SlideShare a Scribd company logo

Ldap intro

Download as PPTX, PDF
yousry ibrahim
yousry ibrahim
1 of 16
Introduction to LDAP Yousry Ibrahim Mabrouk ©2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
AGENDA • Understanding LDAP. • LDAP Servers. • Information Structure. • Protocol overview. • LDAP Operations. • How to use LDAP? • Using JNDI For LDAP Thursday, October 25, 2 2012
Understanding LDAP • Lightweight Directory Access Protocol. • open network protocol standard designed to provide access to distributed directories. • using TCP/IP protocols. • The phrase “write once read many times“ describes the best use of LDAP. • standard and allowing directories to be managed. • No transactions, No rollback Thursday, October 25, 3 2012
LDAP Servers • 389 Directory Server (formerly Fedora/Red Hat Directory Server) • Active Directory from Microsoft • Apache Directory Server • Apple Open Directory • FreeIPA • IBM Tivoli Directory Server • Mandriva Directory Server • Novell eDirectory • OpenDJ - A fork of the OpenDS project • OpenDS • OpenLDAP • Optimal IdM • Oracle Internet Directory • Radiant Logic VDS • Sun Java System Directory Server Thursday, October 25, 4 2012
Information Structure • Presents information in the form of a hierarchical tree structure called a DIT (Directory Information Tree). Thursday, October 25, 5 2012
Information Structure (con) • Each information, called Entry (or even DSE, Directory Service Entry). • Each entry in the LDAP directory relates to an abstract or real object (for example a person, a piece of hardware, parameters, etc.). • Each entry is made up of a collection of key/value pairs called attributes. • Types of attributes : • Normal attributes: these are the usual attributes (cn, name,o, ...) distinguishing the object. • Operational attributes: these are the attributes which only the server can access in order to manipulate the directory data (modification dates, etc,). Thursday, October 25, 6 2012
Information Structure (con II) • Every entry in the directory has a distinguished name (DN). • DN is made up of attribute=value pairs, separated by commas, for example: • dn:o=hp,ou=people,uid=yousry.ibrahim@hp.com • Some keys which are generally used: o Organization ou Organizational unit cn Common name sn Surname givenname First name uid Userid mail Email address Thursday, October 25, 7 2012
Information Structure (con III) HP Directory Information Tree (DIT). Thursday, October 25, 8 2012
Protocol overview • client starts an LDAP session by connecting to an LDAP server. • The default TCP port is 389. • Bind to the server (think of this as authentication). • client then sends an operation request to the server. • the server sends responses in return. Thursday, October 25, 9 2012
LDAP Operations Operation What it does Search Search directory for matching directory entries Compare Compare directory entry to a set of attributes Add Add a new directory entry Modify Modify a particular directory entry Delete Delete a particular directory entry Rename Rename or modify the DN Bind Start a session with an LDAP server Unbind End a session with an LDAP server Abandon Abandon an operation previously sent to the server Extended Extended operations command Thursday, October 25, 10 2012
How to use LDAP? • Can use any Java LDAP SDK, for example: • JNDI LDAP : standard . • Spring LDAP: http://www.springsource.org/ldap − (it is better to use it when using spring framework) • LDAP API: from apache http://cwiki.apache.org/confluence/display/LDAPA PI/Index • NetScape LDAP : http://www- archive.mozilla.org/directory/javasdk.html Thursday, October 25, 11 2012
Using JNDI For LDAP 1- Connect to the server: − you must obtain a reference to an object that implements the DirContext interface. − In most applications, this is done by using an InitialDirContext object that takes a Hashtable as an argument. − The Hashtable contains various entries, such as the hostname, port, and JNDI service provider classes to use: Thursday, October 25, 12 2012
Using JNDI For LDAP (con) 2- Bind to the Server: - Once connected, the client may need to authenticate itself; this process is also known as binding to the server. - in LDAP version 2, all clients had to authenticate while connecting, but version 3 defaults to anonymous and, if the default values are used, the connections are anonymous as well - LDAP supports three different security types: - Simple: Authenticates fast using plain text usernames and passwords. - SSL: Authenticates with SSL encryption over the network. - SASL: Uses MD5/Kerberos mechanisms. SASL is a simple authentication and security layer-based scheme Thursday, October 25, 13 2012
Using JNDI For LDAP (conII) 3- Search: -Search Scopes: - Sub Tree Scope: search of the entire subtree searches the named object and all of its descendants. - Object Scope: search the named object. This is useful, for example, to test whether the named object satisfies a search filter -OnLevel Scope (default): specifies that the search is to be performed in the named context -Filters :Used to filter the search results according to attribute’s value. Thursday, October 25, 14 2012
Examples ….. Let’s work. Thursday, October 25, 15 2012
Thursday, October 25, 16 2012

