SlideShare une entreprise Scribd logo
1  sur  23
Télécharger pour lire hors ligne
LDAP

●   What is Directory Services
●   The need for LDAP
●   LDAP Overview and Basics
●   Setting up and tunning OpenLDAP
●   Other LDAP tools and applications
What is Directory Services

●   Similar to database but designed more for reading than
    for writing
●   Defines a network protocol for accessing contents of
    the directory
●   Scheme for replication of data
●   Directory Service examples: DNS, finger, password DB
●   LDAP is a 'Lightweight Directory Access Protocol'
The need for LDAP

●   Multiple disparate sources of the same information
●   Users need separate logins and passwords to login to
    different systems
●   Complex to keep information in sync
●   Similar data spread around many flat files or in
    database with different formats
●   Inadequacies of NIS ie. Not very extensible
●   X.500 is too complicated
    Summarizing the above: Centralization, Integration
    and Delegating Responsibility
LDAP Overview

●   LDAP is a ‘Lightweight Directory Access Protocol’
●   LDAP marries a lightweight DAP with the X.500
    information model
●   Uses an extensible hierarchical object data model
●   An LDAP server may implement multiple ‘back-ends’:
    RDBMS, simple indexes (Berkeley DB), X.500
    gateway
●   Designed for frequent reads and infrequent writes
LDAP Benefits

●   Standardized schemas exist for many purposes
    (well beyond that of NIS)
●   Allows consolidation of many information sources
●   Well defined API, support from many applications
●   Easily replicated and distributed
●   Multiple backends allow integration with existing data
    sources (RDBMS, etc)
●   Much faster than RDBMS (using lightweight backend
    like Berkeley DB)
LDAP Basics

●   Data is organised into an hierarchical tree
●   Each ‘entry’ (tree node) is identified by a DN (distinguished
    name) e.g. uid=aokhotnikov,ou=People,ou=Users,dc=ldap,dc=sjua
●   Each component of a DN is called an RDN (relative DN) and
    represents a branch in the tree
●   The RDN must be unique within the nodes at the same level of
    the tree (is generally equivalent to one of the attributes ie. ‘uid’
    or ‘cn’ in the case of a person)
●   Each node has 1 or many attribute values associated with it. Each
    attribute can have 1 or many values
LDAP Basics (cont.)

●   ‘objectClass’ is a mandatory attribute which specifies
    the schema (attribute constraints) for the given node
●   Multiple ‘objectClass’ attributes can be combined
    together to achieve inheritance
●   Example ‘objectClass’ (common schema) attributes:
    dcObject, organizationalUnit, person, organizationalPerson,
    inetOrgPerson, inetLocalMailRecipient

●   CN (Canonical Name) is another common attribute
    used to provide a unique name for a directory object
LDAP Schemas

