SlideShare a Scribd company logo

LDAP Applied (EuroOSCON 2005)

Fran Fabrizio
Fran Fabrizio

This talk will briefly review LDAP concepts, cover common uses of LDAP, and present examples of advanced LDAP usage to inspire using LDAP. It will not provide installation or configuration details for specific operating systems. The speaker will link to online slides and get information about the audience's LDAP knowledge and usage.

1 of 64
Download to read offline
LDAP Applied Fran Fabrizio Sr. Systems Administrator Dept. of Computer & Information Sciences U of Alabama at Birmingham EuroOSCON Amsterdam, The Netherlands October 17-20, 2005
This talk.... WILL ● Briefly review LDAP concepts ● Cover common uses of LDAP ● Present examples of advanced usage ● Hopefully inspire you to use LDAP! WILL NOT ● Show you how to install LDAP ● Teach you how to configure LDAP in specific OSes ● Give all the details needed to use LDAP ● Leave you disappointed (hopefully!)
Link to Slides ● These slides are available now online at http://www.cis.uab.edu/fran/ if you wish to follow along ● They will also be available after the conference on the conference web site
Getting to Know the Audience ● How many of you know what LDAP is? ● How many of you are using LDAP right now? ● How many of you are using it for something other than user authentication or email address books?
Brief Review of LDAP What is it? What does it look like? Common Usage
What is LDAP? ● Lightweight Directory Access Protocol ● A standard protocol for accessing directory services ● Also used to refer to the directories being accessed ● Based on the X.500 specification ● Represents hierarchical information in entries consisting of a collection of attributes with a unique, or distinguished name
No really, what is LDAP? ● It's a good way to store data that is: – Mostly read access – Needed by many machines/services on the network – Generally represents collections of entities common in large organizations ● User and Group Accounts ● Computers ● Email Addresses and Contact Information ● Departments and Business Units
LDAP Structure ● An object class defines the valid attributes and properties for an entry ● A set of related object classes forms a schema. For example, you may have a schema to represent the users in a university department. ● Distinguished names similar to DNS. Ex: ou=People,dc=eurooscon,dc=example,dc=com ● LDIF (Lightweight Directory Interchange Format)
LDIF Example dn: uid=test,ou=People,dc=eurooscon,dc=example,dc=com cn: Test User uid: testuser uidNumber: 501 loginShell: /bin/sh homeDirectory: /home/testuser gidNumber: 100 userPassword:: e2NyeXB0fVRYaHRIa05GOUdBSWc= objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson shadowLastChange: 13072 givenName: Test sn: User gecos: Test User
More on LDAP structure ● One entry can have multiple classes – only one can be structural (inetOrgPerson) – the rest are auxiliary ● For each class, there is a set of required attributes and a set of optional attributes. – If you are a posixAccount, you must have a uid and may have a description ● Each entry will have a unique distinguished name to reference it
Common Uses of LDAP ● User Directories: email addresses, students ● User Accounts: Centralizing accounts, access control, groups ● Inventory Catalogs: machines, offices ● Network Service Backend: DNS, Email ● Usually NOT a replacement for relational data
LDAP Applied Various Ways To Apply LDAP to Solve IT Problems
Migrating User Accounts to LDAP ● Why do you want to do this?
Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts
Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts ● To modernize from some other network account store (e.g. NIS)
Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts ● To modernize from some other network account store (e.g. NIS) ● Eliminate duplication of data (already using LDAP for corporate address book?)
Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts ● To modernize from some other network account store (e.g. NIS) ● Eliminate duplication of data (already using LDAP for corporate address book?) ● To better scale to the needs of a growing organization
Migrating User Accounts to LDAP ● NIS/NIS+ LDAP or /etc/passwd LDAP ● PADL.com MigrationTools scripts – May need to be modified ● General solution: – produce LDIF – Import into LDAP with ldapadd and ldapmodify
Migrating User Accounts to LDAP ● posixAccount – a standard LDAP schema to represent user accounts ● Demo: migrate_passwd.pl nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description )
Activating LDAP-Based Logins ● pam_ldap (from PADL.com), inserts into the PAM authentication stack and partners with nss_ldap (also PADL.com) to provide authentication against LDAP ● Seamlessly authenticates both local and LDAP- based users ● Many distros automate configuration (e.g. Fedora) ● Demo: pam_ldap configuration
Integrating LDAP and Email ● Client Side - why? – Address Book lookups in LDAP – Autocompletion of partial email addresses
Integrating LDAP and Email ● Client Side - why? – Address Book lookups in LDAP – Autocompletion of partial email addresses ● Server Side - why? – Store white/blacklists – virtual mailboxes – Aliases – User preferences
Integrating LDAP and Email ● Client Side - why? – Address Book lookups in LDAP – Autocompletion of partial email addresses ● Server Side - why? – Store white/blacklists – virtual mailboxes – Aliases – User preferences ● Add the inetOrgPerson schema to LDAP entries
LDAP and Email - Client ● Demo: Thunderbird and LDAP ● Many other email clients support LDAP lookups – Outlook, Outlook Express, Netscape, Pine, Eudora, Evolution, SquirrelMail, Mac Mail, etc... ● Clients can use LDAP for other things besides just address lookups – ex. SquirrelMail (web mail) has a plugin to store user preferences in LDAP.
LDAP and Email - Server ● Many email servers can integrate with LDAP ● Alias lookups (Postfix) alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf (all on one line) ldap-aliases.cf contains: server_host = 192.168.139.128 sever_base = dc=eurooscon,dc=example,dc=com ● Now, Postfix can deliver to both local and LDAP user mail aliases
LDAP and Email - Server ● Postfix expects a certain LDAP schema to support this (these names are configurable) dn: cn=Accounting Staff List, dc=my, dc=com cn: Accounting Staff List o: my.com objectclass: maillist mailacceptinggeneralid: accountingstaff mailacceptinggeneralid: accounting-staff maildrop: mylist-owner maildrop: an-accountant maildrop: some-other-accountant maildrop: this, that, theother
LDAP and Email - Server ● Common usage is virtual mailboxes (e.g. ISP) ● Another common usage is to rewrite addresses fran@eurooscon.example.com to Fran.Fabrizio@eurooscon.example.com ● Sendmail, Exim, Courier, Courier-IMAP, Cyrus, uw-imap, and Qmail (and many others) all support integration with LDAP to various degrees
LDAP and Web-Based Resources ● Authenticate users to gain access to restricted parts of web site ● mod_auth_ldap – Apache module ● User-based and group-based authentication
Using LDAP with Apache ● Apache 2.0 ships with mod_auth_ldap ● Restrict access to a directory with Location <Location /protected> AuthName “Protected Directory” AuthType basic AuthLDAPURL ldap://ldap.cis.uab.edu:389/ou=People,dc=cis,dc =uab,dc=edu require valid-user # OR require group membership instead AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off require group cn=admin,ou=group, dc=eurooscon,dc=example,dc=com </Location>
