LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL

Presented by

Chaithra H.T

TOPICS

Introduction History Why LDAP? Architecture How does LDAP works? Technology Utilities Conclusion

Introduction

LDAP, the Lightweight Directory Access Protocol, is a client-server protocol for accessing and managing directory information.

Directory is a set of objects with attributes organized in a logical and hierarchical boundaries depending on the model chosen.

LDAP is based on the X.500 standard.

It is an internet protocol runs over TCP/IP.

It is an open protocol, applications need not to worry about the type of server hosting the directory.

The directory structure is a specialized database which is optimized for browsing, searching, locating and reading information.

History X.500 is the OSI directory standard.

X.500 defines the Directory Access Protocol.

The size and complexity of DAP makes it difficult

to run on smaller machines.

LDAP was designed to remove some of the burden of X.500.

Why LDAP?

It access through a simpler TCP/IP model.

A mobile user may initiate a database lookup over the Internet .

It was given its lightweight name because it can be easily implemented over the internet due to its lightweight bandwidth usage.

Unlike the directory structure, which allows the user access to all the information available, LDAP allows information to be accessed only after authenticating the user.

It also supports privacy end integrity security services.

HOW DOES LDAP WORKS? LDAP directory service is based on client-

server model.

LDAP is a message oriented protocol.

Client constructs an LDAP message containing a request and sends it to the server.

Server processes the request and sends it back to the client in the form of LDAP message.

Client initiates a session with the LDAP server.

Client specifies a name or an IP address and port of the LDAP server.

Client specifies user name and password.

ARCHITECTURE

Client requests information. Server1 returns referral to server2 Client resend request to server2 Server2 returns information to client

X.500

Information model A namespace A functional model An authentication framework A distributed operation model

General purpose, standards- based directories

X.500 RFC 1497 SLDAPD

Technology Request For Comments: RFC 4510 LDAP is an Internet protocol for accessing distributed

directory services .

Request For Comments: RFC 4515 LDAP defines a network representation of a search

filter transmitted to an LDAP server.

Request For Comments: RFC 4516 LDAP describes it as Uniform Resource Locator(URL).

Associated technology

The technology associated LDAP are in the integration of LDAP with DCE

This reduces administrative support concerns and the duplication of resources that accompanies server administration

Trends

It is evolving into a more intelligent network structure called a Directory Enable Network (DEN).

It separates the logical properties from physical components.

Utilities

LDAPMODIFY

LDAPADD

LDAPCHANGEPWD

LDAPSEARCH

LDAPDELETE

LDAPMODIFY & LDAPADD : Invoking LDAPADD is equivalent to invoking LDAPMODIFY with -a flag turned on.

Syntax :ldapmodify [-a] [-b] [-c]

LDAPCHANGEPWD: It is a modify password tool.

Syntax: ldapchangepwd [-h ldaphost] [-n newpassword]

LDAPSEARCH: search the entries in LDAP server.

Syntax: ldapsearch [-p ldapport] [-dn]

LDAP CONFIGURATION The configuration FILE SLAPD.OC.CONF

contains the definition of all the object classes.

The attributes of the object classes are defined in SLAPD.AT.CONF FILE.

LDAP ACCESS CONTROL Access to <what> [ by <who> <access

level> <control> ]. This directive grants access to a set of

entries/attributes by one or more requesters. Example: Access To * by * Read. The above directive gives read permission to

everyone.

Conclusion

LDAP provides a low-overhead method of accessing the X.500 directory.

It runs over TCP, eliminating much of the connection set-up.

It has an excellent future as a directory access protocol.

Thank you