●   Many standard schemas exist including:
     –   People schemas - person, organisationalPerson, inetOrgPerson,
         posixAccount, mailLocalRecpient, strongAuthenticationUser
     –   Group schemas – groupOfUniqueNames, posixGroup,
         organisationalRole, roleMember
     –   Host / Network schemas – domain, ipHost, ipNetwork, ipProtocol,
         ipService, ieee802Device, bootableDevice
●   An invaluable schema repository from Alan Knowles at the
    Hong Kong Linux Centre:
     –   http://ldap.akbkhome.com/
LDIF File Format
●   LDIF (LDAP Data Interchange Format) is used to
    import/export from a LDAP directory server and run updates
     dn: cn=GForge Admin
     User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua
     objectClass: inetOrgPerson
     objectClass: posixAccount
     objectClass: top
     givenName: GForge Admin
     sn: User
     cn: GForge Admin User
     uid: gforgeadmin
     userPassword: {MD5}6z8f1uQp3reOfghTFrecJQ==
     uidNumber: 1000
     gidNumber: 544
     homeDirectory: /opt/gforge5
     mail: acidumirae@gmail.com
Custom Schemas
●   LDAP schemas uses SNMP style OIDs (Object Ids) for
    uniquely defining schema elements
●   Apply for IANA enterprise number here:
     –   http://www.iana.org/cgi-bin/enterprise.pl
●   Private enterprise number OID prefix is 1.3.6.1.4.1 eg.
    Metaparadigm uses 1.3.6.1.4.1.11137
●   Information on custom schemas can be found here:
     –   http://www.openldap.org/doc/admin/schema.html
Linux LDAP Servers
●   OpenLDAP is the primary open-source LDAP
    implementation based on Univ. Michigan LDAP
    http://www.openldap.org/
●   Sun provides the iPlanet Directory Server/Sun One Java DS
●   Oracle provides an LDAP server using an Oracle database
    backend
●   Many others available (Novell DS, Fedora DS, Apache DS,
    OpenDS, Innosoft, etc.)
●   Linux can also integrate with LDAP servers running on
    other platforms such as Microsoft Active Directory or
    Novell eDirectory
Commercial LDAP Servers
●   Novell eDirectory            ●   CA Directory
●   Sun One Identity Server      ●   Lotus Domino
●   Microsoft Active Directory   ●   Nexor Directory
●   Apple Open Directory         ●   View 500
●   Siemens DirX                 ●   Isode's M-Vault
●   Oracle Internet Directory    ●   aeSLAPD
●   IBM Tivoli Directory         ●   ...
    http://www.paldap.org/ldap-server-software
Scalability and Fault Tolerance
●   OpenLDAP supports real-time directory replication to
    provide load-balancing and high availability
●   OpenLDAP supports single master, multiple slaves
●   Most LDAP aware applications can be configured to use
    multiple LDAP servers (providing fallback servers)
●   Multiple master support is in the works (currently alpha)
●   OpenLDAP can be integrated with ‘heartbeat’ and ‘mon’ to
    provide fault tolerance http://www.linux-ha.org/
Setting up OpenLDAP
●   Configuration is located in: /etc/openldap/slapd.conf
●   We need to include the schemas we are using
      include   /etc/ldap/schema/core.schema
      include   /etc/ldap/schema/collective.schema
      include   /etc/ldap/schema/corba.schema
      include   /etc/ldap/schema/cosine.schema
      include   /etc/ldap/schema/duaconf.schema
      include   /etc/ldap/schema/dyngroup.schema
      include   /etc/ldap/schema/inetorgperson.schema
      include   /etc/ldap/schema/java.schema
      include   /etc/ldap/schema/misc.schema
      include   /etc/ldap/schema/nis.schema
      include   /etc/ldap/schema/openldap.schema
      include   /etc/ldap/schema/ppolicy.schema
      include   /etc/ldap/schema/samba.schema

●   Next we specify a database
      database         hdb
      suffix           "dc=ldap,dc=sjua"
      rootdn           "cn=admin,dc=ldap,dc=sjua"
      rootpw           {SSHA}IrKtxIFV+2UbdD8JiL5ZuTsAx/cPuN2h
      directory        /var/lib/ldap
Setting up OpenLDAP (cont.)
●   We can now start slapd (Standalone LDAP daemon)
      # /etc/init.d/ldap start
●   Next step is to add data to the directory using the LDIF
    example presented earlier

      # ldapadd -D cn=admin,dc=ldap,dc=sjua -W < init.ldif
      Enter LDAP Password: xxxxx
      adding new entry "dc=ldap,dc=sjua"

      adding new entry "ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"

      adding new entry "uid=gfrogeadmin,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"
Tunning OpenLDAP
●   We need to add additional indexes for performance
      index objectclass                 eq

      index cn                      pres,sub,eq
      index sn                      pres,sub,eq
      ## required to support pdb_getsampwnam
      index uid                     pres,sub,eq
      ## required to support pdb_getsambapwrid()
      index displayName             pres,sub,eq

      index    uidNumber                eq
      index    gidNumber                eq
      index    loginShell               eq
      index    memberUid                eq
      index    uniqueMember             eq,pres
●   We need to add ACLs for security
      access to attr=userPassword by self write by anonymous auth by * none
      access to dn="" by * read

      access to *
                by self write
                by users read
                by anonymous auth
Tunning OpenLDAP (cont.)
●   Setup logging in syslog.conf (default is LOCAL4)
        local4.*                               /var/log/sldap.log