Using LDAP with Apache ● Demo: valid-user access ● Demo: group access
Advanced Apache/LDAP Integration ● Fancy filters AuthLDAPURL ldap://eurooscon.example.com:389/ou=people,dc=e urooscon,dc=example,dc=com??(| (pagerID=*)(uid=fran)) ● Demo: Fancy Filters Example – “LDAP Applied Attendees Only”
Fancy Filter Example ● Configuration for the demo... <Location /ldapapplied> AuthType basic AuthName "LDAP Applied Attendees Only" AuthLDAPURL ldap://192.168.139.128/ou=people,dc=eurooscon,dc=example,d c=com?uid??(comExampleEuroosconSession=LDAPApplied) require valid-user </Location>
Extending LDAP Schemas ● Last slide implies attribute comExampleEuroosconSession with a value of “LDAPApplied” exists for some users ● How'd that work? We extend the LDAP Schema... – Store information custom to your environment
local.schema ● We define a local schema for this attribute in a file called local.schema: attributetype (1.3.6.1.4.1.7341.999.2.1 NAME 'comExampleEuroosconSession' DESC 'a session at EuroOSCON' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclass (1.3.6.1.4.1.7341.999.1.1 NAME 'comExampleEuroosconAttendee' DESC 'optional class to represent EuroOSCON sessions' AUXILIARY MAY comExampleEuroosconSession ) The “1.3.6.1.4.1.7341.999.2.1” is an OID, a unique LDAP object identifier. More information available at http://www.iana.org/. This one was taken from my workplace. You probably don't need to use them, but I do just to be complete.
local.schema continued ● We tell the LDAP server to include this in its known schemas include /etc/openldap/schema/local.schema ● Now LDAP user entries can have: – comExampleEuroosconAttendee - optional auxiliary class – comExampleEuroosconSession – optional attribute within that class
LDAP and DNS ● Storing DNS tables in LDAP instead of flat files ● Bind, tinydns, PowerDNS and others support this ● dnsZone structural object class ● zone2ldap tool with bind will convert flat files to LDAP
Scripting LDAP Getting at LDAP from various languages
LDAP and Perl ● From Perl, use Net::LDAP use Net::LDAP; $ldap = Net::LDAP->new('ldap.eurooscon.com'); $msg = $ldap->bind; $msg = $ldap->search( base=>”dc=example,dc=com”, filter=>”(objectClass=*)”); $msg->code && die $msg->error; $result = $ldap->add( “cn=fran,ou=People,dc=uab,dc=edu”, attr => [ cn => [“Fran Fabrizio”], mail => [“fran@cis.uab.edu”], etc.....
LDAP and Perl ● Demo: Adding a User from Perl
LDAP and PHP ● PHP has an LDAP API <?php $ldap = ldap_connect('ldap.cis.uab.edu'); $result = ldap_bind($ldap); $search=ldap_search($ldap, “dc=cis,dc=uab,dc=edu”, “sn=Fabr*”); $data = ldap_get_entries($ldap, $search); $result = ldap_add(.....);
Programmatic LDAP - Others ● Java – Support through the JNDI or JLDAP (openldap.org) ● C – OpenLDAP's C API ● Ruby – Ruby-ldap ● Python – Python-ldap
LDAP and Relational Data ● Would be neat to do queries that link LDAP and relational data – Example: CIS Web Site ● dblink-ldap – http://pgfoundry.org/projects/dblink-ldap/ – beta project to provide LDAP data as a table/view within PostgreSQL ● Microsoft has OLE DB Provider for Directory Services – access AD with SQL queries
LDAP and Windows Strategies for LDAP in a multiplatform environment
Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server
Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations
Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations ● Can also script from VBScript
Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations ● Can also script from VBScript ● AD4Unix is a plugin (sf.net/projects/ad4unix) that adds Unix attributes to AD and manages them through AD Users and Computers MMC.
Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations ● Can also script from VBScript ● AD4Unix is a plugin (sf.net/projects/ad4unix) that adds Unix attributes to AD and manages them through AD Users and Computers MMC. ● pam_ldap can auth against AD
Strategy 1: AD -is- LDAP ● This model can be expanded to allow pam_ldap to update user passwords in AD
Strategy 1: AD -is- LDAP ● This model can be expanded to allow pam_ldap to update user passwords in AD ● Additionally, nss_ldap can also talk to AD, but is expecting Unix-like attributes for home dirs, uid/gid, shells, etc... – Installing MS's Services for Unix installs the NIS server, which has the side effect of doing this for you – Or, extend the schema yourself – install MKSADExtPlugin, and register the Active Directory Schema MMC to set the option to allow schema edits
Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest
Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest ● Unless you plan to use Kerberos authentication with your LDAP server, you'll need to reset users' passwords
Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest ● Unless you plan to use Kerberos authentication with your LDAP server, you'll need to reset users' passwords ● This will also require alteration of the LDIF that Microsoft produces to be more Unix friendly
Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest ● Unless you plan to use Kerberos authentication with your LDAP server, you'll need to reset users' passwords ● This will also require alteration of the LDIF that Microsoft produces to be more Unix friendly ● pGina can authenticate Windows clients against Unix LDAP server
Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication)
Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication) ● Allows Windows clients to authenticate against various sources via a plugin architecture – including LDAP, of course
Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication) ● Allows Windows clients to authenticate against various sources via a plugin architecture – including LDAP, of course ● Highly customizable
Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication) ● Allows Windows clients to authenticate against various sources via a plugin architecture – including LDAP, of course ● Highly customizable ● Demo: pGina
Monitoring LDAP ● Reading LDAP logs – Debug levels allow output of useful information – /usr/sbin/slapd -d xxx ● 8 – connection management ● 32 – search filter processing ● 64 – config file processing ● 128 – access control list processing ● 256 – connections/operations/results ● additive – 288 is conn/ops/results and search filters
Managing LDAP ● Command line – ldap* and slap* tools for OpenLDAP ● Scripting ● GQ – Simple GTK+/GTK2 GUI – sf.net/projects/gqclient ● Webmin – webmin.com – LDAP Users and Groups plugin ● Demo: webmin
Other Uses of LDAP ● Samba authentication – advantages over smbpasswd file ● Serving certificates ● Machine configurations ● Radius authentication ● Managing network printers
Conclusions ● LDAP can consolidate many administrative tasks ● LDAP is optimized for reads and will be faster than SQL for simple reads ● LDAP can improve scalability – all mail servers in organization can use same data store, for instance ● Once in place, LDAP can often be reapplied to solve new problems
For More Information ● www.openldap.org ● PADL.com – pam_ldap – nss_ldap – MigrationTools ● Book: LDAP System Administration by Gerald Carter, published by O'Reilly – More detail about a lot of these ideas is found there
Thank You ● Thanks for coming! ● My contact information is: Fran Fabrizio fran@cis.uab.edu http://www.cis.uab.edu/fran/ ● Feel free to email any questions you may have, or catch me at the conference for the rest of the week!

