SlideShare a Scribd company logo

Ldap introduction (eng)

Anatoliy Okhotnikov
Anatoliy Okhotnikov

This document provides an overview of LDAP (Lightweight Directory Access Protocol). It discusses what directory services are, the need for LDAP to centralize user information, and some key LDAP concepts like its data model, schemas, and LDIF format. It also covers setting up an OpenLDAP server, including configuration, indexing, access control, and integration with other LDAP tools and applications.

Technology
1 of 23
Download to read offline
LDAP ● What is Directory Services ● The need for LDAP ● LDAP Overview and Basics ● Setting up and tunning OpenLDAP ● Other LDAP tools and applications
What is Directory Services ● Similar to database but designed more for reading than for writing ● Defines a network protocol for accessing contents of the directory ● Scheme for replication of data ● Directory Service examples: DNS, finger, password DB ● LDAP is a 'Lightweight Directory Access Protocol'
The need for LDAP ● Multiple disparate sources of the same information ● Users need separate logins and passwords to login to different systems ● Complex to keep information in sync ● Similar data spread around many flat files or in database with different formats ● Inadequacies of NIS ie. Not very extensible ● X.500 is too complicated Summarizing the above: Centralization, Integration and Delegating Responsibility
LDAP Overview ● LDAP is a ‘Lightweight Directory Access Protocol’ ● LDAP marries a lightweight DAP with the X.500 information model ● Uses an extensible hierarchical object data model ● An LDAP server may implement multiple ‘back-ends’: RDBMS, simple indexes (Berkeley DB), X.500 gateway ● Designed for frequent reads and infrequent writes
LDAP Benefits ● Standardized schemas exist for many purposes (well beyond that of NIS) ● Allows consolidation of many information sources ● Well defined API, support from many applications ● Easily replicated and distributed ● Multiple backends allow integration with existing data sources (RDBMS, etc) ● Much faster than RDBMS (using lightweight backend like Berkeley DB)
LDAP Basics ● Data is organised into an hierarchical tree ● Each ‘entry’ (tree node) is identified by a DN (distinguished name) e.g. uid=aokhotnikov,ou=People,ou=Users,dc=ldap,dc=sjua ● Each component of a DN is called an RDN (relative DN) and represents a branch in the tree ● The RDN must be unique within the nodes at the same level of the tree (is generally equivalent to one of the attributes ie. ‘uid’ or ‘cn’ in the case of a person) ● Each node has 1 or many attribute values associated with it. Each attribute can have 1 or many values
LDAP Basics (cont.) ● ‘objectClass’ is a mandatory attribute which specifies the schema (attribute constraints) for the given node ● Multiple ‘objectClass’ attributes can be combined together to achieve inheritance ● Example ‘objectClass’ (common schema) attributes: dcObject, organizationalUnit, person, organizationalPerson, inetOrgPerson, inetLocalMailRecipient ● CN (Canonical Name) is another common attribute used to provide a unique name for a directory object
LDAP Schemas ● Many standard schemas exist including: – People schemas - person, organisationalPerson, inetOrgPerson, posixAccount, mailLocalRecpient, strongAuthenticationUser – Group schemas – groupOfUniqueNames, posixGroup, organisationalRole, roleMember – Host / Network schemas – domain, ipHost, ipNetwork, ipProtocol, ipService, ieee802Device, bootableDevice ● An invaluable schema repository from Alan Knowles at the Hong Kong Linux Centre: – http://ldap.akbkhome.com/
LDIF File Format ● LDIF (LDAP Data Interchange Format) is used to import/export from a LDAP directory server and run updates dn: cn=GForge Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua objectClass: inetOrgPerson objectClass: posixAccount objectClass: top givenName: GForge Admin sn: User cn: GForge Admin User uid: gforgeadmin userPassword: {MD5}6z8f1uQp3reOfghTFrecJQ== uidNumber: 1000 gidNumber: 544 homeDirectory: /opt/gforge5 mail: acidumirae@gmail.com
Custom Schemas ● LDAP schemas uses SNMP style OIDs (Object Ids) for uniquely defining schema elements ● Apply for IANA enterprise number here: – http://www.iana.org/cgi-bin/enterprise.pl ● Private enterprise number OID prefix is 1.3.6.1.4.1 eg. Metaparadigm uses 1.3.6.1.4.1.11137 ● Information on custom schemas can be found here: – http://www.openldap.org/doc/admin/schema.html
Linux LDAP Servers ● OpenLDAP is the primary open-source LDAP implementation based on Univ. Michigan LDAP http://www.openldap.org/ ● Sun provides the iPlanet Directory Server/Sun One Java DS ● Oracle provides an LDAP server using an Oracle database backend ● Many others available (Novell DS, Fedora DS, Apache DS, OpenDS, Innosoft, etc.) ● Linux can also integrate with LDAP servers running on other platforms such as Microsoft Active Directory or Novell eDirectory
Commercial LDAP Servers ● Novell eDirectory ● CA Directory ● Sun One Identity Server ● Lotus Domino ● Microsoft Active Directory ● Nexor Directory ● Apple Open Directory ● View 500 ● Siemens DirX ● Isode's M-Vault ● Oracle Internet Directory ● aeSLAPD ● IBM Tivoli Directory ● ... http://www.paldap.org/ldap-server-software