●   Make sure ‘slapd’ runs as non privileged user
●   Make ‘slapd’ bind to SSL port for security
         –   need signed certificates with openSSL and modify slapd.conf
       TLSCertificateFile /etc/openldap/ldap.sjua.cer
       TLSCertificateKeyFile /etc/openldap/ldap.sjua.key
         –   modify init script to bind to SSL port
       /usr/libexec/slapd -h 'ldap://ldap.metaparadigm.com/
       ldaps://ldap.metaparadigm.com/' 
                   -l LOCAL4 -u ldap -g ldap
LDAP Search Filters
●   LDAP uses a simple ‘search filters’ syntax (RFC2254)
●   LDAP queries return all attributes of matching entries (or specifically
    selected attributes) which match the search filter
LDAP query particles are enclosed within parenthesis in the form of
( attribute <matching rule> value ) ie. (cn=GForge Admin User)
●   Matching rules include (=, =~, >=, <=)
●   * can be used as a wildcard within the value
●   These can be combined together using the boolean operators: and, or
    and not (&, |, !) eg:
     –   (&(cn=GForge Admin User)(objectClass=posixAccount))

     –   (&(objectClass=inetOrgPerson)(!(ou=People)))

     –   (|(cn=GForge Admin*)(cn=GForge*))
LDAP Search Filters (cont.)
●   The following example ldap search retrieves the names and email
    address of all users with a givenname of ‘Gforge Admin’ or ‘Orange
    Admin’
      ldapsearch -xLLL -h ldap.sjua -b ou=Users,dc=ldap,dc=sjua 
      '(&(|(givenname=GForge Admin)(givenname=Orange Admin))(ob-
      jectClass=inetOrgPerson))' cn mail

      dn: cn=GForge Admin
      User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua
      cn: GForge Admin User
      mail: acidumirae@gmail.com

      dn: cn=Orange Admin
      User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua
      cn: Orange Admin User
      mail: aokhotnikov@softjourn.com


●   Very easy to incorporate this into shell scripts with awk or sed
LDAP Applications
●   Authenticate users in web applications
    (OrangeHRM, gForge, DokuWiki, etc.)
●   Authenticate users in Samba, Apache, ProFTPd, etc.
●   Possible NSS (Name Service Switch) integration
●   Possible PAM (Pluggable Authentication Module)
●   Possible mail routing: Sendmail, Postfix, etc.
●   Shared Address Book (Evolution, Mozilla, Outlook,
    Eudora, web clients, etc.)
●   Programming Libraries (Perl, Java, PHP, etc.)
LDAP Browsers and Editors
●   Directory Administrator
    http://diradmin.open-it.org
●   GQ
    http://biot.com/gq/
●   Java LDAP Browser
    http://www.iit.edu/~gawojar/ldap/
●   phpLDAPadmin
    http://phpldapadmin.sf.net/
Migration to LDAP
●   Padl migration tools
    –   http://www.padl.com/OSS/MigrationTools.html
    –   passwd, group, hosts, networks, services, etc…
●   We have migrated users from OrangeHRM using
    custom PHP scrip that was generating LDIF files
    –   some issues with Samba – NTPassword is MD4
    –   minor issues with gForge – multiple
        installations(dirty database)
Resources
●   OpenLDAP: http://openldap.org
●   Practical LDAP from Metaparadigm Pte Ltd.
    http://gort.metaparadigm.com/ldap/
●   Ubuntu Documentation: OpenLDAP Server
    https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
●   Ubuntu Documentation: Samba and LDAP
    https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html
●   Introduction to LDAP and Single Sign-On
    http://tapor.ualberta.ca/Resources/Techdocs/completed/ldappresentation.pdf
●   LDAP and Directory Services
    http://ldap.mtu.edu/docs/public/mtu_dsinfo/techiefest/techiefest_files/v3_document.htm

Contenu connexe

Tendances

Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing  Active Directory DomainWindows Server 2012 Managing  Active Directory Domain
Windows Server 2012 Managing Active Directory DomainNapoleon NV
 
Access control list acl - permissions in linux
Access control list acl  - permissions in linuxAccess control list acl  - permissions in linux
Access control list acl - permissions in linuxSreenatha Reddy K R
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 
Active directory domain services
Active directory domain servicesActive directory domain services
Active directory domain servicesIGZ Software house
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecturerahuldaredia21
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain serviceFestus Oriaku
 
Azure Active Directory - An Introduction
Azure Active Directory  - An IntroductionAzure Active Directory  - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop ServicesRonnie Isherwood
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol AMahmmoud Mahdi
 

