SlideShare une entreprise Scribd logo

Open LDAP vs. Active Directory

Télécharger en tant que PPTX, PDF
Ahmad Haghighi
Ahmad Haghighi

OLDAP vs. AD مقایسه اکتیو دایرکتوری با اوپن الدپ

Présentations et discours publics
1  sur  22
<name> Ahmad Haghighi </name> <e-mail> haghighi.ahmad@gmail.com </e-mail> <date> Apr. 2014 </date> <title>OpenLdap vs. Active Directory</title>
WHAT IS A DIRECTORY SERVICE?  A directory service is the software system that stores, organizes and provides access to information in a directory.  In software engineering, a directory is a map between names and values.  A Directory is organized and/or optimized for lookup, searching, browsing and other ‘Read’ activities.  It allows the lookup of values given a name, similar to a dictionary.  In a directory, a name may be associated with multiple, different pieces of information
DIRECTORYVS. DATABASE  Typically optimized for a very high ratio of searches to updates  Not suited for information that changes rapidly  Read-write ratio - LDAP is read optimized  Extensibility - LDAP schemas are more easily changed  Distribution - with LDAP data can be near where it is Needed  Different performance - databases are generally deployed for limited amount of applications
WHAT IS LDAP?  LDAP=Lightweight Directory Access Protocol  BasedonX.500  Directory Service (RFC1777)  Stores attribute based data  Data generally read more than written  Client-server model  Based on entries  Collection of attributes
WHY USE LDAP?  Centrally manage users, groups and other data  Don’t have to manage separate directories for each application  Distribute management of data to appropriate people  Allow users to find data that they need  Authentication  Authorization  Auditing & Monitoring
SOME LDAPVENDORS  Fedora DS  OpenDS  OpenLDAP  Microsoft Active Directory  Sun  Novell  HP  CA  Red Hat  IBM  Lotus
COMPARISON Based on some common features
SUPPORTED INTERNET STANDARD  OpenLdap is a Standard LDAP server and support more than 90 RFC  MS AD in comparison with other vendors support a few RFC’s (about 10)
SUPPORTED PLATFORMS  AD -> only Windows Servers  OpenLdap -> all platforms  e.g. Darwin, FreeBSD, Linux, NetBSD, OpenBSD, Apple MacOS X, IBM zOS, and MicrosoftWindows NT/2000/etc.
SIMPLE BIND BENCHMARK DATA  MS: AD 3214/second “simple bind” operations on the 100,000 entry 32-bit configuration and 3079/second on the 100,000 entry 64-bit configuration  HP: OpenLDAP delivered 12,800 to 13,600 authentications per second (depending on model) for a 250,000 entry database  For the 3,000,000 user (entry) database: AD: 32-bit and the 64-bit simple bind performance dips below 3,000/second to 2,997/second OpenLdap: 13,043 and 13,639 authentications per second  For 5,000,000 users: OLdap: 13,700 authentications per second OpenLDAP performance is probably in the range of four to eight times faster.
PERFORMANCE  The memory required for AD to store the entries appears to be around three times that required for OpenLDAP *this is extrapolating without direct measurements to compare  AD requires several times more memory and processor power than OpenLDAP
EASE OF USE  AD is much easier to use and have pre designed schema and policies (less flexibility)  In OpenLDAP admin must define every thing manually and from base
QUERY LIMIT  AD has a default query limit of 10,000/1,000  Admin can change this value in configuration  For retrieving large amount of information we need paging
PROMINENT LIMITATIONS OF ADAM Neither the LDAP standard nor the OpenLDAP product imposes any of the limitations described next
SCHEMA LIMITATIONS  # Page 19  Attribute Character Length  AttributeValue Limits  Relative Distinguished Names  OU Limitations  Distinguished Name Syntax Attributes  Objectclass and Attribute Definitions
DATA ACCESS LIMITATIONS  # Page 21  Anonymous Binding  Access Control
PERFORMANCE LIMITATIONS  # Page 21  Indexing  Caching
FINAL NOTE This is a clear and unambiguous statement that AD fails to provide the flexibility, extensibility, and other attributes needed to be a true directory services technology. AD may be excellent as a NOS directory, but this is an admission that it is NOT an LDAP directory. It is a NOS directory that supports LDAP access to its data There is no particular demand on most LDAP servers to run in any mode or under a specific user ID or restrictions. AD is inflexible in this and that means that experimental or educational instances are difficult to use
Q&A
REFERENCES  http://en.wikipedia.org/wiki/Directory_services  http://en.wikipedia.org/wiki/Ldap  http://en.wikipedia.org/wiki/Active_Directory  http://en.wikipedia.org/wiki/Openldap  “Assessment of Microsoft’s Active Directory Application Mode (ADAM) as a Potential Enterprise DirectoryTechnology versus OpenLDAP and Other LDAP Offerings”, Symas Corporation, Version: 1.0, Published: October 2007 http://symas.com/documents/Adam-Eval1-0.pdf
REFERENCES  http://www.microsoft.com/downloads/details.aspx?FamilyID=52e7c3bd-570a-475c-96e0- 316dc821e3e7&DisplayLang=en  http://www.symas.com/benchmark.shtml  http://www.connexitor.com/blog/archives/archive_2007-m04.php#e130  http://www.connexitor.com/blog/archives/archive_2007-m04.php#e131  http://h71019.www7.hp.com/ActiveAnswers/cache/393495-0-0-0-121.html  How ADAM works: http://technet2.microsoft.com/WindowsServer/en/library/7cfc8997-bab2-4770-aff2- be424fd03cda1033.mspx?mfr=true  FAQ: http://www.microsoft.com/windowsserver2003/adam/ADAMfaq.mspx  AD Schema reference: http://technet2.microsoft.com/windowsserver/en/library/97cae647-d996-48ff-b478- c96193abeadb1033.mspx?mfr=true  SANS Institute Internet Storm Center for Port 135: http://isc.sans.org/port.html?port=135
tnx ;)