Recommended

Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
Anatoliy Okhotnikov
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
Ali Abdo
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
MongoDB
 
EKON 12 Running OpenLDAP
EKON 12 Running OpenLDAP EKON 12 Running OpenLDAP
EKON 12 Running OpenLDAP
Max Kleiner
 
A Deep Dive Into Spark
A Deep Dive Into SparkA Deep Dive Into Spark
A Deep Dive Into Spark
Ashish kumar
 
LDAP Theory
LDAP TheoryLDAP Theory
LDAP Theorycyberleon95
 
Thrift vs Protocol Buffers vs Avro - Biased Comparison
Thrift vs Protocol Buffers vs Avro - Biased ComparisonThrift vs Protocol Buffers vs Avro - Biased Comparison
Thrift vs Protocol Buffers vs Avro - Biased Comparison
Igor Anishchenko
 

Recommended

Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
Anatoliy Okhotnikov
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
Ali Abdo
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
MongoDB
 
EKON 12 Running OpenLDAP
EKON 12 Running OpenLDAP EKON 12 Running OpenLDAP
EKON 12 Running OpenLDAP
Max Kleiner
 
A Deep Dive Into Spark
A Deep Dive Into SparkA Deep Dive Into Spark
A Deep Dive Into Spark
Ashish kumar
 
LDAP Theory
LDAP TheoryLDAP Theory
LDAP Theorycyberleon95
 
Thrift vs Protocol Buffers vs Avro - Biased Comparison
Thrift vs Protocol Buffers vs Avro - Biased ComparisonThrift vs Protocol Buffers vs Avro - Biased Comparison
Thrift vs Protocol Buffers vs Avro - Biased Comparison
Igor Anishchenko
 
