This talk will briefly review LDAP concepts, cover common uses of LDAP, and present examples of advanced LDAP usage to inspire using LDAP. It will not provide installation or configuration details for specific operating systems. The speaker will link to online slides and get information about the audience's LDAP knowledge and usage.
User administration without you - integrating LDAPMongoDB
*Configure MongoDB and MongoDB Atlas with LDAP authorization
*Test your user's access with mongoldap and other native tools
*Craft LDAP queries to optimize your LDAP accesses
*Adjust query templates and user-to-distinguished-name mappings to account for disparate LDAP trees
*Avoid common configuration mistakes
Open LDAP as A directory serviceis a system for storing and retrieving information in a tree-like structure with the following key properties:
Optimized for reading Distributed storage model Extensible data storage types Advanced search capabilities Consistent replication possibilities
Thrift vs Protocol Buffers vs Avro - Biased ComparisonIgor Anishchenko
Igor Anishchenko
Odessa Java TechTalks
Lohika - May, 2012
Let's take a step back and compare data serialization formats, of which there are plenty. What are the key differences between Apache Thrift, Google Protocol Buffers and Apache Avro. Which is "The Best"? Truth of the matter is, they are all very good and each has its own strong points. Hence, the answer is as much of a personal choice, as well as understanding of the historical context for each, and correctly identifying your own, individual requirements.
User administration without you - integrating LDAPMongoDB
*Configure MongoDB and MongoDB Atlas with LDAP authorization
*Test your user's access with mongoldap and other native tools
*Craft LDAP queries to optimize your LDAP accesses
*Adjust query templates and user-to-distinguished-name mappings to account for disparate LDAP trees
*Avoid common configuration mistakes
Open LDAP as A directory serviceis a system for storing and retrieving information in a tree-like structure with the following key properties:
Optimized for reading Distributed storage model Extensible data storage types Advanced search capabilities Consistent replication possibilities
Thrift vs Protocol Buffers vs Avro - Biased ComparisonIgor Anishchenko
Igor Anishchenko
Odessa Java TechTalks
Lohika - May, 2012
Let's take a step back and compare data serialization formats, of which there are plenty. What are the key differences between Apache Thrift, Google Protocol Buffers and Apache Avro. Which is "The Best"? Truth of the matter is, they are all very good and each has its own strong points. Hence, the answer is as much of a personal choice, as well as understanding of the historical context for each, and correctly identifying your own, individual requirements.
The dplyr package in R Programming Language is a structure of data manipulation that provides a uniform set of verbs, helping to resolve the most frequent data manipulation hurdles.
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...Impetus Technologies
For Impetus’ White Papers archive, visit- http://www.impetus.com/whitepaper
This paper addresses the challenge and details the approach that Impetus has devised, to enhance the caliber of Thrift and enable it to meet enterprise expectations.
RESTLess Design with Apache Thrift: Experiences from Apache Airavatasmarru
Apache Airavata is software for providing services to manage scientific applications on a wide range of remote computing resources. Airavata can be used by both individual scientists to run scientific workflows as well as communities of scientists through Web browser interfaces. It is a challenge to bring all of Airavata’s capabilities together in the single API layer that is our prerequisite for a 1.0 release. To support our diverse use cases, we have developed a rich data model and messaging format that we need to expose to client developers using many programming languages. We do not believe this is a good match for REST style services. In this presentation, we present our use and evaluation of Apache Thrift as an interface and data model definition tool, its use internally in Airavata, and its use to deliver and distribute client development kits.
XFILES, The APEX 4 version - The truth is in thereMarco Gralike
XFILES on APEX presentation, in cooperation with Roel Hartman. The presentation demonstrated implementing versioning for Oracle APEX based on XMLDB versioning functionality.
More info and APEX source code can be found via
http://xace.sourceforge.net
Apache thrift-RPC service cross languagesJimmy Lai
This slides illustrate how to use Apache Thrift for building RPC service and provide demo example code in Python. The example scenario is: we have a prepared machine learning model, and we'd like to load the model in advance as a server for providing prediction service.