Scalability and Fault Tolerance ● OpenLDAP supports real-time directory replication to provide load-balancing and high availability ● OpenLDAP supports single master, multiple slaves ● Most LDAP aware applications can be configured to use multiple LDAP servers (providing fallback servers) ● Multiple master support is in the works (currently alpha) ● OpenLDAP can be integrated with ‘heartbeat’ and ‘mon’ to provide fault tolerance http://www.linux-ha.org/
Setting up OpenLDAP ● Configuration is located in: /etc/openldap/slapd.conf ● We need to include the schemas we are using include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/samba.schema ● Next we specify a database database hdb suffix "dc=ldap,dc=sjua" rootdn "cn=admin,dc=ldap,dc=sjua" rootpw {SSHA}IrKtxIFV+2UbdD8JiL5ZuTsAx/cPuN2h directory /var/lib/ldap
Setting up OpenLDAP (cont.) ● We can now start slapd (Standalone LDAP daemon) # /etc/init.d/ldap start ● Next step is to add data to the directory using the LDIF example presented earlier # ldapadd -D cn=admin,dc=ldap,dc=sjua -W < init.ldif Enter LDAP Password: xxxxx adding new entry "dc=ldap,dc=sjua" adding new entry "ou=WebAdmin,ou=Users,dc=ldap,dc=sjua" adding new entry "uid=gfrogeadmin,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"
Tunning OpenLDAP ● We need to add additional indexes for performance index objectclass eq index cn pres,sub,eq index sn pres,sub,eq ## required to support pdb_getsampwnam index uid pres,sub,eq ## required to support pdb_getsambapwrid() index displayName pres,sub,eq index uidNumber eq index gidNumber eq index loginShell eq index memberUid eq index uniqueMember eq,pres ● We need to add ACLs for security access to attr=userPassword by self write by anonymous auth by * none access to dn="" by * read access to * by self write by users read by anonymous auth
Tunning OpenLDAP (cont.) ● Setup logging in syslog.conf (default is LOCAL4) local4.* /var/log/sldap.log ● Make sure ‘slapd’ runs as non privileged user ● Make ‘slapd’ bind to SSL port for security – need signed certificates with openSSL and modify slapd.conf TLSCertificateFile /etc/openldap/ldap.sjua.cer TLSCertificateKeyFile /etc/openldap/ldap.sjua.key – modify init script to bind to SSL port /usr/libexec/slapd -h 'ldap://ldap.metaparadigm.com/ ldaps://ldap.metaparadigm.com/' -l LOCAL4 -u ldap -g ldap
LDAP Search Filters ● LDAP uses a simple ‘search filters’ syntax (RFC2254) ● LDAP queries return all attributes of matching entries (or specifically selected attributes) which match the search filter LDAP query particles are enclosed within parenthesis in the form of ( attribute <matching rule> value ) ie. (cn=GForge Admin User) ● Matching rules include (=, =~, >=, <=) ● * can be used as a wildcard within the value ● These can be combined together using the boolean operators: and, or and not (&, |, !) eg: – (&(cn=GForge Admin User)(objectClass=posixAccount)) – (&(objectClass=inetOrgPerson)(!(ou=People))) – (|(cn=GForge Admin*)(cn=GForge*))
LDAP Search Filters (cont.) ● The following example ldap search retrieves the names and email address of all users with a givenname of ‘Gforge Admin’ or ‘Orange Admin’ ldapsearch -xLLL -h ldap.sjua -b ou=Users,dc=ldap,dc=sjua '(&(|(givenname=GForge Admin)(givenname=Orange Admin))(ob- jectClass=inetOrgPerson))' cn mail dn: cn=GForge Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua cn: GForge Admin User mail: acidumirae@gmail.com dn: cn=Orange Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua cn: Orange Admin User mail: aokhotnikov@softjourn.com ● Very easy to incorporate this into shell scripts with awk or sed
LDAP Applications ● Authenticate users in web applications (OrangeHRM, gForge, DokuWiki, etc.) ● Authenticate users in Samba, Apache, ProFTPd, etc. ● Possible NSS (Name Service Switch) integration ● Possible PAM (Pluggable Authentication Module) ● Possible mail routing: Sendmail, Postfix, etc. ● Shared Address Book (Evolution, Mozilla, Outlook, Eudora, web clients, etc.) ● Programming Libraries (Perl, Java, PHP, etc.)
LDAP Browsers and Editors ● Directory Administrator http://diradmin.open-it.org ● GQ http://biot.com/gq/ ● Java LDAP Browser http://www.iit.edu/~gawojar/ldap/ ● phpLDAPadmin http://phpldapadmin.sf.net/
Migration to LDAP ● Padl migration tools – http://www.padl.com/OSS/MigrationTools.html – passwd, group, hosts, networks, services, etc… ● We have migrated users from OrangeHRM using custom PHP scrip that was generating LDIF files – some issues with Samba – NTPassword is MD4 – minor issues with gForge – multiple installations(dirty database)
Resources ● OpenLDAP: http://openldap.org ● Practical LDAP from Metaparadigm Pte Ltd. http://gort.metaparadigm.com/ldap/ ● Ubuntu Documentation: OpenLDAP Server https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html ● Ubuntu Documentation: Samba and LDAP https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html ● Introduction to LDAP and Single Sign-On http://tapor.ualberta.ca/Resources/Techdocs/completed/ldappresentation.pdf ● LDAP and Directory Services http://ldap.mtu.edu/docs/public/mtu_dsinfo/techiefest/techiefest_files/v3_document.htm