Java JDBC
Java JDBCJava JDBC
Java JDBCJussi Pohjolainen
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDuraSpace
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Library
rajivkumarmca
 
Rest style web services (google protocol buffers) prasad nirantar
Rest style web services (google protocol buffers) prasad nirantarRest style web services (google protocol buffers) prasad nirantar
Rest style web services (google protocol buffers) prasad nirantar
IndicThreads
 
Introduction to Thrift
Introduction to ThriftIntroduction to Thrift
Introduction to ThriftDvir Volk
 
DSLs in JavaScript
DSLs in JavaScriptDSLs in JavaScript
DSLs in JavaScriptelliando dias
 
Dplyr packages
Dplyr packagesDplyr packages
Dplyr packages
19mss020Karthick
 
Apache Thrift, a brief introduction
Apache Thrift, a brief introductionApache Thrift, a brief introduction
Apache Thrift, a brief introduction
Randy Abernethy
 
Transformations and actions a visual guide training
Transformations and actions a visual guide trainingTransformations and actions a visual guide training
Transformations and actions a visual guide training
Spark Summit
 
DSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDuraSpace
 
Database Programming Techniques
Database Programming TechniquesDatabase Programming Techniques
Database Programming Techniques
Raji Ghawi
 
CodeIgniter & MVC
CodeIgniter & MVCCodeIgniter & MVC
CodeIgniter & MVCJamshid Hashimi
 
Scala and spark
Scala and sparkScala and spark
Scala and spark
Fabio Fumarola
 
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Impetus Technologies
 
RESTLess Design with Apache Thrift: Experiences from Apache Airavata
RESTLess Design with Apache Thrift: Experiences from Apache AiravataRESTLess Design with Apache Thrift: Experiences from Apache Airavata
RESTLess Design with Apache Thrift: Experiences from Apache Airavata
smarru
 
XFILES, The APEX 4 version - The truth is in there
XFILES, The APEX 4 version - The truth is in thereXFILES, The APEX 4 version - The truth is in there
XFILES, The APEX 4 version - The truth is in there
Marco Gralike
 
Overview Of .Net 4.0 Sanjay Vyas
Overview Of .Net 4.0 Sanjay VyasOverview Of .Net 4.0 Sanjay Vyas
Overview Of .Net 4.0 Sanjay Vyasrsnarayanan
 
Decoupled Libraries for PHP
Decoupled Libraries for PHPDecoupled Libraries for PHP
Decoupled Libraries for PHPPaul Jones
 
Apache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesApache thrift-RPC service cross languages
Apache thrift-RPC service cross languages
Jimmy Lai
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
Bill Buchan
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01SANE Ibrahima
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 

More Related Content

What's hot

DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDuraSpace
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Library
rajivkumarmca
 
Rest style web services (google protocol buffers) prasad nirantar
Rest style web services (google protocol buffers) prasad nirantarRest style web services (google protocol buffers) prasad nirantar
Rest style web services (google protocol buffers) prasad nirantar
IndicThreads
 
Introduction to Thrift
Introduction to ThriftIntroduction to Thrift
Introduction to ThriftDvir Volk
 
Dplyr packages
Dplyr packagesDplyr packages
Dplyr packages
19mss020Karthick
 
Apache Thrift, a brief introduction
Apache Thrift, a brief introductionApache Thrift, a brief introduction
Apache Thrift, a brief introduction
Randy Abernethy
 
Transformations and actions a visual guide training
Transformations and actions a visual guide trainingTransformations and actions a visual guide training
Transformations and actions a visual guide training
Spark Summit
 
DSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDuraSpace
 
Database Programming Techniques
Database Programming TechniquesDatabase Programming Techniques
Database Programming Techniques
Raji Ghawi
 
Scala and spark
Scala and sparkScala and spark
Scala and spark
Fabio Fumarola
 
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Impetus Technologies
 
RESTLess Design with Apache Thrift: Experiences from Apache Airavata
RESTLess Design with Apache Thrift: Experiences from Apache AiravataRESTLess Design with Apache Thrift: Experiences from Apache Airavata
RESTLess Design with Apache Thrift: Experiences from Apache Airavata
smarru
 
XFILES, The APEX 4 version - The truth is in there
XFILES, The APEX 4 version - The truth is in thereXFILES, The APEX 4 version - The truth is in there
XFILES, The APEX 4 version - The truth is in there
Marco Gralike
 
Overview Of .Net 4.0 Sanjay Vyas
Overview Of .Net 4.0 Sanjay VyasOverview Of .Net 4.0 Sanjay Vyas
Overview Of .Net 4.0 Sanjay Vyasrsnarayanan
 
Decoupled Libraries for PHP
Decoupled Libraries for PHPDecoupled Libraries for PHP
Decoupled Libraries for PHPPaul Jones
 
Apache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesApache thrift-RPC service cross languages
Apache thrift-RPC service cross languages
Jimmy Lai
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
Bill Buchan
 

What's hot (20)

Java JDBC
Java JDBCJava JDBC
Java JDBC
 
DSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & ConfigurationDSpace 4.2 Basics & Configuration
DSpace 4.2 Basics & Configuration
 
DSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital LibraryDSpace Tutorial : Open Source Digital Library
DSpace Tutorial : Open Source Digital Library
 
Rest style web services (google protocol buffers) prasad nirantar
Rest style web services (google protocol buffers) prasad nirantarRest style web services (google protocol buffers) prasad nirantar
Rest style web services (google protocol buffers) prasad nirantar
 
Introduction to Thrift
Introduction to ThriftIntroduction to Thrift
Introduction to Thrift
 
DSLs in JavaScript
DSLs in JavaScriptDSLs in JavaScript
DSLs in JavaScript
 
Dplyr packages
Dplyr packagesDplyr packages
Dplyr packages
 
Apache Thrift, a brief introduction
Apache Thrift, a brief introductionApache Thrift, a brief introduction
Apache Thrift, a brief introduction
 
Transformations and actions a visual guide training
Transformations and actions a visual guide trainingTransformations and actions a visual guide training
Transformations and actions a visual guide training
 
DSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/ExportDSpace 4.2 Transmission: Import/Export
DSpace 4.2 Transmission: Import/Export
 
Database Programming Techniques
Database Programming TechniquesDatabase Programming Techniques
Database Programming Techniques
 
CodeIgniter & MVC
CodeIgniter & MVCCodeIgniter & MVC
CodeIgniter & MVC
 
Scala and spark
Scala and sparkScala and spark
Scala and spark
 
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...
 
RESTLess Design with Apache Thrift: Experiences from Apache Airavata
RESTLess Design with Apache Thrift: Experiences from Apache AiravataRESTLess Design with Apache Thrift: Experiences from Apache Airavata
RESTLess Design with Apache Thrift: Experiences from Apache Airavata
 
XFILES, The APEX 4 version - The truth is in there
XFILES, The APEX 4 version - The truth is in thereXFILES, The APEX 4 version - The truth is in there
XFILES, The APEX 4 version - The truth is in there
 
Overview Of .Net 4.0 Sanjay Vyas
Overview Of .Net 4.0 Sanjay VyasOverview Of .Net 4.0 Sanjay Vyas
Overview Of .Net 4.0 Sanjay Vyas
 
Decoupled Libraries for PHP
Decoupled Libraries for PHPDecoupled Libraries for PHP
Decoupled Libraries for PHP
 
Apache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesApache thrift-RPC service cross languages
Apache thrift-RPC service cross languages
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
 

Similar to LDAP Applied (EuroOSCON 2005)

Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01SANE Ibrahima
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 
Slaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverSlaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP server
ESUG
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
Wildan Maulana
 
ivanova-samba_backend.pdf
ivanova-samba_backend.pdfivanova-samba_backend.pdf
ivanova-samba_backend.pdf
OrlandoJesusFigueroa
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
rezgui
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
RUDDER
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
Jonathan Clarke
 
OpenStack Keystone with LDAP
OpenStack Keystone with LDAPOpenStack Keystone with LDAP
OpenStack Keystone with LDAP
Jesse Pretorius
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerLDAPCon
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLsbahloul
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
S. Hasnain Raza
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
Peter McLarty
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
Perforce
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
ShanmugapriyaSenthil3
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
Wong Hoi Sing Edison
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
S.Shayan Daneshvar
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
Clément OUDOT
 

Similar to LDAP Applied (EuroOSCON 2005) (20)

Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
 
Slaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverSlaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP server
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
 
ivanova-samba_backend.pdf
ivanova-samba_backend.pdfivanova-samba_backend.pdf
ivanova-samba_backend.pdf
 
Ldapsession
LdapsessionLdapsession
Ldapsession
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
OpenStack Keystone with LDAP
OpenStack Keystone with LDAPOpenStack Keystone with LDAP
OpenStack Keystone with LDAP
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory Manager
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLL
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 

More from Fran Fabrizio

Careers in System Administration (2007)
Careers in System Administration (2007)Careers in System Administration (2007)
Careers in System Administration (2007)
Fran Fabrizio
 
Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)
Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)
Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)
Fran Fabrizio
 
AJAX the Great: The Origin and Development of the Dynamic Web (2007)
AJAX the Great: The Origin and Development of the Dynamic Web (2007)AJAX the Great: The Origin and Development of the Dynamic Web (2007)
AJAX the Great: The Origin and Development of the Dynamic Web (2007)
Fran Fabrizio
 
Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)
Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)
Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)
Fran Fabrizio
 
Rebooting the Team - Surge 2013
Rebooting the Team - Surge 2013Rebooting the Team - Surge 2013
Rebooting the Team - Surge 2013
Fran Fabrizio
 
Scaffolding for a Growing Team - Surge 2014
Scaffolding for a Growing Team - Surge 2014Scaffolding for a Growing Team - Surge 2014
Scaffolding for a Growing Team - Surge 2014
Fran Fabrizio
 

More from Fran Fabrizio (6)

Careers in System Administration (2007)
Careers in System Administration (2007)Careers in System Administration (2007)
Careers in System Administration (2007)
 
Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)
Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)
Amanda for Data Backup, or: How to Sleep Better at Night (OSCON 2004)
 