The dplyr package in R Programming Language is a structure of data manipulation that provides a uniform set of verbs, helping to resolve the most frequent data manipulation hurdles.
Multiplexing in Thrift: Enhancing thrift to meet Enterprise expectations- Imp...Impetus Technologies
For Impetus’ White Papers archive, visit- http://www.impetus.com/whitepaper
This paper addresses the challenge and details the approach that Impetus has devised, to enhance the caliber of Thrift and enable it to meet enterprise expectations.
RESTLess Design with Apache Thrift: Experiences from Apache Airavatasmarru
Apache Airavata is software for providing services to manage scientific applications on a wide range of remote computing resources. Airavata can be used by both individual scientists to run scientific workflows as well as communities of scientists through Web browser interfaces. It is a challenge to bring all of Airavata’s capabilities together in the single API layer that is our prerequisite for a 1.0 release. To support our diverse use cases, we have developed a rich data model and messaging format that we need to expose to client developers using many programming languages. We do not believe this is a good match for REST style services. In this presentation, we present our use and evaluation of Apache Thrift as an interface and data model definition tool, its use internally in Airavata, and its use to deliver and distribute client development kits.
XFILES, The APEX 4 version - The truth is in thereMarco Gralike
XFILES on APEX presentation, in cooperation with Roel Hartman. The presentation demonstrated implementing versioning for Oracle APEX based on XMLDB versioning functionality.
More info and APEX source code can be found via
http://xace.sourceforge.net
Apache thrift-RPC service cross languagesJimmy Lai
This slides illustrate how to use Apache Thrift for building RPC service and provide demo example code in Python. The example scenario is: we have a prepared machine learning model, and we'd like to load the model in advance as a server for providing prediction service.
Sysadmins are often responsible for various identity stores in a company: directories, applications with built-in account databases, etc...
Ldap Synchronization Connector offers a solution to link these repositories and ensure nobody\’s going to get fired because you forgot to disable an account.
LSC is an open source project under the BSD license - http://lsc-project.org/
Sysadmins are often responsible for various identity stores in a company: directories, applications with built-in account databases, etc...
Ldap Synchronization Connector offers a solution to link these repositories and ensure nobody\'s going to get fired because you forgot to disable an account.
LSC is an open source project under the BSD license - http://lsc-project.org/
Oracle Identity Management presentation for 2010 Conference presented by Peter McLarty, looks at installation issues, planning and design, overall view of 11g Identity Management, more detailed look at installation and configuration of the Oracle Internet Directory.
LDAP stands for Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service. This video gives you a high level overview of LDAP and some examples of software that utilize LDAP, such as Active Directory.
Presentation on Oracle Identity Management from Insync10 conference in Melbourne August 2010. Looks at OID and some of the potential issues around installation and configuration
Active Directory & LDAP Authentication Without TriggersPerforce
See how to build Active Directory and LDAP authentication into the Perforce Server, streamlining the process of linking your Perforce environment with your enterprise authentication system—no triggers required!
The Lightweight Directory Access Protocol (LDAP) is actually a set of open protocols used to access and modify centrally stored information over a network.
AJAX the Great: The Origin and Development of the Dynamic Web (2007)Fran Fabrizio
This is my all-time favorite presentation that I've delivered. I was invited to address the ACM Student Chapter at UAB, and I thought this topic would appeal to them. Having watched the Web grow up (I got on the Web in 1992 when there was still an index page that listed every new page that had appeared on the web that day!), I thought it would be neat to trace the path from completely static, totally text pages to completely dynamic, asynchronous data delivery that was state of the art in 2007.
A year ago, our software development team ended up in a funk. Simply put, we had some bugs in our processes, relationships and environment that were preventing us from being the best team we could be. So we did what any good dev team does when it encounters bugs: we deconstructed the problems, determined the root causes and implemented some fixes. I’ll share our story and discuss the lessons we learned along the way. You’ll take away ideas and tools that can help you explore these critical, but often tricky, topics in order to prepare your team to really scale.
