Professional Documents
Culture Documents
Ia Ldap
Ia Ldap
What is a directory?
What is LDAP?
che Anatomy of LDAP
Identifying the LDAP server and its attributes
Deciphering the LDAP schema
Mapping the LDAP attributes to a client
application
þbjective
What is LDAP?
che Anatomy of LDAP
Identifying the LDAP server and its attributes
Deciphering the LDAP schema
Mapping the LDAP attributes to a client
application
What is a directory?
± Database
Schema - describes the data
Distributed
± Protocols
Access the data
Manipulate the data
Directory Services Versus Databases
cransport
± LDAP runs directly over IP: Either cCP or UDP
Functionality
± Simplifies X.500 functionality by eliminating low use features
Data Representation
± LDAP uses simple string formats
Encoding
± LDAP uses a simplified encoding rules
What is a directory?
che Anatomy of LDAP
Identifying the LDAP server and its attributes
Deciphering the LDAP schema
Mapping the LDAP attributes to a client
application
What is LDAP?
*Statistic is made up. Did you know 56% of statistics are made up?
Who made LDAP?
What is a directory?
What is LDAP?
c
Identifying the LDAP server and its attributes
Deciphering the LDAP schema
Mapping the LDAP attributes to a client
application
What do we use LDAP for?
R
÷
LDAP Architecture
Lightweight Directory Access Protocol (LDAP
!
"
! !
'
& ! $%
are organized in a Directory Information cree
(DIc and divided among servers in a geographical and
organizational distribution. Each entry, with the exception
of the root, has a parent entry. Each entry has a fully
qualified name: the Distinguished Name (DN . Each
component of the DN is called a Relative Distinguished
Name (RDN . che Distinguished Name for any entry is
constructed by concatenating the Relative Distinguished
Names of the entry's ancestors.
che þrganization Model
che þrganization Model
che Functional Model
þpen
± þpens a connection to a DSA
Bind
± Authenticates a client to the DSA
± Method of authentication ± LDAPv3
Unbind
± cerminates a client/server session
Functional Model Interrogation
Search components
(
)* +
*"&"+
*
*"&"+
*
&
)* + + !
'
,
$(
*-%+ ) +
&!
! !
.
+ + !
+ + ! &
Functional Model Interrogation
Search ± Basic Search Filter cypes
Equality
± <attr>=<value>
± (sn=Dan
Approximate
± <attr>~=<value>
± (sn~=Dann
Substring
± <attr>=[<leading>] * [<any>] * [<trailing>]
± (sn=Da*
Functional Model Interrogation
Search ± Basic Search Filter cypes
And
± (& (<filter1> (<filter2>
± (& (objectClass=user (sn=Dan
þr
± (| (<filter1> (<filter2>
± (| (sn=Dan (sn=c*
Not
± (!(<filter1>
± (!(sn=Dan
Search Parameters
che Security Model
Authentication
± Assurance that the opposite party (machine or person really is who
he/she/it claims to be.
Integrity
± Assurance that the information that arrives is really the same as what
was sent.
Confidentiality
± Protection of information disclosure by means of data encryption to
those who are not intended to receive it.
Authorization
± Assurance that a party is really allowed to do what he/she/it is
requesting to do. chis is usually checked after user authentication. In
LDAP Version 3, this is currently not part of the protocol specification
and is therefore implementation- (or vendor- specific. chis is basically
achieved by assigning access controls, like read, write, or delete, to
user IDs or common names. chere is an Internet Draft that proposes
access control for LDAP.
che Security Model
m
Anatomy of LDAP
Example:givenname=Roberto, sn=Chiabra,
mail=rchiabra@pupc.edu.pe,
phonenumber=511-555-1212
Anatomy of LDAP
Anatomy of LDAP
What is a directory?
What is LDAP?
che Anatomy of LDAP
!
Deciphering the LDAP schema
Mapping the LDAP attributes to a client
application
calking to an Existing LDAP
What is a directory?
What is LDAP?
che Anatomy of LDAP
Identifying the LDAP server and its attributes
Mapping the LDAP attributes to a client
application
che Pieces of an LDAP DN«
uid=rchiabra,ou=users,dc=lima,o=ibm
che Pieces of an LDAP DN«
uid=rchiabra,cn=users,ou=lima,o=ibm
Found on Google
Configuring JXplorer«
Note: If you can bind with a long LDAP name, then your
application can find the user when configuration is
complete ± bind with users to verify they exist and are in
the correct format
Configuring JXplorer«
Gather information about the LDAP user«
What is a directory?
What is LDAP?
che Anatomy of LDAP
Identifying the LDAP server and its attributes
Deciphering the LDAP schema
¢
Applying þur LDAP Experience in the Real World
Documentación
± http://jakarta.apache.org/tomcat/tomcat-5.0-
doc/realm-howto.html#JNDIRealm
Roles as explicit directory entries
]
!
"#$% % &&%
'
% &&%
(
)*+ "#$,
-
Roles as an attribute of the user entry
dn: uid=jjones,ou=people,dc=mycompany,dc=com
objectClass: inetþrgPerson
uid: jjones
sn: jones
cn: janet jones
mail: j.jones@mycompany.com
memberþf: role2
memberþf: role3
userPassword: janet
Configuring server.xml file«
<Realm
className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://localhost:389"
userBase="ou=people,dc=mycompany,dc=com"
userSearch="(mail={0} "
userRoleName="memberþf"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0} "
/>
LDAP with Java
// Global Variables
public static String INIcCcX =
"com.sun.jndi.ldap.LdapCtxFactory";
public static String MY_HþSc =
"ldap://w2kpro.pe.ibm.com:389";
public static String MGR_DN =
"cn=Manager,dc=tweb,dc=com";
public static String MGR_PW = "password";
public static String MY_SEARCHBASE =
"dc=tweb,dc=com";
public static String MY_FILcER = "cn=Luis Gerente";
Example of Java code using JNDI
// Hashtable for environmental information
Hashtable env = new Hashtable( ;
// Security Information
env.put(Context.SECURIcY_AUcHENcICAcIþN,"simple" ;
env.put(Context.SECURIcY_PRINCIPAL, MGR_DN ;
env.put(Context.SECURIcY_CREDENcIALS, MGR_PW ;
// C# Library namespace
using Novell.Directory.Ldap;
//Bind function will Bind the user object Credentials to the Server
ldapConn.Bind(userDN,userPasswd ;
®Preguntas?
Example Directory cree with Attributes for a Small þrganization
Bibliografía