Tendances (20)

Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing  Active Directory DomainWindows Server 2012 Managing  Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
 
Directory services
Directory servicesDirectory services
Directory services
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
 
Access control list acl - permissions in linux
Access control list acl  - permissions in linuxAccess control list acl  - permissions in linux
Access control list acl - permissions in linux
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
 
Active directory domain services
Active directory domain servicesActive directory domain services
Active directory domain services
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecture
 
Active directory domain service
Active directory domain serviceActive directory domain service
Active directory domain service
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
Basic 50 linus command
Basic 50 linus commandBasic 50 linus command
Basic 50 linus command
 
Azure Active Directory - An Introduction
Azure Active Directory  - An IntroductionAzure Active Directory  - An Introduction
Azure Active Directory - An Introduction
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
File permissions
File permissionsFile permissions
File permissions
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop Services
 
Active directory
Active directoryActive directory
Active directory
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp ppt
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
 
Filepermissions in linux
Filepermissions in linuxFilepermissions in linux
Filepermissions in linux
 

En vedette

LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentationcyberleon95
 
WebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPWebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPLINAGORA
 
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPParis, France
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing timeDeepak John
 
iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)Anatoliy Okhotnikov
 
ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)Anatoliy Okhotnikov
 
Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)Anatoliy Okhotnikov
 
Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Ashutosh Jaiswal
 
Distributed Snapshots
Distributed SnapshotsDistributed Snapshots
Distributed Snapshotsawesomesos
 

En vedette (20)

LDAP Presentation
LDAP PresentationLDAP Presentation
LDAP Presentation
 
WebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAPWebSSO, synchronisation et contrôle des accès via LDAP
WebSSO, synchronisation et contrôle des accès via LDAP
 
OpenDS - Open Source Java LDAP server
OpenDS - Open Source Java LDAP serverOpenDS - Open Source Java LDAP server
OpenDS - Open Source Java LDAP server
 
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPPlone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAP
 
Ldap
LdapLdap
Ldap
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing time
 
Jenkins CI (ukr)
Jenkins CI (ukr)Jenkins CI (ukr)
Jenkins CI (ukr)
 
Php web app security (eng)
Php web app security (eng)Php web app security (eng)
Php web app security (eng)
 
iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)iPhone Objective-C Development (ukr) (2009)
iPhone Objective-C Development (ukr) (2009)
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
 
ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)ITEvent: Continuous Integration (ukr)
ITEvent: Continuous Integration (ukr)
 
Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)Ubuntu server wireless access point (eng)
Ubuntu server wireless access point (eng)
 
ITIL (ukr)
ITIL (ukr)ITIL (ukr)
ITIL (ukr)
 
Debug (ukr)
Debug (ukr)Debug (ukr)
Debug (ukr)
 
Php unit (eng)
Php unit (eng)Php unit (eng)
Php unit (eng)
 
Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot
 
Xdebug (ukr)
Xdebug (ukr)Xdebug (ukr)
Xdebug (ukr)
 
Continuous integration (eng)
Continuous integration (eng)Continuous integration (eng)
Continuous integration (eng)
 
Distributed Snapshots
Distributed SnapshotsDistributed Snapshots
Distributed Snapshots
 
ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)ITEvent: Kanban Intro (ukr)
ITEvent: Kanban Intro (ukr)
 

Similaire à Ldap introduction (eng)

LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)Fran Fabrizio
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationWildan Maulana
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-LinuxBalaji Ravi
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...Clément OUDOT
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9rezgui
 
Slaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverSlaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverESUG
 
Under the Hood 11g Identity Management
Under the Hood  11g Identity ManagementUnder the Hood  11g Identity Management
Under the Hood 11g Identity ManagementInSync Conference
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAPMongoDB
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Vinaykumar Hebballi
 
Introduction to Apache Spark
Introduction to Apache SparkIntroduction to Apache Spark
Introduction to Apache SparkRahul Jain
 
PostgreSQL - Object Relational Database
PostgreSQL - Object Relational DatabasePostgreSQL - Object Relational Database
PostgreSQL - Object Relational DatabaseMubashar Iqbal
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sKalin Chernev
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkRahul Jain
 

Similaire à Ldap introduction (eng) (20)

LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
 
ivanova-samba_backend.pdf
ivanova-samba_backend.pdfivanova-samba_backend.pdf
ivanova-samba_backend.pdf
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
 
Ldapsession
LdapsessionLdapsession
Ldapsession
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
 
Slaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP serverSlaps - a Smalltalk LDAP server
Slaps - a Smalltalk LDAP server
 
Under the Hood 11g Identity Management
Under the Hood  11g Identity ManagementUnder the Hood  11g Identity Management
Under the Hood 11g Identity Management
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
 
LDAP
LDAPLDAP
LDAP
 
User administration without you - integrating LDAP
User administration without you - integrating LDAPUser administration without you - integrating LDAP
User administration without you - integrating LDAP
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
 
Introduction to Apache Spark
Introduction to Apache SparkIntroduction to Apache Spark
Introduction to Apache Spark
 
PostgreSQL - Object Relational Database
PostgreSQL - Object Relational DatabasePostgreSQL - Object Relational Database
PostgreSQL - Object Relational Database
 
Apache Spark on HDinsight Training
Apache Spark on HDinsight TrainingApache Spark on HDinsight Training
Apache Spark on HDinsight Training
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-s
 
Real time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache SparkReal time Analytics with Apache Kafka and Apache Spark
Real time Analytics with Apache Kafka and Apache Spark
 

Plus de Anatoliy Okhotnikov

Plus de Anatoliy Okhotnikov (7)

Agile (IF PM Group) v2
Agile (IF PM Group) v2Agile (IF PM Group) v2
Agile (IF PM Group) v2
 
User story workflow (eng)
User story workflow (eng)User story workflow (eng)
User story workflow (eng)
 
Unit testing (eng)
Unit testing (eng)Unit testing (eng)
Unit testing (eng)
 
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
Project Management: Burn-Down Chart / OrangeHRM Project MOD (eng)
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
 
Db design (ukr)
Db design (ukr)Db design (ukr)
Db design (ukr)
 
Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)Agile Feedback Loops (ukr)
Agile Feedback Loops (ukr)
 

Dernier

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 

Dernier (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 

Ldap introduction (eng)