Recommended

LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolS. Hasnain Raza
 
The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap ProtocolGlen Plantz
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAPCynoteck Technology Solutions Private Limited
 
Ldap
LdapLdap
LdapHigher Private School of Engineering and Technology
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesRadovan Semancik
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 

Recommended

LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolS. Hasnain Raza
 
The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap ProtocolGlen Plantz
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAPCynoteck Technology Solutions Private Limited
 
Ldap
LdapLdap
LdapHigher Private School of Engineering and Technology
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesRadovan Semancik
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Nginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxNginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxwonyong hwang
 
Active directory
Active directory Active directory
Active directory deshvikas
 
LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentationcyberleon95
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
MySQL Multi-Source Replication for PL2016
MySQL Multi-Source Replication for PL2016MySQL Multi-Source Replication for PL2016
MySQL Multi-Source Replication for PL2016Wagner Bianchi
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Andy Robbins
 
Presentation AuthZForce
Presentation AuthZForcePresentation AuthZForce
Presentation AuthZForcempfariseni mabogo
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Frank Boldewin
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouDouglas Bienstock
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)rinnocente
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
 
MySQL HA with PaceMaker
MySQL HA with PaceMakerMySQL HA with PaceMaker
MySQL HA with PaceMakerKris Buytaert
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼NeoClova
 
Ldap
LdapLdap
LdapShiva Krishna Chandra Shekar
 
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPParis, France
 

More Related Content

What's hot

Nginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxNginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxwonyong hwang
 
Active directory
Active directory Active directory
Active directory deshvikas
 
LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentationcyberleon95
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
MySQL Multi-Source Replication for PL2016
MySQL Multi-Source Replication for PL2016MySQL Multi-Source Replication for PL2016
MySQL Multi-Source Replication for PL2016Wagner Bianchi
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Andy Robbins
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Frank Boldewin
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouDouglas Bienstock
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...DirkjanMollema
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)rinnocente
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Priyanka Aash
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
 
MySQL HA with PaceMaker
MySQL HA with PaceMakerMySQL HA with PaceMaker
MySQL HA with PaceMakerKris Buytaert
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elkRushika Shah
 
MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼NeoClova
 

What's hot (20)

Nginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptxNginx Reverse Proxy with Kafka.pptx
Nginx Reverse Proxy with Kafka.pptx
 
Active directory
Active directory Active directory
Active directory
 
LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentation
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
MySQL Multi-Source Replication for PL2016
MySQL Multi-Source Replication for PL2016MySQL Multi-Source Replication for PL2016
MySQL Multi-Source Replication for PL2016
 
Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24Six Degrees of Domain Admin - BloodHound at DEF CON 24
Six Degrees of Domain Admin - BloodHound at DEF CON 24
 
Presentation AuthZForce
Presentation AuthZForcePresentation AuthZForce
Presentation AuthZForce
 
Hunting malware with volatility v2.0
Hunting malware with volatility v2.0Hunting malware with volatility v2.0
Hunting malware with volatility v2.0
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
Troopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can YouTroopers 19 - I am AD FS and So Can You
Troopers 19 - I am AD FS and So Can You
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)
 
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
 
MySQL HA with PaceMaker
MySQL HA with PaceMakerMySQL HA with PaceMaker
MySQL HA with PaceMaker
 
802.1x
802.1x802.1x
802.1x
 
Log analysis using elk
Log analysis using elkLog analysis using elk
Log analysis using elk
 
MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼
 

Viewers also liked

Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPParis, France
 
JDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPJDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPClément OUDOT
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJIDSajid khan
 
WebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPWebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPLINAGORA
 
