an open market for skills. – www.openskills.org
  3. 3. Agenda ● What is LDAP ● Why use it ● The LDAP spec ● Examples ● Benefits
  4. 4. Housekeeping ● Mobile phones off, please. ● Questions welcome during the talk – But note ... ● “Question” = Single sentence ending with “?” ● Questions may be: – deferred – dodged – ignored
  5. 5. What is LDAP? ● Lightweight Directory Access Protocol ● “Lightweight” vs. X.400 DAP ● Wire protocol ● LDAP clients and Servers implement the protocol
  6. 6. What does an LDAP server do? ● Can be thought of as a DBMS that uses LDAP rather than SQL ● LDAP has equivalents of: – Data Definition Language (DDL) – Data Manipulation Language (DML) ● Data is held in a tree rather than tables – the Directory Information Tree (DIT)
  7. 7. Why use an LDAP server? ● Widely used for: – Authentication – Authorisation – Address Books ● e.g. – Email client address book – Login to a shell or connect to a database – Kerberos – ... and lots more
  8. 8. Why write an LDAP server? ● Fun (hahahahaha) ● Seemed like a good idea at the time. – OpenSkills needed to handle authentication and authorisation for a Jabber server ● It looked like just another wire protocol like: – NMEA – PostgreSQL – HTTP – ...
  9. 9. No, really. Why? ● Directory information exchange for OpenSkills – Authentication- member login – Authorisation -e.g. may edit SkillsTree? – “address book” e.g. account status ● Using an external LDAP server is non-trivial: – Yet another schema – Yet another export format (LDIF) – Synchronisation
  10. 10. LDIF Example ● From Wikipedia: dn: CN=John Smith,OU=Legal,DC=example,DC=com changetype: modify replace:employeeID employeeID: 1234 - replace:employeeNumber employeeNumber: 98722 - replace: extensionAttribute6 extensionAttribute6: JSmith98 - dn: CN=Jane Smith,OU=Accounting,DC=example,DC=com changetype: modify ...
  11. 11. OK, so what's involved?
  12. 12. OK, so what's involved? ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ... and LDAP semantics
  13. 13. LDAP – as seen from space ● LDAP server listens on a TCP/IP port ● Client connects and the conversation goes like: – > BindRequest (Hi! May I use your service?) – < BindResponse (Sure!) – > SearchRequest (Tell me about x please.) – < SearchResultEntry (Here is info about x.) – < SearchResultDone (... and that's all I have.) – > UnbindRequest (I'm done. Bye.) ● Simple enough, except for ...
  14. 14. ASN.1 ● Abstract Syntax Notation 1 ● Specification and implementation of wire protocols ● LDAP is completely specified in ASN.1 ● Flexible and concise, but more horrible than you can possibly imagine ● Main specs for the bits Slaps uses: – ITU X.680 - the basics – ITU X.690 - encoding
  15. 15. ASN.1 an example BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), name LDAPDN, authentication AuthenticationChoice } LDAPDN ::= LDAPString LDAPString ::= OCTET STRING -- UTF-8 encoded AuthenticationChoice ::= CHOICE { simple [0] OCTET STRING, -- 1 and 2 reserved sasl [3] SaslCredentials, ... }
  16. 16. ASN.1 Encoding ● Like Chinese in that: – One written form (i.e. ASN.1) – Many “spoken” forms ● BER – Basic Encoding Rules ● CER – Canonical Encoding Rules ● DER – Distinguished Encoding Rules ● ... ● LDAP uses BER
  17. 17. Parsing BER ● TLD – sometimes – no sure way to jump, so must parse ● sequentially ● completely ● Demo of a BindRequest being parsed
  18. 18. Why Bother – Part II ● Flexibility (really) ● A single object model can be viewed in many ways ● No duplication of data
  19. 19. LDAP Schemas ● A number of defined structures – posix account – address book – DNS configuration – SMTP server configuration – ... and lots of bespoke structures
  20. 20. Slap me ● Plan – What will query your LDAP server ● Configure – Set up the “views” ● Go – Start the server
  21. 21. Is it fast enough? ● Who knows? – Slaps is at the “make it work stage” ● Probably fine for most long-tail apps ● If not, use replication to a “real” LDAP server
  22. 22. Insane? ● The OpenSkills SkillsBase – Runs as a http/html service in GemStone – Led to the development of Sport – Built 2003, Presented @ StS 2004 ● Using HTTP in GemStone is not viewed as insane today ● I think LDAP will be handy too ● ... and next? – Kerberos, perhaps (also an ASN.1 protocol)
  23. 23. Summary ● No need to understand ASN.1 ● Everything in Smalltalk so: – Easy to configure – Easy (well, as easy as possible) to understand ● No maintaining duplicate data – One model – Many views
  24. 24. Questions? ● Complaints: – bbadger@openskills.org

×