7/21/2019 Ldap Light Weight Directory Access Protocol http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 1/30 LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL • PRESENTATION BY ALAKESH APURVA DHAN AND ASH
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 1/30
LDAPLIGHT WEIGHT DIRECTORY
ACCESS PROTOCOL• PRESENTATION BY ALAKESH
APURVA DHAN AND ASH
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 2/30
WHAT IS LDAP
• LDAP IS LIGHT WEIGHT• SUFFICIENT STRAIGHT FORWARD• EASY TO IMPLEMENT AS AGAINST
X.500 DAP WHICH IS HEAVYWEIGHT
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 3/30
LDAP
• DIRECTORY BECAUSE DATA ISORGANISED IN THE FORM OF TREEMUCH LIKE UNIX FILE SYSTEM
• USES SIMPLIFIED SET OFENCODING
• RUNS DIRECTLY ABOVE TCP/IP• USES STRING TO REPRESENT DATA
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 4/30
LDAP
• LDAP SECURITY MODEL : DEFINESHOW INFORMATION CAN BEPROTECTED FROM UNAUTHORISEDACCESS
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 5/30
LDAP
• LDAP API• THERE ARE SEVERAL LDAP API
APPLICATION PROGRAMMINGINTERFACE OLDEST ONES WRITTENIN C
• NOW A DAYS LDAP API S AREAVAILABLE IN OTHER PROGRAMMINGLANGUAGES LIKE PERL JAVA
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 6/30
HOW LDAP WORKS
• LDAP DIRECTORY SERVICE IS BASEDON CLIENT SERVER MODEL
• LDAP IS A MESSAGE ORIENTEDPROTOCOL
• CLIENT CONSTRUCTS AN LDAPMESSAGE CONTAINING A RE UESTAND SENDS IT TO THE SERVER
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 7/30
HOW LDAP WORKS
• SERVER PROCESSES THERE UEST AND SENDS IT BACK TO
THE CLIENT IN THE FORM OF LDAPMESSAGE
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 8/30
LDAP BACKENDS
• THE BASIC DAEMON PROCESS THAT RUNS ON THE LDAP SERVERCALLED SLAPD COMES WITH
THREE DIFFERENT BACKENDDATABASES
• WE ASSUME THAT IN OUR CASEWE USE LDBM THE MOST USEDONE
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 9/30
HOW LDAP WORKS
• LDAP DATABASE WORKS BYADDING A COMPACT FOUR BYTEUNI UE IDENTIFIER
• INDEX FILES ARE MAINTAINED FORREFERRING TO DATA
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 10/30
LDAP PROTOCOLOPERATION• INTERROGATION OPERATION :
SEARCH ! COMPARE• ADD DELETE OPERATOIN :
ADD ! DELETE ! MODIFY ! MODIFY
DN• AUTHENTICATION AND CONTROLOPERATION :
BIND ! UNBIND ! ABANDON
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 11/30
LDAP INFORMATIONMODEL
• BASIC UNIT IS ENTRY " ACOLLECTION OF INFORMATIONABOUT AN OBJECT #
• AN ENTRY IS COMPOSED OF ASET OF ATTRIIBUTES
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 12/30
LDIF
• LDIF STANDS FOR LDAP DATAINTERCHANGE FORMAT
• DIRECTORY ENTRIES IN LDAP AREIN THE FORM OF LDIF
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 13/30
LDIF FORMAT
• BASIC FORM OF LDIF :$COMMENT
DN: %DISTINGUSHEDNAME& %ATTRDESC&:%ATTRVALUE& %ATTRDESC&:
%ATTRVALUE& '..• EXAMPLE : DN:UID(ALAKESH DC(IIT DC(EDU
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 14/30
LDAP
• IN ADDITION TO BEING A NETWORKPROTOCOL IT ALSO DEFINES FOUR
MODELS• LDAP INFORMATION MODEL :
DEFINES THE KIND OF DATA U PUT
• LDAP NAMING MODEL : HOW UORGANISE AND REFER TODIRECTORY INFORMATION
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 15/30
LDIF FORMAT
• LINES STARTING WITH $ ARECONSIDERED TO BE COMMENTS
• ALL OTHER ATTRIBUTES AREWRITTEN IN %ATTRDESC & (%VALUE& FORM
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 16/30
LDIF
• EACH ENTRY IS UNI UELY IDENTIFIED BY ADISTINIGUISHED NAME OR DN . THE DNCONSISTS OF THE NAME OF THE ENTRYPLUS A PATH IN THE DIRECTORY TREE