Scaffolding for a Growing Team - Surge 2014Fran Fabrizio
When your team scales beyond the point where information flow happens organically (~8 members), you’ll be confronted with some seriously uncool topics, like time tracking, work estimation, meetings with actual agendas, long-range planning and formalizing your HR processes. In this talk I discuss how our team is tackling these challenges in an engineer-friendly way and get the input we need for data-driven decision making while keeping the dev team happy.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Connector Corner: Automate dynamic content and events by pushing a button
LDAP Applied (EuroOSCON 2005)
1. LDAP Applied
Fran Fabrizio
Sr. Systems Administrator
Dept. of Computer & Information Sciences
U of Alabama at Birmingham
EuroOSCON
Amsterdam, The Netherlands
October 17-20, 2005
2. This talk....
WILL
● Briefly review LDAP
concepts
● Cover common uses
of LDAP
● Present examples of
advanced usage
● Hopefully inspire you
to use LDAP!
WILL NOT
● Show you how to
install LDAP
● Teach you how to
configure LDAP in
specific OSes
● Give all the details
needed to use LDAP
● Leave you
disappointed
(hopefully!)
3. Link to Slides
● These slides are available now online at
http://www.cis.uab.edu/fran/ if you wish to follow
along
● They will also be available after the conference
on the conference web site
4. Getting to Know the Audience
● How many of you know what LDAP is?
● How many of you are using LDAP right now?
● How many of you are using it for something
other than user authentication or email address
books?
5. Brief Review of LDAP
What is it?
What does it look like?
Common Usage
6. What is LDAP?
● Lightweight Directory Access Protocol
● A standard protocol for accessing directory
services
● Also used to refer to the directories being
accessed
● Based on the X.500 specification
● Represents hierarchical information in entries
consisting of a collection of attributes with a
unique, or distinguished name
7. No really, what is LDAP?
● It's a good way to store data that is:
– Mostly read access
– Needed by many machines/services on the network
– Generally represents collections of entities common
in large organizations
● User and Group Accounts
● Computers
● Email Addresses and Contact Information
● Departments and Business Units
8. LDAP Structure
● An object class defines the valid attributes and
properties for an entry
● A set of related object classes forms a schema.
For example, you may have a schema to
represent the users in a university department.
● Distinguished names similar to DNS. Ex:
ou=People,dc=eurooscon,dc=example,dc=com
● LDIF (Lightweight Directory Interchange
Format)
9. LDIF Example
dn: uid=test,ou=People,dc=eurooscon,dc=example,dc=com
cn: Test User
uid: testuser
uidNumber: 501
loginShell: /bin/sh
homeDirectory: /home/testuser
gidNumber: 100
userPassword:: e2NyeXB0fVRYaHRIa05GOUdBSWc=
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
shadowLastChange: 13072
givenName: Test
sn: User
gecos: Test User
10. More on LDAP structure
● One entry can have multiple classes
– only one can be structural (inetOrgPerson)
– the rest are auxiliary
● For each class, there is a set of required
attributes and a set of optional attributes.
– If you are a posixAccount, you must have a uid and
may have a description
● Each entry will have a unique distinguished
name to reference it
11. Common Uses of LDAP
● User Directories: email addresses, students
● User Accounts: Centralizing accounts, access
control, groups
● Inventory Catalogs: machines, offices
● Network Service Backend: DNS, Email
● Usually NOT a replacement for relational data
15. Migrating User Accounts to LDAP
● Why do you want to do this?
● To centralize user accounts
● To modernize from some other network account
store (e.g. NIS)
16. Migrating User Accounts to LDAP
● Why do you want to do this?
● To centralize user accounts
● To modernize from some other network account
store (e.g. NIS)
● Eliminate duplication of data (already using
LDAP for corporate address book?)
17. Migrating User Accounts to LDAP
● Why do you want to do this?
