Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Instalación y configuración de ldap server en Debian 8.7.1
Next
Download to read offline and view in fullscreen.

Share

Slaps - a Smalltalk LDAP server

Download to read offline

Slaps - a Smalltalk LDAP server. Bruce Badger. ESUG 2007, Lugano

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Slaps - a Smalltalk LDAP server

  1. 1. Slaps a Smalltalk LDAP server by Bruce Badger OpenSkills
  2. 2. Intro ● Bruce Badger – A founder of OpenSkills – Smalltalk developer ● OpenSkills – It's a global association of individuals – Non profit corporation – Believe that open standards & FOSS help create an open market for skills. – www.openskills.org
  3. 3. Agenda ● What is LDAP ● Why use it ● The LDAP spec ● Examples ● Benefits
  4. 4. Housekeeping ● Mobile phones off, please. ● Questions welcome during the talk – But note ... ● “Question” = Single sentence ending with “?” ● Questions may be: – deferred – dodged – ignored
  5. 5. What is LDAP? ● Lightweight Directory Access Protocol ● “Lightweight” vs. X.400 DAP ● Wire protocol ● LDAP clients and Servers implement the protocol
  6. 6. What does an LDAP server do? ● Can be thought of as a DBMS that uses LDAP rather than SQL ● LDAP has equivalents of: – Data Definition Language (DDL) – Data Manipulation Language (DML) ● Data is held in a tree rather than tables – the Directory Information Tree (DIT)
  7. 7. Why use an LDAP server? ● Widely used for: – Authentication – Authorisation – Address Books ● e.g. – Email client address book – Login to a shell or connect to a database – Kerberos – ... and lots more
  8. 8. Why write an LDAP server? ● Fun (hahahahaha) ● Seemed like a good idea at the time. – OpenSkills needed to handle authentication and authorisation for a Jabber server ● It looked like just another wire protocol like: – NMEA – PostgreSQL – HTTP – ...
  9. 9. No, really. Why? ● Directory information exchange for OpenSkills – Authentication- member login – Authorisation -e.g. may edit SkillsTree? – “address book” e.g. account status ● Using an external LDAP server is non-trivial: – Yet another schema – Yet another export format (LDIF) – Synchronisation
  10. 10. LDIF Example ● From Wikipedia: dn: CN=John Smith,OU=Legal,DC=example,DC=com changetype: modify replace:employeeID employeeID: 1234 - replace:employeeNumber employeeNumber: 98722 - replace: extensionAttribute6 extensionAttribute6: JSmith98 - dn: CN=Jane Smith,OU=Accounting,DC=example,DC=com changetype: modify ...
  11. 11. OK, so what's involved?
  12. 12. OK, so what's involved? ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ASN.1 ● ... and LDAP semantics
  13. 13. LDAP – as seen from space ● LDAP server listens on a TCP/IP port ● Client connects and the conversation goes like: – > BindRequest (Hi! May I use your service?) – < BindResponse (Sure!) – > SearchRequest (Tell me about x please.) – < SearchResultEntry (Here is info about x.) – < SearchResultDone (... and that's all I have.) – > UnbindRequest (I'm done. Bye.) ● Simple enough, except for ...
  14. 14. ASN.1 ● Abstract Syntax Notation 1 ● Specification and implementation of wire protocols ● LDAP is completely specified in ASN.1 ● Flexible and concise, but more horrible than you can possibly imagine ● Main specs for the bits Slaps uses: – ITU X.680 - the basics – ITU X.690 - encoding
  15. 15. ASN.1 an example BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER (1 .. 127), name LDAPDN, authentication AuthenticationChoice } LDAPDN ::= LDAPString LDAPString ::= OCTET STRING -- UTF-8 encoded AuthenticationChoice ::= CHOICE { simple [0] OCTET STRING, -- 1 and 2 reserved sasl [3] SaslCredentials, ... }
  16. 16. ASN.1 Encoding ● Like Chinese in that: – One written form (i.e. ASN.1) – Many “spoken” forms ● BER – Basic Encoding Rules ● CER – Canonical Encoding Rules ● DER – Distinguished Encoding Rules ● ... ● LDAP uses BER
  17. 17. Parsing BER ● TLD – sometimes – no sure way to jump, so must parse ● sequentially ● completely ● Demo of a BindRequest being parsed
  18. 18. Why Bother – Part II ● Flexibility (really) ● A single object model can be viewed in many ways ● No duplication of data
  19. 19. LDAP Schemas ● A number of defined structures – posix account – address book – DNS configuration – SMTP server configuration – ... and lots of bespoke structures
  20. 20. Slap me ● Plan – What will query your LDAP server ● Configure – Set up the “views” ● Go – Start the server
  21. 21. Is it fast enough? ● Who knows? – Slaps is at the “make it work stage” ● Probably fine for most long-tail apps ● If not, use replication to a “real” LDAP server
  22. 22. Insane? ● The OpenSkills SkillsBase – Runs as a http/html service in GemStone – Led to the development of Sport – Built 2003, Presented @ StS 2004 ● Using HTTP in GemStone is not viewed as insane today ● I think LDAP will be handy too ● ... and next? – Kerberos, perhaps (also an ASN.1 protocol)
  23. 23. Summary ● No need to understand ASN.1 ● Everything in Smalltalk so: – Easy to configure – Easy (well, as easy as possible) to understand ● No maintaining duplicate data – One model – Many views
  24. 24. Questions? ● Complaints: – bbadger@openskills.org
  • philippeback

    Oct. 3, 2016

Slaps - a Smalltalk LDAP server. Bruce Badger. ESUG 2007, Lugano

Views

Total views

2,989

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

4

Shares

0

Comments

0

Likes

1

×