[SOS 2009] Smart Access: Tu DNIe en tu AD
[SOS 2009] Smart Access: Tu DNIe en tu AD[SOS 2009] Smart Access: Tu DNIe en tu AD
[SOS 2009] Smart Access: Tu DNIe en tu ADChema Alonso
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationWildan Maulana
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solutionRadovan Semancik
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalJonathan Clarke
 
Autenticación remota y servicios de directorio. LDAP y Kerberos
Autenticación remota y servicios de directorio. LDAP y KerberosAutenticación remota y servicios de directorio. LDAP y Kerberos
Autenticación remota y servicios de directorio. LDAP y Kerberosseguridadelinux
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupJoel Rader, CISSP
 
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...CloudIDSummit
 
Introducción a LDAP y los Servicios de Directorio
Introducción a LDAP y los Servicios de DirectorioIntroducción a LDAP y los Servicios de Directorio
Introducción a LDAP y los Servicios de DirectorioOpenCourseWare México
 

Viewers also liked (20)

Ldap
LdapLdap
Ldap
 
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
 
JDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPJDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAP
 
LDAP Theory
LDAP TheoryLDAP Theory
LDAP Theory
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJID
 
OpenDS - Open Source Java LDAP server
OpenDS - Open Source Java LDAP serverOpenDS - Open Source Java LDAP server
OpenDS - Open Source Java LDAP server
 
Ldap
LdapLdap
Ldap
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
Active Directory
Active Directory Active Directory
Active Directory
 
WebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPWebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAP
 
[SOS 2009] Smart Access: Tu DNIe en tu AD
[SOS 2009] Smart Access: Tu DNIe en tu AD[SOS 2009] Smart Access: Tu DNIe en tu AD
[SOS 2009] Smart Access: Tu DNIe en tu AD
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
 
Authentication Server
Authentication ServerAuthentication Server
Authentication Server
 
Complete open source IAM solution
Complete open source IAM solutionComplete open source IAM solution
Complete open source IAM solution
 
¿Qué es Kerberos?
¿Qué es Kerberos?¿Qué es Kerberos?
¿Qué es Kerberos?
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéalOpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
 
Autenticación remota y servicios de directorio. LDAP y Kerberos
Autenticación remota y servicios de directorio. LDAP y KerberosAutenticación remota y servicios de directorio. LDAP y Kerberos
Autenticación remota y servicios de directorio. LDAP y Kerberos
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
 
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
 
Introducción a LDAP y los Servicios de Directorio
Introducción a LDAP y los Servicios de DirectorioIntroducción a LDAP y los Servicios de Directorio
Introducción a LDAP y los Servicios de Directorio
 

Similar to Ldap intro

Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9rezgui
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administrationAli Abdo
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Vinaykumar Hebballi
 
UnderstandingLDAP.ppt
UnderstandingLDAP.pptUnderstandingLDAP.ppt
UnderstandingLDAP.pptEfrizal Zaida
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01SANE Ibrahima
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAPMongoDB
 
LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)Fran Fabrizio
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioAVEVA
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010Jonathan Clarke
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP IntegrationDell World
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active DirectoryAhmad Haghighi
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJIDSajid khan
 

Similar to Ldap intro (20)

Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
 
Ldapsession
LdapsessionLdapsession
Ldapsession
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
 
UnderstandingLDAP.ppt
UnderstandingLDAP.pptUnderstandingLDAP.ppt
UnderstandingLDAP.ppt
 
LDAP
LDAPLDAP
LDAP
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
 
Directory services
Directory servicesDirectory services
Directory services
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
 
LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web Studio
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP Integration
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active Directory
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJID
 