● To centralize user accounts
● To modernize from some other network account
store (e.g. NIS)
● Eliminate duplication of data (already using
LDAP for corporate address book?)
● To better scale to the needs of a growing
organization
18. Migrating User Accounts to LDAP
● NIS/NIS+ LDAP
or
/etc/passwd LDAP
● PADL.com MigrationTools scripts
– May need to be modified
● General solution:
– produce LDIF
– Import into LDAP with ldapadd and ldapmodify
19. Migrating User Accounts to LDAP
● posixAccount – a standard LDAP schema to
represent user accounts
● Demo: migrate_passwd.pl
nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY
DESC 'Abstraction of an account with POSIX attributes'
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description )
20. Activating LDAP-Based Logins
● pam_ldap (from PADL.com), inserts into the
PAM authentication stack and partners with
nss_ldap (also PADL.com) to provide
authentication against LDAP
● Seamlessly authenticates both local and LDAP-
based users
● Many distros automate configuration (e.g.
Fedora)
● Demo: pam_ldap configuration
21. Integrating LDAP and Email
● Client Side - why?
– Address Book lookups in LDAP
– Autocompletion of partial email addresses
22. Integrating LDAP and Email
● Client Side - why?
– Address Book lookups in LDAP
– Autocompletion of partial email addresses
● Server Side - why?
– Store white/blacklists
– virtual mailboxes
– Aliases
– User preferences
23. Integrating LDAP and Email
● Client Side - why?
– Address Book lookups in LDAP
– Autocompletion of partial email addresses
● Server Side - why?
– Store white/blacklists
– virtual mailboxes
– Aliases
– User preferences
● Add the inetOrgPerson schema to LDAP entries
24. LDAP and Email - Client
● Demo: Thunderbird and LDAP
● Many other email clients support LDAP lookups
– Outlook, Outlook Express, Netscape, Pine, Eudora,
Evolution, SquirrelMail, Mac Mail, etc...
● Clients can use LDAP for other things besides
just address lookups
– ex. SquirrelMail (web mail) has a plugin to store
user preferences in LDAP.
25. LDAP and Email - Server
● Many email servers can integrate with LDAP
● Alias lookups (Postfix)
alias_maps = hash:/etc/aliases,
ldap:/etc/postfix/ldap-aliases.cf
(all on one line)
ldap-aliases.cf contains:
server_host = 192.168.139.128
sever_base = dc=eurooscon,dc=example,dc=com
● Now, Postfix can deliver to both local and LDAP
user mail aliases
26. LDAP and Email - Server
● Postfix expects a certain LDAP schema to
support this (these names are configurable)
dn: cn=Accounting Staff List, dc=my, dc=com
cn: Accounting Staff List
o: my.com
objectclass: maillist
mailacceptinggeneralid: accountingstaff
mailacceptinggeneralid: accounting-staff
maildrop: mylist-owner
maildrop: an-accountant
maildrop: some-other-accountant
maildrop: this, that, theother
27. LDAP and Email - Server
● Common usage is virtual mailboxes (e.g. ISP)
● Another common usage is to rewrite addresses
fran@eurooscon.example.com
to
Fran.Fabrizio@eurooscon.example.com
● Sendmail, Exim, Courier, Courier-IMAP, Cyrus,
uw-imap, and Qmail (and many others) all
support integration with LDAP to various
degrees
28. LDAP and Web-Based Resources
● Authenticate users to gain access to restricted
parts of web site
● mod_auth_ldap – Apache module
● User-based and group-based authentication
29. Using LDAP with Apache
● Apache 2.0 ships with mod_auth_ldap
● Restrict access to a directory with Location
<Location /protected>
AuthName “Protected Directory”
AuthType basic
AuthLDAPURL
ldap://ldap.cis.uab.edu:389/ou=People,dc=cis,dc
=uab,dc=edu
require valid-user
# OR require group membership instead
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
require group cn=admin,ou=group,
dc=eurooscon,dc=example,dc=com
</Location>
30. Using LDAP with Apache
● Demo: valid-user access
● Demo: group access
32. Fancy Filter Example
● Configuration for the demo...
