Published on

Concepts of LDAP

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. LDAP<br />(Lightweight Directory Access Protocol)<br />Presented by<br />Chandana<br />9/16/2010<br />1<br />© YIIT- confidential and proprietary<br />
  2. 2. 9/16/2010<br />2<br />Directory:<br /><ul><li>A directory is a specialized list that lets you quickly look up information about the things the directory references.
  3. 3. At its most basic definition, a directory is any </li></ul>database specialized more for reading than <br />for writing.<br /><ul><li>Directory server is used to maintain information about some set of entities (entities like people or organizations), and it provides for accessing that information
  4. 4. LDAP, provides a standard language that directory client applications and directory servers use to communicate with one another about data in directories.</li></ul>© YIIT- confidential and proprietary<br />
  5. 5. LDAP (Lightweight Directory Access Protocol):<br /><ul><li>LDAP is a protocol for accessing specialized databases called directories.
  6. 6. LDAP is designed to be a standard way of providing access to directory services.
  7. 7. In computer networking, LDAP is a protocol for querying and modifying directory services running over network. Fundamentally it is a Network Protocol.</li></ul>© YIIT- confidential and proprietary<br />9/16/2010<br />3<br />
  8. 8. 9/16/2010<br />4<br />The Structure of a Directory Entry<br />Organization Name: YIIT Services Ltd.<br />Street Address: Vijayanagar Colony, Trichanoor Road<br />City: Tirupathi<br />State: Andhra Pradesh<br />Countey: India<br />Phone Number: +91 XXXX-XXXXXX<br />Our company is located at Secunderabad, and a branch of the company located in another place Tirupathi.<br />How can we distinguish between these records?<br />© YIIT- confidential and proprietary<br />
  9. 9. 9/16/2010<br />5<br />Distinguished name (DN):<br /><ul><li>One way of distinguishing between two very similar records is to create a</li></ul>unique name for each record in the directory<br /><ul><li>Strategy adopted by LDAP ; each record in the directory has a distinguished name (DN).
  10. 10. The DN is always indexed and will always be returned in any search.</li></ul>A DN is composed of a combination of directory information, and looks<br />something like this :<br />dn: o=YIIT Services, l=Secundarabad, st=Andhrapradesh, c=INDIA<br />dn: o=YIIT Services, l=Tirupathi, st=Andhrapradesh, c=INDIA<br />© YIIT- confidential and proprietary<br />
  11. 11. 9/16/2010<br />6<br />LDAP Entry<br /><ul><li> An LDAP entry, or record, is the directory unit that stores information about an individual item in the directory
  12. 12. An entry is composed of a DN and one or more attributes</li></ul> – The DN serves as a unique identifier within an LDAP directory information tree<br /> – Attributes provide information about that entry<br />© YIIT- confidential and proprietary<br />
  13. 13. 9/16/2010<br />7<br />An Example LDAP Entry:<br />Here the o=YIIT services, l=Secunderabad, st=Andhrapradesh, c=INDIA are the special attribute in this entry that is the DNs and the rest are normal attributes.<br />© YIIT- confidential and proprietary<br />
  14. 14. 9/16/2010<br />8<br />In our example there are eight attributes each representing the following :<br /><ul><li>Organization Name (o)
  15. 15. Mailing address (postal Address)
  16. 16. Locality (l), which may be the name of a city, town, village, and so forth
  17. 17. State or Province (st)
  18. 18. Postal Code or ZIP Code (postalCode)
  19. 19. Country (c)
  20. 20. Telephone Number (telephone Number)
  21. 21. Object Class (object class), which specifies what type (or types) of record this entry is</li></ul>© YIIT- confidential and proprietary<br />
  22. 22. 9/16/2010<br />9<br /><ul><li>Attribute names, like “o” the organization name and postalAddress, refer to well-defined attribute definitions contained in an LDAP schema. They cannot be "invented" on the fly, or made up as you go.
  23. 23. Creating new attributes requires writing a schema
  24. 24. You can add schema definitions to LDAP directories, making the LDAP entries easily extensible.
  25. 25. Each LDAP server has a schema.
  26. 26. The schemais the blue print of the server and it specifies all the object classes and attributes that are available to be searched and stored in a LDAP server.</li></ul>© YIIT- confidential and proprietary<br />
  27. 27. 9/16/2010<br />10<br />The Object Class Attributes<br /><ul><li>The last attribute in the given record is object class attribute. This is a special attribute that provides information about type of entry.
  28. 28. An object class determines what attributes may be given to a record</li></ul>Operational Attributes<br /><ul><li>In addition to regular attributes, the directory server may also attach special operational attributes to anentry
  29. 29. Operational attributes are used by the directory it self to store information about entries
  30. 30. This attributes are not designed for use by end user</li></ul>© YIIT- confidential and proprietary<br />
  31. 31. 9/16/2010<br />11<br />The Directory Information Tree<br /><ul><li>Information in an LDAP directory is organized into one or more hierarchies where, at the top of the hierarchy, this is a base entry, and other entries are organized in tree-like structures beneath the base entry
  32. 32. Each node on the hierarchy is an entry, with a DN and more than one attributes</li></ul>The protocol accesses LDAP directories:<br /><ul><li>A directory is a tree of directory entries.
  33. 33. An entry consists of a set of attributes.
  34. 34. An attribute has a name (an attribute type or attribute description) and one or more values.
  35. 35. The attributes are defined in a schema</li></ul>© YIIT- confidential and proprietary<br />
  36. 36. 9/16/2010<br />12<br />The Data Format:<br /><ul><li>The data in an LDAP server is organized in a hierarchical/relational format.
  37. 37. The top level is called the domain and </li></ul>the branches are in the form of <br />organizational units, normally departments<br />in an company.<br /><ul><li>These organizational units can then be sub-divided into sub-divisions.
  38. 38. Each entry that is neither a domain or organizational unit is called a leaf. </li></ul>© YIIT- confidential and proprietary<br />
  39. 39. 9/16/2010<br />13<br />Basic LDAP hierarchy:<br />© YIIT- confidential and proprietary<br />
  40. 40. 9/16/2010<br />14<br />Example:<br />© YIIT- confidential and proprietary<br />
  41. 41. 9/16/2010<br />15<br />The basic operations are, in order:<br /><ul><li>Bind - authenticate, and specify LDAP protocol version,
  42. 42. Start TLS - protect the connection with Transport Layer Security (TLS), to have a more secure connection,
  43. 43. Search - search for and/or retrieve directory entries,
  44. 44. Compare - test if a named entry contains a given attribute value,
  45. 45. Add a new entry,
  46. 46. Delete/ Modify an entry,
  47. 47. Modify DN - move or rename an entry,
  48. 48. Abandon - abort a previous request,
  49. 49. Extended Operation - generic operation used to define other operations,
  50. 50. Unbind - close the connection, not the inverse of Bind. </li></ul>© YIIT- confidential and proprietary<br />
  51. 51. 9/16/2010<br />16<br />“Thank You”<br />© YIIT- confidential and proprietary<br />