Recommended

Ldap intro
Ldap introLdap intro
Ldap introyousry ibrahim
 
LDAP
LDAPLDAP
LDAP
Khemnath Chauhan
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
Cynoteck Technology Solutions Private Limited
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)
Amazon Web Services
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
DEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIDEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLI
Amazon Web Services
 
Deep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceDeep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line Interface
Amazon Web Services
 

Recommended

Ldap intro
Ldap introLdap intro
Ldap introyousry ibrahim
 
LDAP
LDAPLDAP
LDAP
Khemnath Chauhan
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
Cynoteck Technology Solutions Private Limited
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)Deep Dive on Amazon RDS (Relational Database Service)
Deep Dive on Amazon RDS (Relational Database Service)
Amazon Web Services
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
DEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIDEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLI
Amazon Web Services
 
Deep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceDeep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line Interface
Amazon Web Services
 
Event driven autoscaling with KEDA
Event driven autoscaling with KEDAEvent driven autoscaling with KEDA
Event driven autoscaling with KEDA
Nilesh Gule
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana
Dhrubaji Mandal ♛
 
BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS Glue
Amazon Web Services
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Nagios
NagiosNagios
Nagios
guest7e7e305
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
Rico Chen
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
Edureka!
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
Opsta
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
Amazon Web Services Korea
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
Amazon Web Services
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
Docker, Inc.
 
Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentationcyberleon95
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
S. Hasnain Raza
 

More Related Content

What's hot

Event driven autoscaling with KEDA
Event driven autoscaling with KEDAEvent driven autoscaling with KEDA
Event driven autoscaling with KEDA
Nilesh Gule
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana
Dhrubaji Mandal ♛
 
BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS Glue
Amazon Web Services
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Nagios
NagiosNagios
Nagios
guest7e7e305
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
nelmedia
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
Rico Chen
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
Edureka!
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
Opsta
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
Amazon Web Services Korea
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
Amazon Web Services
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
Docker, Inc.
 
Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 

What's hot (20)

Event driven autoscaling with KEDA
Event driven autoscaling with KEDAEvent driven autoscaling with KEDA
Event driven autoscaling with KEDA
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana
 
BDA311 Introduction to AWS Glue
BDA311 Introduction to AWS GlueBDA311 Introduction to AWS Glue
BDA311 Introduction to AWS Glue
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPA
 
Nagios
NagiosNagios
Nagios
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
AWS Finance Symposium_금융권을 위한 hybrid 클라우드 도입 첫걸음
 
Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS)
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Terraform
TerraformTerraform
Terraform
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 

Viewers also liked

LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentationcyberleon95
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
S. Hasnain Raza
 
The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap Protocol
Glen Plantz
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory Services
Radovan Semancik
 
WebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPWebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAP
LINAGORA
 
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Paris, France
 
Ldap
LdapLdap
Ldap
Bruno Bonfils
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing time
Deepak John
 
Jenkins CI (ukr)
Jenkins CI (ukr)Jenkins CI (ukr)
Jenkins CI (ukr)
Anatoliy Okhotnikov
 
Php web app security (eng)
Php web app security (eng)Php web app security (eng)
Php web app security (eng)
Anatoliy Okhotnikov
 
iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)
Anatoliy Okhotnikov
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
Anatoliy Okhotnikov
 
ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)
Anatoliy Okhotnikov
 
Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)
Anatoliy Okhotnikov
 
ITIL (ukr)
ITIL (ukr)ITIL (ukr)
ITIL (ukr)
Anatoliy Okhotnikov
 
Debug (ukr)
Debug (ukr)Debug (ukr)
Debug (ukr)
Anatoliy Okhotnikov
 
Php unit (eng)
Php unit (eng)Php unit (eng)
Php unit (eng)
Anatoliy Okhotnikov
 
LDAP
LDAPLDAP
LDAP
Chandanapriya Sathavalli
 
Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Ashutosh Jaiswal
 

Viewers also liked (20)

LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentation
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
 
The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap Protocol
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory Services
 
WebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPWebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAP
 
OpenDS - Open Source Java LDAP server
OpenDS - Open Source Java LDAP serverOpenDS - Open Source Java LDAP server
OpenDS - Open Source Java LDAP server
 
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
 
Ldap
LdapLdap
Ldap
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing time
 
Jenkins CI (ukr)
Jenkins CI (ukr)Jenkins CI (ukr)
Jenkins CI (ukr)
 
Php web app security (eng)
Php web app security (eng)Php web app security (eng)
Php web app security (eng)
 
iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
 
ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)
 
Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)
 
ITIL (ukr)
ITIL (ukr)ITIL (ukr)
ITIL (ukr)
 
Debug (ukr)
Debug (ukr)Debug (ukr)
Debug (ukr)
 
Php unit (eng)
Php unit (eng)Php unit (eng)
Php unit (eng)
 
LDAP
LDAPLDAP
LDAP
 
Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot
 

Similar to Ldap introduction (eng)

LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)
Fran Fabrizio
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
Wildan Maulana
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 
ivanova-samba_backend.pdf
ivanova-samba_backend.pdfivanova-samba_backend.pdf
ivanova-samba_backend.pdf
OrlandoJesusFigueroa
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
Clément OUDOT
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
ShanmugapriyaSenthil3
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
rezgui
 
Slaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverSlaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP server
ESUG
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
InSync Conference
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
Perforce
 
LDAP
LDAPLDAP
LDAP
Lokesh Kumar N
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
MongoDB
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
Vinaykumar Hebballi
 
Introduction to Apache Spark
Introduction to Apache SparkIntroduction to Apache Spark
Introduction to Apache Spark
Rahul Jain
 
PostgreSQL - Object Relational Database
PostgreSQL - Object Relational DatabasePostgreSQL - Object Relational Database
PostgreSQL - Object Relational Database
Mubashar Iqbal
 
Apache Spark on HDinsight Training
Apache Spark on HDinsight TrainingApache Spark on HDinsight Training
Apache Spark on HDinsight Training
Synergetics Learning and Cloud Consulting
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-s
Kalin Chernev
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
Rahul Jain
 

Similar to Ldap introduction (eng) (20)

LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
 
ivanova-samba_backend.pdf
ivanova-samba_backend.pdfivanova-samba_backend.pdf
ivanova-samba_backend.pdf
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
 
Ldapsession
LdapsessionLdapsession
Ldapsession
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
 
Slaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverSlaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP server
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
 