AJAX the Great: The Origin and Development of the Dynamic Web (2007)
AJAX the Great: The Origin and Development of the Dynamic Web (2007)AJAX the Great: The Origin and Development of the Dynamic Web (2007)
AJAX the Great: The Origin and Development of the Dynamic Web (2007)
 
Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)
Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)
Open Source Data Backup, or: How to Sleep Better at Night (OSCON 2005)
 
Rebooting the Team - Surge 2013
Rebooting the Team - Surge 2013Rebooting the Team - Surge 2013
Rebooting the Team - Surge 2013
 
Scaffolding for a Growing Team - Surge 2014
Scaffolding for a Growing Team - Surge 2014Scaffolding for a Growing Team - Surge 2014
Scaffolding for a Growing Team - Surge 2014
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 

LDAP Applied (EuroOSCON 2005)

  • 1. LDAP Applied Fran Fabrizio Sr. Systems Administrator Dept. of Computer & Information Sciences U of Alabama at Birmingham EuroOSCON Amsterdam, The Netherlands October 17-20, 2005
  • 2. This talk.... WILL ● Briefly review LDAP concepts ● Cover common uses of LDAP ● Present examples of advanced usage ● Hopefully inspire you to use LDAP! WILL NOT ● Show you how to install LDAP ● Teach you how to configure LDAP in specific OSes ● Give all the details needed to use LDAP ● Leave you disappointed (hopefully!)
  • 3. Link to Slides ● These slides are available now online at http://www.cis.uab.edu/fran/ if you wish to follow along ● They will also be available after the conference on the conference web site
  • 4. Getting to Know the Audience ● How many of you know what LDAP is? ● How many of you are using LDAP right now? ● How many of you are using it for something other than user authentication or email address books?
  • 5. Brief Review of LDAP What is it? What does it look like? Common Usage
  • 6. What is LDAP? ● Lightweight Directory Access Protocol ● A standard protocol for accessing directory services ● Also used to refer to the directories being accessed ● Based on the X.500 specification ● Represents hierarchical information in entries consisting of a collection of attributes with a unique, or distinguished name
  • 7. No really, what is LDAP? ● It's a good way to store data that is: – Mostly read access – Needed by many machines/services on the network – Generally represents collections of entities common in large organizations ● User and Group Accounts ● Computers ● Email Addresses and Contact Information ● Departments and Business Units
  • 8. LDAP Structure ● An object class defines the valid attributes and properties for an entry ● A set of related object classes forms a schema. For example, you may have a schema to represent the users in a university department. ● Distinguished names similar to DNS. Ex: ou=People,dc=eurooscon,dc=example,dc=com ● LDIF (Lightweight Directory Interchange Format)
  • 9. LDIF Example dn: uid=test,ou=People,dc=eurooscon,dc=example,dc=com cn: Test User uid: testuser uidNumber: 501 loginShell: /bin/sh homeDirectory: /home/testuser gidNumber: 100 userPassword:: e2NyeXB0fVRYaHRIa05GOUdBSWc= objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson shadowLastChange: 13072 givenName: Test sn: User gecos: Test User
  • 10. More on LDAP structure ● One entry can have multiple classes – only one can be structural (inetOrgPerson) – the rest are auxiliary ● For each class, there is a set of required attributes and a set of optional attributes. – If you are a posixAccount, you must have a uid and may have a description ● Each entry will have a unique distinguished name to reference it
  • 11. Common Uses of LDAP ● User Directories: email addresses, students ● User Accounts: Centralizing accounts, access control, groups ● Inventory Catalogs: machines, offices ● Network Service Backend: DNS, Email ● Usually NOT a replacement for relational data
  • 12. LDAP Applied Various Ways To Apply LDAP to Solve IT Problems
  • 13. Migrating User Accounts to LDAP ● Why do you want to do this?
  • 14. Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts
  • 15. Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts ● To modernize from some other network account store (e.g. NIS)
  • 16. Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts ● To modernize from some other network account store (e.g. NIS) ● Eliminate duplication of data (already using LDAP for corporate address book?)
  • 17. Migrating User Accounts to LDAP ● Why do you want to do this? ● To centralize user accounts ● To modernize from some other network account store (e.g. NIS) ● Eliminate duplication of data (already using LDAP for corporate address book?) ● To better scale to the needs of a growing organization
  • 18. Migrating User Accounts to LDAP ● NIS/NIS+ LDAP or /etc/passwd LDAP ● PADL.com MigrationTools scripts – May need to be modified ● General solution: – produce LDIF – Import into LDAP with ldapadd and ldapmodify
  • 19. Migrating User Accounts to LDAP ● posixAccount – a standard LDAP schema to represent user accounts ● Demo: migrate_passwd.pl nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description )
  • 20. Activating LDAP-Based Logins ● pam_ldap (from PADL.com), inserts into the PAM authentication stack and partners with nss_ldap (also PADL.com) to provide authentication against LDAP ● Seamlessly authenticates both local and LDAP- based users ● Many distros automate configuration (e.g. Fedora) ● Demo: pam_ldap configuration