<Location /ldapapplied>
AuthType basic
AuthName "LDAP Applied Attendees Only"
AuthLDAPURL
ldap://192.168.139.128/ou=people,dc=eurooscon,dc=example,d
c=com?uid??(comExampleEuroosconSession=LDAPApplied)
require valid-user
</Location>
33. Extending LDAP Schemas
● Last slide implies attribute
comExampleEuroosconSession with a value of
“LDAPApplied” exists for some users
● How'd that work? We extend the LDAP
Schema...
– Store information custom to your environment
34. local.schema
● We define a local schema for this attribute in a
file called local.schema:
attributetype (1.3.6.1.4.1.7341.999.2.1 NAME 'comExampleEuroosconSession'
DESC 'a session at EuroOSCON'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass (1.3.6.1.4.1.7341.999.1.1 NAME 'comExampleEuroosconAttendee'
DESC 'optional class to represent EuroOSCON sessions'
AUXILIARY
MAY comExampleEuroosconSession )
The “1.3.6.1.4.1.7341.999.2.1” is an OID, a unique LDAP object
identifier. More information available at http://www.iana.org/.
This one was taken from my workplace. You probably don't need
to use them, but I do just to be complete.
35. local.schema continued
● We tell the LDAP server to include this in its
known schemas
include /etc/openldap/schema/local.schema
● Now LDAP user entries can have:
– comExampleEuroosconAttendee - optional auxiliary
class
– comExampleEuroosconSession – optional attribute
within that class
36. LDAP and DNS
● Storing DNS tables in LDAP instead of flat files
● Bind, tinydns, PowerDNS and others support
this
● dnsZone structural object class
● zone2ldap tool with bind will convert flat files to
LDAP
40. LDAP and PHP
● PHP has an LDAP API
<?php
$ldap = ldap_connect('ldap.cis.uab.edu');
$result = ldap_bind($ldap);
$search=ldap_search($ldap,
“dc=cis,dc=uab,dc=edu”, “sn=Fabr*”);
$data = ldap_get_entries($ldap, $search);
$result = ldap_add(.....);
41. Programmatic LDAP - Others
● Java
– Support through the JNDI or JLDAP (openldap.org)
● C
– OpenLDAP's C API
● Ruby
– Ruby-ldap
● Python
– Python-ldap
42. LDAP and Relational Data
● Would be neat to do queries that link LDAP and
relational data
– Example: CIS Web Site
● dblink-ldap
– http://pgfoundry.org/projects/dblink-ldap/
– beta project to provide LDAP data as a table/view
within PostgreSQL
● Microsoft has OLE DB Provider for Directory
Services – access AD with SQL queries
44. Strategy 1: AD -is- LDAP
● Active Directory -is- an LDAP version 3 server
45. Strategy 1: AD -is- LDAP
● Active Directory -is- an LDAP version 3 server
● AD can import LDIF
– Ldifde.exe included with Windows Server 2003 and
supports batch LDIF operations
46. Strategy 1: AD -is- LDAP
● Active Directory -is- an LDAP version 3 server
● AD can import LDIF
– Ldifde.exe included with Windows Server 2003 and
supports batch LDIF operations
● Can also script from VBScript
47. Strategy 1: AD -is- LDAP
● Active Directory -is- an LDAP version 3 server
● AD can import LDIF
– Ldifde.exe included with Windows Server 2003 and
supports batch LDIF operations
● Can also script from VBScript
● AD4Unix is a plugin (sf.net/projects/ad4unix)
that adds Unix attributes to AD and manages
them through AD Users and Computers MMC.
48. Strategy 1: AD -is- LDAP
● Active Directory -is- an LDAP version 3 server
● AD can import LDIF
– Ldifde.exe included with Windows Server 2003 and
supports batch LDIF operations
● Can also script from VBScript
● AD4Unix is a plugin (sf.net/projects/ad4unix)
that adds Unix attributes to AD and manages
them through AD Users and Computers MMC.