LDAP
LDAPLDAP
LDAP
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
 
Introduction to Apache Spark
Introduction to Apache SparkIntroduction to Apache Spark
Introduction to Apache Spark
 
PostgreSQL - Object Relational Database
PostgreSQL - Object Relational DatabasePostgreSQL - Object Relational Database
PostgreSQL - Object Relational Database
 
Apache Spark on HDinsight Training
Apache Spark on HDinsight TrainingApache Spark on HDinsight Training
Apache Spark on HDinsight Training
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-s
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
 

More from Anatoliy Okhotnikov

Agile (IF PM Group) v2
Agile (IF PM Group) v2Agile (IF PM Group) v2
Agile (IF PM Group) v2
Anatoliy Okhotnikov
 
Xdebug (ukr)
Xdebug (ukr)Xdebug (ukr)
Xdebug (ukr)
Anatoliy Okhotnikov
 
User story workflow (eng)
User story workflow (eng)User story workflow (eng)
User story workflow (eng)
Anatoliy Okhotnikov
 
Unit testing (eng)
Unit testing (eng)Unit testing (eng)
Unit testing (eng)
Anatoliy Okhotnikov
 
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Anatoliy Okhotnikov
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
Anatoliy Okhotnikov
 
ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)
Anatoliy Okhotnikov
 
Db design (ukr)
Db design (ukr)Db design (ukr)
Db design (ukr)
Anatoliy Okhotnikov
 
Continuous integration (eng)
Continuous integration (eng)Continuous integration (eng)
Continuous integration (eng)
Anatoliy Okhotnikov
 
Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)
Anatoliy Okhotnikov
 

More from Anatoliy Okhotnikov (10)

Agile (IF PM Group) v2
Agile (IF PM Group) v2Agile (IF PM Group) v2
Agile (IF PM Group) v2
 
Xdebug (ukr)
Xdebug (ukr)Xdebug (ukr)
Xdebug (ukr)
 
User story workflow (eng)
User story workflow (eng)User story workflow (eng)
User story workflow (eng)
 
Unit testing (eng)
Unit testing (eng)Unit testing (eng)
Unit testing (eng)
 
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
 
ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)
 
Db design (ukr)
Db design (ukr)Db design (ukr)
Db design (ukr)
 
Continuous integration (eng)
Continuous integration (eng)Continuous integration (eng)
Continuous integration (eng)
 
Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)
 

Recently uploaded

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

Ldap introduction (eng)