  • 21. Integrating LDAP and Email ● Client Side - why? – Address Book lookups in LDAP – Autocompletion of partial email addresses
  • 22. Integrating LDAP and Email ● Client Side - why? – Address Book lookups in LDAP – Autocompletion of partial email addresses ● Server Side - why? – Store white/blacklists – virtual mailboxes – Aliases – User preferences
  • 23. Integrating LDAP and Email ● Client Side - why? – Address Book lookups in LDAP – Autocompletion of partial email addresses ● Server Side - why? – Store white/blacklists – virtual mailboxes – Aliases – User preferences ● Add the inetOrgPerson schema to LDAP entries
  • 24. LDAP and Email - Client ● Demo: Thunderbird and LDAP ● Many other email clients support LDAP lookups – Outlook, Outlook Express, Netscape, Pine, Eudora, Evolution, SquirrelMail, Mac Mail, etc... ● Clients can use LDAP for other things besides just address lookups – ex. SquirrelMail (web mail) has a plugin to store user preferences in LDAP.
  • 25. LDAP and Email - Server ● Many email servers can integrate with LDAP ● Alias lookups (Postfix) alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf (all on one line) ldap-aliases.cf contains: server_host = 192.168.139.128 sever_base = dc=eurooscon,dc=example,dc=com ● Now, Postfix can deliver to both local and LDAP user mail aliases
  • 26. LDAP and Email - Server ● Postfix expects a certain LDAP schema to support this (these names are configurable) dn: cn=Accounting Staff List, dc=my, dc=com cn: Accounting Staff List o: my.com objectclass: maillist mailacceptinggeneralid: accountingstaff mailacceptinggeneralid: accounting-staff maildrop: mylist-owner maildrop: an-accountant maildrop: some-other-accountant maildrop: this, that, theother
  • 27. LDAP and Email - Server ● Common usage is virtual mailboxes (e.g. ISP) ● Another common usage is to rewrite addresses fran@eurooscon.example.com to Fran.Fabrizio@eurooscon.example.com ● Sendmail, Exim, Courier, Courier-IMAP, Cyrus, uw-imap, and Qmail (and many others) all support integration with LDAP to various degrees
  • 28. LDAP and Web-Based Resources ● Authenticate users to gain access to restricted parts of web site ● mod_auth_ldap – Apache module ● User-based and group-based authentication
  • 29. Using LDAP with Apache ● Apache 2.0 ships with mod_auth_ldap ● Restrict access to a directory with Location <Location /protected> AuthName “Protected Directory” AuthType basic AuthLDAPURL ldap://ldap.cis.uab.edu:389/ou=People,dc=cis,dc =uab,dc=edu require valid-user # OR require group membership instead AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off require group cn=admin,ou=group, dc=eurooscon,dc=example,dc=com </Location>
  • 30. Using LDAP with Apache ● Demo: valid-user access ● Demo: group access
  • 31. Advanced Apache/LDAP Integration ● Fancy filters AuthLDAPURL ldap://eurooscon.example.com:389/ou=people,dc=e urooscon,dc=example,dc=com??(| (pagerID=*)(uid=fran)) ● Demo: Fancy Filters Example – “LDAP Applied Attendees Only”
  • 32. Fancy Filter Example ● Configuration for the demo... <Location /ldapapplied> AuthType basic AuthName "LDAP Applied Attendees Only" AuthLDAPURL ldap://192.168.139.128/ou=people,dc=eurooscon,dc=example,d c=com?uid??(comExampleEuroosconSession=LDAPApplied) require valid-user </Location>
  • 33. Extending LDAP Schemas ● Last slide implies attribute comExampleEuroosconSession with a value of “LDAPApplied” exists for some users ● How'd that work? We extend the LDAP Schema... – Store information custom to your environment
  • 34. local.schema ● We define a local schema for this attribute in a file called local.schema: attributetype (1.3.6.1.4.1.7341.999.2.1 NAME 'comExampleEuroosconSession' DESC 'a session at EuroOSCON' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclass (1.3.6.1.4.1.7341.999.1.1 NAME 'comExampleEuroosconAttendee' DESC 'optional class to represent EuroOSCON sessions' AUXILIARY MAY comExampleEuroosconSession ) The “1.3.6.1.4.1.7341.999.2.1” is an OID, a unique LDAP object identifier. More information available at http://www.iana.org/. This one was taken from my workplace. You probably don't need to use them, but I do just to be complete.
  • 35. local.schema continued ● We tell the LDAP server to include this in its known schemas include /etc/openldap/schema/local.schema ● Now LDAP user entries can have: – comExampleEuroosconAttendee - optional auxiliary class – comExampleEuroosconSession – optional attribute within that class
  • 36. LDAP and DNS ● Storing DNS tables in LDAP instead of flat files ● Bind, tinydns, PowerDNS and others support this ● dnsZone structural object class ● zone2ldap tool with bind will convert flat files to LDAP
  • 37. Scripting LDAP Getting at LDAP from various languages
  • 38. LDAP and Perl ● From Perl, use Net::LDAP use Net::LDAP; $ldap = Net::LDAP->new('ldap.eurooscon.com'); $msg = $ldap->bind; $msg = $ldap->search( base=>”dc=example,dc=com”, filter=>”(objectClass=*)”); $msg->code && die $msg->error; $result = $ldap->add( “cn=fran,ou=People,dc=uab,dc=edu”, attr => [ cn => [“Fran Fabrizio”], mail => [“fran@cis.uab.edu”], etc.....
  • 39. LDAP and Perl ● Demo: Adding a User from Perl