● pam_ldap can auth against AD
49. Strategy 1: AD -is- LDAP
● This model can be expanded to allow pam_ldap
to update user passwords in AD
50. Strategy 1: AD -is- LDAP
● This model can be expanded to allow pam_ldap
to update user passwords in AD
● Additionally, nss_ldap can also talk to AD, but is
expecting Unix-like attributes for home dirs,
uid/gid, shells, etc...
– Installing MS's Services for Unix installs the NIS
server, which has the side effect of doing this for
you
– Or, extend the schema yourself – install
MKSADExtPlugin, and register the Active Directory
Schema MMC to set the option to allow schema
edits
52. Strategy 2: Migrate AD to LDAP
● ldifde.exe can export AD forest
● Unless you plan to use Kerberos authentication
with your LDAP server, you'll need to reset
users' passwords
53. Strategy 2: Migrate AD to LDAP
● ldifde.exe can export AD forest
● Unless you plan to use Kerberos authentication
with your LDAP server, you'll need to reset
users' passwords
● This will also require alteration of the LDIF that
Microsoft produces to be more Unix friendly
54. Strategy 2: Migrate AD to LDAP
● ldifde.exe can export AD forest
● Unless you plan to use Kerberos authentication
with your LDAP server, you'll need to reset
users' passwords
● This will also require alteration of the LDIF that
Microsoft produces to be more Unix friendly
● pGina can authenticate Windows clients against
Unix LDAP server
55. Strategy 2: pGina
● pGina is an open source replacement for
Microsoft's Gina (Graphical Identification and
Authentication)
56. Strategy 2: pGina
● pGina is an open source replacement for
Microsoft's Gina (Graphical Identification and
Authentication)
● Allows Windows clients to authenticate against
various sources via a plugin architecture
– including LDAP, of course
57. Strategy 2: pGina
● pGina is an open source replacement for
Microsoft's Gina (Graphical Identification and
Authentication)
● Allows Windows clients to authenticate against
various sources via a plugin architecture
– including LDAP, of course
● Highly customizable
58. Strategy 2: pGina
● pGina is an open source replacement for
Microsoft's Gina (Graphical Identification and
Authentication)
● Allows Windows clients to authenticate against
various sources via a plugin architecture
– including LDAP, of course
● Highly customizable
● Demo: pGina
59. Monitoring LDAP
● Reading LDAP logs
– Debug levels allow output of useful information
– /usr/sbin/slapd -d xxx
● 8 – connection management
● 32 – search filter processing
● 64 – config file processing
● 128 – access control list processing
● 256 – connections/operations/results
● additive – 288 is conn/ops/results and search filters
60. Managing LDAP
● Command line
– ldap* and slap* tools for OpenLDAP
● Scripting
● GQ – Simple GTK+/GTK2 GUI
– sf.net/projects/gqclient
● Webmin
– webmin.com
– LDAP Users and Groups plugin
● Demo: webmin
61. Other Uses of LDAP
● Samba authentication
– advantages over smbpasswd file
● Serving certificates
● Machine configurations
● Radius authentication
● Managing network printers
62. Conclusions
● LDAP can consolidate many administrative
tasks
● LDAP is optimized for reads and will be faster
than SQL for simple reads
● LDAP can improve scalability – all mail servers
in organization can use same data store, for
instance
● Once in place, LDAP can often be reapplied to
solve new problems
63. For More Information
● www.openldap.org
● PADL.com
– pam_ldap
– nss_ldap
– MigrationTools
● Book: LDAP System Administration by Gerald
Carter, published by O'Reilly
– More detail about a lot of these ideas is found there
64. Thank You
● Thanks for coming!
● My contact information is:
Fran Fabrizio
fran@cis.uab.edu
http://www.cis.uab.edu/fran/
● Feel free to email any questions you may have,
or catch me at the conference for the rest of the
week!