Ldap intro

  • 1. Introduction to LDAP Yousry Ibrahim Mabrouk ©2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. AGENDA • Understanding LDAP. • LDAP Servers. • Information Structure. • Protocol overview. • LDAP Operations. • How to use LDAP? • Using JNDI For LDAP Thursday, October 25, 2 2012
  • 3. Understanding LDAP • Lightweight Directory Access Protocol. • open network protocol standard designed to provide access to distributed directories. • using TCP/IP protocols. • The phrase “write once read many times“ describes the best use of LDAP. • standard and allowing directories to be managed. • No transactions, No rollback Thursday, October 25, 3 2012
  • 4. LDAP Servers • 389 Directory Server (formerly Fedora/Red Hat Directory Server) • Active Directory from Microsoft • Apache Directory Server • Apple Open Directory • FreeIPA • IBM Tivoli Directory Server • Mandriva Directory Server • Novell eDirectory • OpenDJ - A fork of the OpenDS project • OpenDS • OpenLDAP • Optimal IdM • Oracle Internet Directory • Radiant Logic VDS • Sun Java System Directory Server Thursday, October 25, 4 2012
  • 5. Information Structure • Presents information in the form of a hierarchical tree structure called a DIT (Directory Information Tree). Thursday, October 25, 5 2012
  • 6. Information Structure (con) • Each information, called Entry (or even DSE, Directory Service Entry). • Each entry in the LDAP directory relates to an abstract or real object (for example a person, a piece of hardware, parameters, etc.). • Each entry is made up of a collection of key/value pairs called attributes. • Types of attributes : • Normal attributes: these are the usual attributes (cn, name,o, ...) distinguishing the object. • Operational attributes: these are the attributes which only the server can access in order to manipulate the directory data (modification dates, etc,). Thursday, October 25, 6 2012
  • 7. Information Structure (con II) • Every entry in the directory has a distinguished name (DN). • DN is made up of attribute=value pairs, separated by commas, for example: • dn:o=hp,ou=people,uid=yousry.ibrahim@hp.com • Some keys which are generally used: o Organization ou Organizational unit cn Common name sn Surname givenname First name uid Userid mail Email address Thursday, October 25, 7 2012
  • 8. Information Structure (con III) HP Directory Information Tree (DIT). Thursday, October 25, 8 2012
  • 9. Protocol overview • client starts an LDAP session by connecting to an LDAP server. • The default TCP port is 389. • Bind to the server (think of this as authentication). • client then sends an operation request to the server. • the server sends responses in return. Thursday, October 25, 9 2012
  • 10. LDAP Operations Operation What it does Search Search directory for matching directory entries Compare Compare directory entry to a set of attributes Add Add a new directory entry Modify Modify a particular directory entry Delete Delete a particular directory entry Rename Rename or modify the DN Bind Start a session with an LDAP server Unbind End a session with an LDAP server Abandon Abandon an operation previously sent to the server Extended Extended operations command Thursday, October 25, 10 2012
  • 11. How to use LDAP? • Can use any Java LDAP SDK, for example: • JNDI LDAP : standard . • Spring LDAP: http://www.springsource.org/ldap − (it is better to use it when using spring framework) • LDAP API: from apache http://cwiki.apache.org/confluence/display/LDAPA PI/Index • NetScape LDAP : http://www- archive.mozilla.org/directory/javasdk.html Thursday, October 25, 11 2012
  • 12. Using JNDI For LDAP 1- Connect to the server: − you must obtain a reference to an object that implements the DirContext interface. − In most applications, this is done by using an InitialDirContext object that takes a Hashtable as an argument. − The Hashtable contains various entries, such as the hostname, port, and JNDI service provider classes to use: Thursday, October 25, 12 2012
  • 13. Using JNDI For LDAP (con) 2- Bind to the Server: - Once connected, the client may need to authenticate itself; this process is also known as binding to the server. - in LDAP version 2, all clients had to authenticate while connecting, but version 3 defaults to anonymous and, if the default values are used, the connections are anonymous as well - LDAP supports three different security types: - Simple: Authenticates fast using plain text usernames and passwords. - SSL: Authenticates with SSL encryption over the network. - SASL: Uses MD5/Kerberos mechanisms. SASL is a simple authentication and security layer-based scheme Thursday, October 25, 13 2012
  • 14. Using JNDI For LDAP (conII) 3- Search: -Search Scopes: - Sub Tree Scope: search of the entire subtree searches the named object and all of its descendants. - Object Scope: search the named object. This is useful, for example, to test whether the named object satisfies a search filter -OnLevel Scope (default): specifies that the search is to be performed in the named context -Filters :Used to filter the search results according to attribute’s value. Thursday, October 25, 14 2012
  • 15. Examples ….. Let’s work. Thursday, October 25, 15 2012