  • 1. LDAP ● What is Directory Services ● The need for LDAP ● LDAP Overview and Basics ● Setting up and tunning OpenLDAP ● Other LDAP tools and applications
  • 2. What is Directory Services ● Similar to database but designed more for reading than for writing ● Defines a network protocol for accessing contents of the directory ● Scheme for replication of data ● Directory Service examples: DNS, finger, password DB ● LDAP is a 'Lightweight Directory Access Protocol'
  • 3. The need for LDAP ● Multiple disparate sources of the same information ● Users need separate logins and passwords to login to different systems ● Complex to keep information in sync ● Similar data spread around many flat files or in database with different formats ● Inadequacies of NIS ie. Not very extensible ● X.500 is too complicated Summarizing the above: Centralization, Integration and Delegating Responsibility
  • 4. LDAP Overview ● LDAP is a ‘Lightweight Directory Access Protocol’ ● LDAP marries a lightweight DAP with the X.500 information model ● Uses an extensible hierarchical object data model ● An LDAP server may implement multiple ‘back-ends’: RDBMS, simple indexes (Berkeley DB), X.500 gateway ● Designed for frequent reads and infrequent writes
  • 5. LDAP Benefits ● Standardized schemas exist for many purposes (well beyond that of NIS) ● Allows consolidation of many information sources ● Well defined API, support from many applications ● Easily replicated and distributed ● Multiple backends allow integration with existing data sources (RDBMS, etc) ● Much faster than RDBMS (using lightweight backend like Berkeley DB)
  • 6. LDAP Basics ● Data is organised into an hierarchical tree ● Each ‘entry’ (tree node) is identified by a DN (distinguished name) e.g. uid=aokhotnikov,ou=People,ou=Users,dc=ldap,dc=sjua ● Each component of a DN is called an RDN (relative DN) and represents a branch in the tree ● The RDN must be unique within the nodes at the same level of the tree (is generally equivalent to one of the attributes ie. ‘uid’ or ‘cn’ in the case of a person) ● Each node has 1 or many attribute values associated with it. Each attribute can have 1 or many values
  • 7. LDAP Basics (cont.) ● ‘objectClass’ is a mandatory attribute which specifies the schema (attribute constraints) for the given node ● Multiple ‘objectClass’ attributes can be combined together to achieve inheritance ● Example ‘objectClass’ (common schema) attributes: dcObject, organizationalUnit, person, organizationalPerson, inetOrgPerson, inetLocalMailRecipient ● CN (Canonical Name) is another common attribute used to provide a unique name for a directory object
  • 8. LDAP Schemas ● Many standard schemas exist including: – People schemas - person, organisationalPerson, inetOrgPerson, posixAccount, mailLocalRecpient, strongAuthenticationUser – Group schemas – groupOfUniqueNames, posixGroup, organisationalRole, roleMember – Host / Network schemas – domain, ipHost, ipNetwork, ipProtocol, ipService, ieee802Device, bootableDevice ● An invaluable schema repository from Alan Knowles at the Hong Kong Linux Centre: – http://ldap.akbkhome.com/
  • 9. LDIF File Format ● LDIF (LDAP Data Interchange Format) is used to import/export from a LDAP directory server and run updates dn: cn=GForge Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua objectClass: inetOrgPerson objectClass: posixAccount objectClass: top givenName: GForge Admin sn: User cn: GForge Admin User uid: gforgeadmin userPassword: {MD5}6z8f1uQp3reOfghTFrecJQ== uidNumber: 1000 gidNumber: 544 homeDirectory: /opt/gforge5 mail: acidumirae@gmail.com
  • 10. Custom Schemas ● LDAP schemas uses SNMP style OIDs (Object Ids) for uniquely defining schema elements ● Apply for IANA enterprise number here: – http://www.iana.org/cgi-bin/enterprise.pl ● Private enterprise number OID prefix is 1.3.6.1.4.1 eg. Metaparadigm uses 1.3.6.1.4.1.11137 ● Information on custom schemas can be found here: – http://www.openldap.org/doc/admin/schema.html
  • 11. Linux LDAP Servers ● OpenLDAP is the primary open-source LDAP implementation based on Univ. Michigan LDAP http://www.openldap.org/ ● Sun provides the iPlanet Directory Server/Sun One Java DS ● Oracle provides an LDAP server using an Oracle database backend ● Many others available (Novell DS, Fedora DS, Apache DS, OpenDS, Innosoft, etc.) ● Linux can also integrate with LDAP servers running on other platforms such as Microsoft Active Directory or Novell eDirectory
  • 12. Commercial LDAP Servers ● Novell eDirectory ● CA Directory ● Sun One Identity Server ● Lotus Domino ● Microsoft Active Directory ● Nexor Directory ● Apple Open Directory ● View 500 ● Siemens DirX ● Isode's M-Vault ● Oracle Internet Directory ● aeSLAPD ● IBM Tivoli Directory ● ... http://www.paldap.org/ldap-server-software