  • 1. LDAP ● What is Directory Services ● The need for LDAP ● LDAP Overview and Basics ● Setting up and tunning OpenLDAP ● Other LDAP tools and applications
  • 2. What is Directory Services ● Similar to database but designed more for reading than for writing ● Defines a network protocol for accessing contents of the directory ● Scheme for replication of data ● Directory Service examples: DNS, finger, password DB ● LDAP is a 'Lightweight Directory Access Protocol'
  • 3. The need for LDAP ● Multiple disparate sources of the same information ● Users need separate logins and passwords to login to different systems ● Complex to keep information in sync ● Similar data spread around many flat files or in database with different formats ● Inadequacies of NIS ie. Not very extensible ● X.500 is too complicated Summarizing the above: Centralization, Integration and Delegating Responsibility
  • 4. LDAP Overview ● LDAP is a ‘Lightweight Directory Access Protocol’ ● LDAP marries a lightweight DAP with the X.500 information model ● Uses an extensible hierarchical object data model ● An LDAP server may implement multiple ‘back-ends’: RDBMS, simple indexes (Berkeley DB), X.500 gateway ● Designed for frequent reads and infrequent writes
  • 5. LDAP Benefits ● Standardized schemas exist for many purposes (well beyond that of NIS) ● Allows consolidation of many information sources ● Well defined API, support from many applications ● Easily replicated and distributed ● Multiple backends allow integration with existing data sources (RDBMS, etc) ● Much faster than RDBMS (using lightweight backend like Berkeley DB)
  • 6. LDAP Basics ● Data is organised into an hierarchical tree ● Each ‘entry’ (tree node) is identified by a DN (distinguished name) e.g. uid=aokhotnikov,ou=People,ou=Users,dc=ldap,dc=sjua ● Each component of a DN is called an RDN (relative DN) and represents a branch in the tree ● The RDN must be unique within the nodes at the same level of the tree (is generally equivalent to one of the attributes ie. ‘uid’ or ‘cn’ in the case of a person) ● Each node has 1 or many attribute values associated with it. Each attribute can have 1 or many values
  • 7. LDAP Basics (cont.) ● ‘objectClass’ is a mandatory attribute which specifies the schema (attribute constraints) for the given node ● Multiple ‘objectClass’ attributes can be combined together to achieve inheritance ● Example ‘objectClass’ (common schema) attributes: dcObject, organizationalUnit, person, organizationalPerson, inetOrgPerson, inetLocalMailRecipient ● CN (Canonical Name) is another common attribute used to provide a unique name for a directory object
  • 8. LDAP Schemas ● Many standard schemas exist including: – People schemas - person, organisationalPerson, inetOrgPerson, posixAccount, mailLocalRecpient, strongAuthenticationUser – Group schemas – groupOfUniqueNames, posixGroup, organisationalRole, roleMember – Host / Network schemas – domain, ipHost, ipNetwork, ipProtocol, ipService, ieee802Device, bootableDevice ● An invaluable schema repository from Alan Knowles at the Hong Kong Linux Centre: – http://ldap.akbkhome.com/
  • 9. LDIF File Format ● LDIF (LDAP Data Interchange Format) is used to import/export from a LDAP directory server and run updates dn: cn=GForge Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua objectClass: inetOrgPerson objectClass: posixAccount objectClass: top givenName: GForge Admin sn: User cn: GForge Admin User uid: gforgeadmin userPassword: {MD5}6z8f1uQp3reOfghTFrecJQ== uidNumber: 1000 gidNumber: 544 homeDirectory: /opt/gforge5 mail: acidumirae@gmail.com
  • 10. Custom Schemas ● LDAP schemas uses SNMP style OIDs (Object Ids) for uniquely defining schema elements ● Apply for IANA enterprise number here: – http://www.iana.org/cgi-bin/enterprise.pl ● Private enterprise number OID prefix is 1.3.6.1.4.1 eg. Metaparadigm uses 1.3.6.1.4.1.11137 ● Information on custom schemas can be found here: – http://www.openldap.org/doc/admin/schema.html
  • 11. Linux LDAP Servers ● OpenLDAP is the primary open-source LDAP implementation based on Univ. Michigan LDAP http://www.openldap.org/ ● Sun provides the iPlanet Directory Server/Sun One Java DS ● Oracle provides an LDAP server using an Oracle database backend ● Many others available (Novell DS, Fedora DS, Apache DS, OpenDS, Innosoft, etc.) ● Linux can also integrate with LDAP servers running on other platforms such as Microsoft Active Directory or Novell eDirectory
  • 12. Commercial LDAP Servers ● Novell eDirectory ● CA Directory ● Sun One Identity Server ● Lotus Domino ● Microsoft Active Directory ● Nexor Directory ● Apple Open Directory ● View 500 ● Siemens DirX ● Isode's M-Vault ● Oracle Internet Directory ● aeSLAPD ● IBM Tivoli Directory ● ... http://www.paldap.org/ldap-server-software
