7/23/2019 Simple short Seminar on LDAP
1/20
ShashankHewlett Packard
7/23/2019 Simple short Seminar on LDAP
2/20
Background and Motivation X.500 What is LDAP? Understanding LDAP Discussion and Q/A
Lightweight Directory Access Protocol 2
7/23/2019 Simple short Seminar on LDAP
3/20
Originally inspired by Telecommunicationcompanies
Increased reliance on networkedcomputers
Need in information Ease-of-Use Administration Clear and consistent organization Integrity Confidentiality
Lightweight Directory Access Protocol 3
7/23/2019 Simple short Seminar on LDAP
4/20
X.500 standard. CCITT 1988 Refer ISO 9594 X.500-X.521 of 1990
Lightweight Directory Access Protocol 4
7/23/2019 Simple short Seminar on LDAP
5/20
Organizes directory entries into ahierarchical namespace
Powerful search capabilities Uses DAP (App. Layer) it is based on OSI.
Lightweight Directory Access Protocol 5
7/23/2019 Simple short Seminar on LDAP
6/20
Lightweight Directory Access Protocol Used to access and update information in a
directory built on the X.500 model
Lightweight Directory Access Protocol 6
7/23/2019 Simple short Seminar on LDAP
7/20
Lightweight alternative to DAP
Uses TCP/IP instead of OSI stack
Much Simpler Uses strings rather than DAPs ASN.1
notation to represent data.
Lightweight Directory Access Protocol 7
7/23/2019 Simple short Seminar on LDAP
8/20
Lightweight Directory Access Protocol 8
7/23/2019 Simple short Seminar on LDAP
9/20
Each entry describes an object (Class) Person, Server, Printer etc.
Example Entry: InetOrgPerson(cn, sn, ObjectClass)
Example Attributes: cn (cis), sn (cis), telephoneNumber (tel), ou (cis),
owner (dn),
Lightweight Directory Access Protocol 9
7/23/2019 Simple short Seminar on LDAP
10/20
DNs consist of sequence of Relative DN cn=John
Smith,ou=Finland,ou=Vaasa,dc=accdom,dc=for,dc=int
Directory Information Tree (DIT)
Lightweight Directory Access Protocol 10
7/23/2019 Simple short Seminar on LDAP
11/20
Lightweight Directory Access Protocol 11
Attribute Type String
CommonName CN
LocalityName L
StateorProvinceName ST
OrganizationName O
OrganizationalUnitName OU
CountryName C
StreetAddress STREET
domainComponent DC
Userid UID
7/23/2019 Simple short Seminar on LDAP
12/20
Authentication BIND/UNBIND
ABANDON Query
Search
Compare entry
Update Add or Delete Entry
Modify an entry
Lightweight Directory Access Protocol 12
7/23/2019 Simple short Seminar on LDAP
13/20
Client establishes session with server(BIND) Hostname/IP and port number Security
User-id/password based authentication
Anonymous connection - default access rights
Encryption/Kerberos also supported
Client performs operations Read/Update/Search SELECT X,Y,Z FROM PART_OF_DIRECTORY
Client ends the session (UNBIND)
Client can ABANDON the sessionLightweight Directory Access Protocol 13
7/23/2019 Simple short Seminar on LDAP
14/20
Request includes LDAP version, the namethe client wants to bind as,
authentication type Simple (clear text passwords, anonymous)
Kerberos v4 to the LDAP server (krbv42LDAP)
Kerberos v4 to the DSA server (krbv42DSA)
Server responds with a status indication UNBIND: Terminates a protocol session
UnbindRequest ::= [APPLICATION 2] NULL
ABANDON: MessageID to abandonLightweight Directory Access Protocol 14
7/23/2019 Simple short Seminar on LDAP
15/20
Request includes baseObject: an LDAPDN Scope: how many levels to be searched
derefAliases: handling of aliases sizeLimit: max number of entries returned timeLimit: max time allowed for search attrsOnly: return attribute types OR values also Filter: cond. to be fulfilled when searching Attributes: List of entrys attributes to be
returned
Read and List implemented as searches Compare: similar to search but returns
T/FLightweight Directory Access Protocol 15
7/23/2019 Simple short Seminar on LDAP
16/20
ADD request Entry: LDAPDN List of Attributes and values (or sets of values)
MODIFY request Used to add, delete, modify attributes
DELETE request
Lightweight Directory Access Protocol 16
7/23/2019 Simple short Seminar on LDAP
17/20
Current LDAP version supports Clear text passwords
KERBEROS version 5 authentication
Other authentication methods possible in
future versions
SASL support added in version 3 Kerberos deemed stronger than SASL
Lightweight Directory Access Protocol 17
7/23/2019 Simple short Seminar on LDAP
18/20
Authentication operation
Lightweight Directory Access Protocol 18
7/23/2019 Simple short Seminar on LDAP
19/20
Lightweight Directory Access Protocol 19
7/23/2019 Simple short Seminar on LDAP
20/20
Lightweight Directory Access Protocol 20