  • 13. Scalability and Fault Tolerance ● OpenLDAP supports real-time directory replication to provide load-balancing and high availability ● OpenLDAP supports single master, multiple slaves ● Most LDAP aware applications can be configured to use multiple LDAP servers (providing fallback servers) ● Multiple master support is in the works (currently alpha) ● OpenLDAP can be integrated with ‘heartbeat’ and ‘mon’ to provide fault tolerance http://www.linux-ha.org/
  • 14. Setting up OpenLDAP ● Configuration is located in: /etc/openldap/slapd.conf ● We need to include the schemas we are using include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/samba.schema ● Next we specify a database database hdb suffix "dc=ldap,dc=sjua" rootdn "cn=admin,dc=ldap,dc=sjua" rootpw {SSHA}IrKtxIFV+2UbdD8JiL5ZuTsAx/cPuN2h directory /var/lib/ldap
  • 15. Setting up OpenLDAP (cont.) ● We can now start slapd (Standalone LDAP daemon) # /etc/init.d/ldap start ● Next step is to add data to the directory using the LDIF example presented earlier # ldapadd -D cn=admin,dc=ldap,dc=sjua -W < init.ldif Enter LDAP Password: xxxxx adding new entry "dc=ldap,dc=sjua" adding new entry "ou=WebAdmin,ou=Users,dc=ldap,dc=sjua" adding new entry "uid=gfrogeadmin,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"
  • 16. Tunning OpenLDAP ● We need to add additional indexes for performance index objectclass eq index cn pres,sub,eq index sn pres,sub,eq ## required to support pdb_getsampwnam index uid pres,sub,eq ## required to support pdb_getsambapwrid() index displayName pres,sub,eq index uidNumber eq index gidNumber eq index loginShell eq index memberUid eq index uniqueMember eq,pres ● We need to add ACLs for security access to attr=userPassword by self write by anonymous auth by * none access to dn="" by * read access to * by self write by users read by anonymous auth
  • 17. Tunning OpenLDAP (cont.) ● Setup logging in syslog.conf (default is LOCAL4) local4.* /var/log/sldap.log ● Make sure ‘slapd’ runs as non privileged user ● Make ‘slapd’ bind to SSL port for security – need signed certificates with openSSL and modify slapd.conf TLSCertificateFile /etc/openldap/ldap.sjua.cer TLSCertificateKeyFile /etc/openldap/ldap.sjua.key – modify init script to bind to SSL port /usr/libexec/slapd -h 'ldap://ldap.metaparadigm.com/ ldaps://ldap.metaparadigm.com/' -l LOCAL4 -u ldap -g ldap
  • 18. LDAP Search Filters ● LDAP uses a simple ‘search filters’ syntax (RFC2254) ● LDAP queries return all attributes of matching entries (or specifically selected attributes) which match the search filter LDAP query particles are enclosed within parenthesis in the form of ( attribute <matching rule> value ) ie. (cn=GForge Admin User) ● Matching rules include (=, =~, >=, <=) ● * can be used as a wildcard within the value ● These can be combined together using the boolean operators: and, or and not (&, |, !) eg: – (&(cn=GForge Admin User)(objectClass=posixAccount)) – (&(objectClass=inetOrgPerson)(!(ou=People))) – (|(cn=GForge Admin*)(cn=GForge*))
  • 19. LDAP Search Filters (cont.) ● The following example ldap search retrieves the names and email address of all users with a givenname of ‘Gforge Admin’ or ‘Orange Admin’ ldapsearch -xLLL -h ldap.sjua -b ou=Users,dc=ldap,dc=sjua '(&(|(givenname=GForge Admin)(givenname=Orange Admin))(ob- jectClass=inetOrgPerson))' cn mail dn: cn=GForge Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua cn: GForge Admin User mail: acidumirae@gmail.com dn: cn=Orange Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua cn: Orange Admin User mail: aokhotnikov@softjourn.com ● Very easy to incorporate this into shell scripts with awk or sed
  • 20. LDAP Applications ● Authenticate users in web applications (OrangeHRM, gForge, DokuWiki, etc.) ● Authenticate users in Samba, Apache, ProFTPd, etc. ● Possible NSS (Name Service Switch) integration ● Possible PAM (Pluggable Authentication Module) ● Possible mail routing: Sendmail, Postfix, etc. ● Shared Address Book (Evolution, Mozilla, Outlook, Eudora, web clients, etc.) ● Programming Libraries (Perl, Java, PHP, etc.)
  • 21. LDAP Browsers and Editors ● Directory Administrator http://diradmin.open-it.org ● GQ http://biot.com/gq/ ● Java LDAP Browser http://www.iit.edu/~gawojar/ldap/ ● phpLDAPadmin http://phpldapadmin.sf.net/
  • 22. Migration to LDAP ● Padl migration tools – http://www.padl.com/OSS/MigrationTools.html – passwd, group, hosts, networks, services, etc… ● We have migrated users from OrangeHRM using custom PHP scrip that was generating LDIF files – some issues with Samba – NTPassword is MD4 – minor issues with gForge – multiple installations(dirty database)
  • 23. Resources ● OpenLDAP: http://openldap.org ● Practical LDAP from Metaparadigm Pte Ltd. http://gort.metaparadigm.com/ldap/ ● Ubuntu Documentation: OpenLDAP Server https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html ● Ubuntu Documentation: Samba and LDAP https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html ● Introduction to LDAP and Single Sign-On http://tapor.ualberta.ca/Resources/Techdocs/completed/ldappresentation.pdf ● LDAP and Directory Services http://ldap.mtu.edu/docs/public/mtu_dsinfo/techiefest/techiefest_files/v3_document.htm