  • 13. Scalability and Fault Tolerance ● OpenLDAP supports real-time directory replication to provide load-balancing and high availability ● OpenLDAP supports single master, multiple slaves ● Most LDAP aware applications can be configured to use multiple LDAP servers (providing fallback servers) ● Multiple master support is in the works (currently alpha) ● OpenLDAP can be integrated with ‘heartbeat’ and ‘mon’ to provide fault tolerance http://www.linux-ha.org/
  • 14. Setting up OpenLDAP ● Configuration is located in: /etc/openldap/slapd.conf ● We need to include the schemas we are using include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/samba.schema ● Next we specify a database database hdb suffix "dc=ldap,dc=sjua" rootdn "cn=admin,dc=ldap,dc=sjua" rootpw {SSHA}IrKtxIFV+2UbdD8JiL5ZuTsAx/cPuN2h directory /var/lib/ldap
  • 15. Setting up OpenLDAP (cont.) ● We can now start slapd (Standalone LDAP daemon) # /etc/init.d/ldap start ● Next step is to add data to the directory using the LDIF example presented earlier # ldapadd -D cn=admin,dc=ldap,dc=sjua -W < init.ldif Enter LDAP Password: xxxxx adding new entry "dc=ldap,dc=sjua" adding new entry "ou=WebAdmin,ou=Users,dc=ldap,dc=sjua" adding new entry "uid=gfrogeadmin,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"
  • 16. Tunning OpenLDAP ● We need to add additional indexes for performance index objectclass eq index cn pres,sub,eq index sn pres,sub,eq ## required to support pdb_getsampwnam index uid pres,sub,eq ## required to support pdb_getsambapwrid() index displayName pres,sub,eq index uidNumber eq index gidNumber eq index loginShell eq index memberUid eq index uniqueMember eq,pres ● We need to add ACLs for security access to attr=userPassword by self write by anonymous auth by * none access to dn="" by * read access to * by self write by users read by anonymous auth
  • 17. Tunning OpenLDAP (cont.) ● Setup logging in syslog.conf (default is LOCAL4) local4.* /var/log/sldap.log ● Make sure ‘slapd’ runs as non privileged user ● Make ‘slapd’ bind to SSL port for security – need signed certificates with openSSL and modify slapd.conf TLSCertificateFile /etc/openldap/ldap.sjua.cer TLSCertificateKeyFile /etc/openldap/ldap.sjua.key – modify init script to bind to SSL port /usr/libexec/slapd -h 'ldap://ldap.metaparadigm.com/ ldaps://ldap.metaparadigm.com/' -l LOCAL4 -u ldap -g ldap
  • 18. LDAP Search Filters ● LDAP uses a simple ‘search filters’ syntax (RFC2254) ● LDAP queries return all attributes of matching entries (or specifically selected attributes) which match the search filter LDAP query particles are enclosed within parenthesis in the form of ( attribute <matching rule> value ) ie. (cn=GForge Admin User) ● Matching rules include (=, =~, >=, <=) ● * can be used as a wildcard within the value ● These can be combined together using the boolean operators: and, or and not (&, |, !) eg: – (&(cn=GForge Admin User)(objectClass=posixAccount)) – (&(objectClass=inetOrgPerson)(!(ou=People))) – (|(cn=GForge Admin*)(cn=GForge*))
  • 19. LDAP Search Filters (cont.) ● The following example ldap search retrieves the names and email address of all users with a givenname of ‘Gforge Admin’ or ‘Orange Admin’ ldapsearch -xLLL -h ldap.sjua -b ou=Users,dc=ldap,dc=sjua '(&(|(givenname=GForge Admin)(givenname=Orange Admin))(ob- jectClass=inetOrgPerson))' cn mail dn: cn=GForge Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua cn: GForge Admin User mail: acidumirae@gmail.com dn: cn=Orange Admin User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua cn: Orange Admin User mail: aokhotnikov@softjourn.com ● Very easy to incorporate this into shell scripts with awk or sed
  • 20. LDAP Applications ● Authenticate users in web applications (OrangeHRM, gForge, DokuWiki, etc.) ● Authenticate users in Samba, Apache, ProFTPd, etc. ● Possible NSS (Name Service Switch) integration ● Possible PAM (Pluggable Authentication Module) ● Possible mail routing: Sendmail, Postfix, etc. ● Shared Address Book (Evolution, Mozilla, Outlook, Eudora, web clients, etc.) ● Programming Libraries (Perl, Java, PHP, etc.)
  • 21. LDAP Browsers and Editors ● Directory Administrator http://diradmin.open-it.org ● GQ http://biot.com/gq/ ● Java LDAP Browser http://www.iit.edu/~gawojar/ldap/ ● phpLDAPadmin http://phpldapadmin.sf.net/
  • 22. Migration to LDAP ● Padl migration tools – http://www.padl.com/OSS/MigrationTools.html – passwd, group, hosts, networks, services, etc… ● We have migrated users from OrangeHRM using custom PHP scrip that was generating LDIF files – some issues with Samba – NTPassword is MD4 – minor issues with gForge – multiple installations(dirty database)
  • 23. Resources ● OpenLDAP: http://openldap.org ● Practical LDAP from Metaparadigm Pte Ltd. http://gort.metaparadigm.com/ldap/ ● Ubuntu Documentation: OpenLDAP Server https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html ● Ubuntu Documentation: Samba and LDAP https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html ● Introduction to LDAP and Single Sign-On http://tapor.ualberta.ca/Resources/Techdocs/completed/ldappresentation.pdf ● LDAP and Directory Services http://ldap.mtu.edu/docs/public/mtu_dsinfo/techiefest/techiefest_files/v3_document.htm