TRACING BACK TO THE TOP OF THEDIRECTORY HIERARCHY
• THE OBJECT CLASS DEFINES THE CLASS OF THE ATTRIBUTES THAT CAN BE USED TODEFINE AN ENTRY
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 17/30
LDIF
• DIRECTORY DATA ISREPRESENTED AS ATTRIBUTE)VALUE PAIR . ANY SPECIFICPIECE OF INFORMATION ISASSOSICATED WITH A
DESCRIPTIVE ATTRIBUTE
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 18/30
LDAP CONFIGURATION
• THE CONFIGURATION FILESLAPD.OC.CONF CONTAINS THEDEFINITION OF ALL THE OBJECTCLASSES
• THE ATTRIBUTES OF THE OBJECT
CLASSES ARE DEFINED INSLAPD.AT.CONF FILE
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 19/30
LDAP CONFIGURATION
• EACH OBJECT CLASS HASRE UIRED AND ALLOWEDATTRIBUTE
• RE UIRED ATTRIBUTES MUST BEPRESENT WHILE ALLOWED ARE
OPTIONAL
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 20/30
LDAP CONFIGURATION
• EACH ATTRIBUTE HASCORRESPONDING SYNTAXDEFINITION
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 21/30
LDAP ACCESS CONTROL
• ACCESS TO %WHAT& * BY %WHO&%ACCESS LEVEL& %CONTROL& +
• THIS DIRECTIVE GRANTS ACCESS TO A SET OF ENTRIES/ATTRIBUTESBY ONE OR MORE RE UESTERS
• EXAMPLE : ACCESS TO , BY ,READ
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 22/30
LDAP ACCESS CONTROL
• THE ABOVE DIRECTIVE GIVESREAD PERMISSION TO EVERYONE
• FOR EXAMPLE ACCESS TODN(- . , ! C(INDIA BY , SEARCH
GIVES SEARCHING PERMS TOENTRIES UNDER C(INDIA SUBTREE
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 23/30
LDAPADD
• OPENLDAP PACKAGE COMESWITH SHELL EXECUTABLENAMED LDAPADD USED TO ADDENTRIES TO THE DATABASEWHILE LDAP SERVER IS RUNNING
• BASIC SYNTAX ISLDAPADD )F %DATAFILE& )D%DN& ) %PASSWD& / )W " IF
PASSWORD IS TO BE PROMPTED .
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 24/30
LDAPDELETE
• ANOTHER SHELL EXECUTABLEFOR DELETING ENTRIES
• ITS SYNTAX ISLDAPDELETE
CN(HI!O(IITB!C(INDIA1
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 25/30
LDAPMODIFY
• ITS ANOTHER SHELLEXECUTABLE TO MODIFY DATA IN
THE DIRECTORY DATABASE
• IT HAS SIMILAR SYNTAX TOLDAPADD
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 26/30
LDAPSEARCH
• SHELL ACCESSIBLE INTERFACE TOLDAP2SEARCH"# C ROUTINE
• LDAPSEARCH OPENS CONNECTION TO THE LDAPSERVER PERFORMSSEARCH WHICH FOLLOWS
FILTERING RULES DEFINED INRFC3554
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 27/30
LDAPSEARCH
• FOR EXAMPLE LDAPSEARCH )B-C(INDIA -O(IITB IF , IS
ALLOWED READ ACCESS BYDEFAULT THE O(IITB WILL BERETURNED
• )B OPTION SEARCHES FOR THESEARCH BASE
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 28/30
LDAP AND JAVACONNECTIVITY
• THERE EXISTS A PACKAGECALLED JNDI " JAVA NAMINGAND DIRECTORY INTERFACE #
• IT CONTAINS API S NEEDED TOCONNECT LDAP SERVER
RETRIEVE INFORMATION
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 29/30
JNDI EXAMPLE
• A 6789 ; 9<=> WRITTEN USING JNDI TO DO LDAP SEARCH• 8;; ?> ;8@> 8 '..
• 8 7< . 8;.H ?;>
• 8 7< . 8;.E > 8< • 8 7< . 8 ., • 8 7< . 8 .=8 >9 < 6.,
• 9; S> 9 •
7 ?;89 89 <8= 8 "S 8 *+ #• H ?;> > ( > H ?;>"5 ! 0. 5 # • > .7 "C< > .INITIAL2CONTEXT2FACTORY!E .INITCTX# • > .7 "C< > .PROVIDER2URL ! E .MY2SERVICE # • '''''''''.
7/21/2019 Ldap Light Weight Directory Access Protocol
http://slidepdf.com/reader/full/ldap-light-weight-directory-access-protocol 30/30
• M< ;= 7 > > > <7 8 8 >= < > =)8 > 8 > <7> 8< .T ! < > 9 >> < => < 8 => =8 > > 9> >> =8 = < ;= 7 =8 >9 < 6 ><? 8 8 > > = < >; 8< ;= ? > > > <7 8 8 >= < OLTP.
• B>9 > < 8 <7 8 8 8< ! < > > !< LDAP =8 >9 < 8> > < 8 >= << 8 = > > 9 > > >Q > .
W 6 L= 7