  • 40. LDAP and PHP ● PHP has an LDAP API <?php $ldap = ldap_connect('ldap.cis.uab.edu'); $result = ldap_bind($ldap); $search=ldap_search($ldap, “dc=cis,dc=uab,dc=edu”, “sn=Fabr*”); $data = ldap_get_entries($ldap, $search); $result = ldap_add(.....);
  • 41. Programmatic LDAP - Others ● Java – Support through the JNDI or JLDAP (openldap.org) ● C – OpenLDAP's C API ● Ruby – Ruby-ldap ● Python – Python-ldap
  • 42. LDAP and Relational Data ● Would be neat to do queries that link LDAP and relational data – Example: CIS Web Site ● dblink-ldap – http://pgfoundry.org/projects/dblink-ldap/ – beta project to provide LDAP data as a table/view within PostgreSQL ● Microsoft has OLE DB Provider for Directory Services – access AD with SQL queries
  • 43. LDAP and Windows Strategies for LDAP in a multiplatform environment
  • 44. Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server
  • 45. Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations
  • 46. Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations ● Can also script from VBScript
  • 47. Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations ● Can also script from VBScript ● AD4Unix is a plugin (sf.net/projects/ad4unix) that adds Unix attributes to AD and manages them through AD Users and Computers MMC.
  • 48. Strategy 1: AD -is- LDAP ● Active Directory -is- an LDAP version 3 server ● AD can import LDIF – Ldifde.exe included with Windows Server 2003 and supports batch LDIF operations ● Can also script from VBScript ● AD4Unix is a plugin (sf.net/projects/ad4unix) that adds Unix attributes to AD and manages them through AD Users and Computers MMC. ● pam_ldap can auth against AD
  • 49. Strategy 1: AD -is- LDAP ● This model can be expanded to allow pam_ldap to update user passwords in AD
  • 50. Strategy 1: AD -is- LDAP ● This model can be expanded to allow pam_ldap to update user passwords in AD ● Additionally, nss_ldap can also talk to AD, but is expecting Unix-like attributes for home dirs, uid/gid, shells, etc... – Installing MS's Services for Unix installs the NIS server, which has the side effect of doing this for you – Or, extend the schema yourself – install MKSADExtPlugin, and register the Active Directory Schema MMC to set the option to allow schema edits
  • 51. Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest
  • 52. Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest ● Unless you plan to use Kerberos authentication with your LDAP server, you'll need to reset users' passwords
  • 53. Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest ● Unless you plan to use Kerberos authentication with your LDAP server, you'll need to reset users' passwords ● This will also require alteration of the LDIF that Microsoft produces to be more Unix friendly
  • 54. Strategy 2: Migrate AD to LDAP ● ldifde.exe can export AD forest ● Unless you plan to use Kerberos authentication with your LDAP server, you'll need to reset users' passwords ● This will also require alteration of the LDIF that Microsoft produces to be more Unix friendly ● pGina can authenticate Windows clients against Unix LDAP server
  • 55. Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication)
  • 56. Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication) ● Allows Windows clients to authenticate against various sources via a plugin architecture – including LDAP, of course
  • 57. Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication) ● Allows Windows clients to authenticate against various sources via a plugin architecture – including LDAP, of course ● Highly customizable
  • 58. Strategy 2: pGina ● pGina is an open source replacement for Microsoft's Gina (Graphical Identification and Authentication) ● Allows Windows clients to authenticate against various sources via a plugin architecture – including LDAP, of course ● Highly customizable ● Demo: pGina
  • 59. Monitoring LDAP ● Reading LDAP logs – Debug levels allow output of useful information – /usr/sbin/slapd -d xxx ● 8 – connection management ● 32 – search filter processing ● 64 – config file processing ● 128 – access control list processing ● 256 – connections/operations/results ● additive – 288 is conn/ops/results and search filters
  • 60. Managing LDAP ● Command line – ldap* and slap* tools for OpenLDAP ● Scripting ● GQ – Simple GTK+/GTK2 GUI – sf.net/projects/gqclient ● Webmin – webmin.com – LDAP Users and Groups plugin ● Demo: webmin
  • 61. Other Uses of LDAP ● Samba authentication – advantages over smbpasswd file ● Serving certificates ● Machine configurations ● Radius authentication ● Managing network printers
  • 62. Conclusions ● LDAP can consolidate many administrative tasks ● LDAP is optimized for reads and will be faster than SQL for simple reads ● LDAP can improve scalability – all mail servers in organization can use same data store, for instance ● Once in place, LDAP can often be reapplied to solve new problems
  • 63. For More Information ● www.openldap.org ● PADL.com – pam_ldap – nss_ldap – MigrationTools ● Book: LDAP System Administration by Gerald Carter, published by O'Reilly – More detail about a lot of these ideas is found there
  • 64. Thank You ● Thanks for coming! ● My contact information is: Fran Fabrizio fran@cis.uab.edu http://www.cis.uab.edu/fran/ ● Feel free to email any questions you may have, or catch me at the conference for the rest of the week!