Recommandé

The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap Protocol
Glen Plantz
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
Balaji Ravi
 
Directory Servers and LDAP
Directory Servers and LDAPDirectory Servers and LDAP
Directory Servers and LDAP
Wildan Maulana
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
Perforce
 
Ldap intro
Ldap introLdap intro
Ldap intro
yousry ibrahim
 
LDAP
LDAPLDAP
LDAP
Khemnath Chauhan
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
Ali Abdo
 
Using OpenLDAP
Using OpenLDAPUsing OpenLDAP
Using OpenLDAP
Wildan Maulana
 

Recommandé

The Ldap Protocol
The Ldap ProtocolThe Ldap Protocol
The Ldap Protocol
Glen Plantz
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
Balaji Ravi
 
Directory Servers and LDAP
Directory Servers and LDAPDirectory Servers and LDAP
Directory Servers and LDAP
Wildan Maulana
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
Perforce
 
Ldap intro
Ldap introLdap intro
Ldap intro
yousry ibrahim
 
LDAP
LDAPLDAP
LDAP
Khemnath Chauhan
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
Ali Abdo
 
Using OpenLDAP
Using OpenLDAPUsing OpenLDAP
Using OpenLDAP
Wildan Maulana
 
LDAP
LDAPLDAP
LDAP
Chandanapriya Sathavalli
 
Ldap
LdapLdap
Ldap
Shiva Krishna Chandra Shekar
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
S. Hasnain Raza
 
LDAP Theory
LDAP TheoryLDAP Theory
LDAP Theory
cyberleon95
 
Ldap
LdapLdap
Ldap
Higher Private School of Engineering and Technology
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
Cynoteck Technology Solutions Private Limited
 
Spring Ldap
Spring LdapSpring Ldap
Spring Ldap
Piergiorgio Lucidi
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory Services
Radovan Semancik
 
Microsoft data access components
Microsoft data access componentsMicrosoft data access components
Microsoft data access components
Shiva Krishna Chandra Shekar
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP Integration
Dell World
 
L2tp1
L2tp1L2tp1
L2tp1
Shiva Krishna Chandra Shekar
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Edson Oliveira
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
LDAPCon
 
LDAP
LDAPLDAP
LDAP
Lokesh Kumar N
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJID
Sajid khan
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJID
Sajid khan
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
Anatoliy Okhotnikov
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clients
LDAPCon
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
Jani Sabtriady
 
SQL Server 2012 - FileTables
SQL Server 2012 - FileTables SQL Server 2012 - FileTables
SQL Server 2012 - FileTables
Sperasoft
 
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacksحملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
Ahmad Haghighi
 
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابیمقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
Ahmad Haghighi
 

Contenu connexe

Tendances

Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Edson Oliveira
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
LDAPCon
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clients
LDAPCon
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
Jani Sabtriady
 

Tendances (20)

LDAP
LDAPLDAP
LDAP
 
Ldap
LdapLdap
Ldap
 
LDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access ProtocolLDAP - Lightweight Directory Access Protocol
LDAP - Lightweight Directory Access Protocol
 
LDAP Theory
LDAP TheoryLDAP Theory
LDAP Theory
 
Ldap
LdapLdap
Ldap
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
 
Spring Ldap
Spring LdapSpring Ldap
Spring Ldap
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory Services
 
Microsoft data access components
Microsoft data access componentsMicrosoft data access components
Microsoft data access components
 
LDAP Integration
LDAP IntegrationLDAP Integration
LDAP Integration
 
L2tp1
L2tp1L2tp1
L2tp1
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
 
LDAP
LDAPLDAP
LDAP
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJID
 
Directory services by SAJID
Directory services by SAJIDDirectory services by SAJID
Directory services by SAJID
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clients
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
 
SQL Server 2012 - FileTables
SQL Server 2012 - FileTables SQL Server 2012 - FileTables
SQL Server 2012 - FileTables
 

En vedette

Take Care | Complete hotel back office
Take Care | Complete hotel back officeTake Care | Complete hotel back office
Take Care | Complete hotel back office
Atsc Group
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs Ldap
Juan Bau
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLL
sbahloul
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAP
LDAPCon
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)
Michael Lamont
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
LDAPCon
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC project
Clément OUDOT
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
LDAPCon
 
Understanding Akka Streams, Back Pressure, and Asynchronous Architectures
Understanding Akka Streams, Back Pressure, and Asynchronous ArchitecturesUnderstanding Akka Streams, Back Pressure, and Asynchronous Architectures
Understanding Akka Streams, Back Pressure, and Asynchronous Architectures
Lightbend
 

En vedette (20)

حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacksحملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
حملات انکاری سرویس و انکار سرویس توزیع شده. DoS & DDoS attacks
 
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابیمقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
مقابله با حملات انکار سرویس در شبکه های موردی سیار از طریق بهبود مسیریابی
 
Take Care | Complete hotel back office
Take Care | Complete hotel back officeTake Care | Complete hotel back office
Take Care | Complete hotel back office
 
Time management Presentation on 5 min(مدیریت زمان)
Time management Presentation on 5 min(مدیریت زمان)Time management Presentation on 5 min(مدیریت زمان)
Time management Presentation on 5 min(مدیریت زمان)
 
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
CIS13: A Breakthrough in Directory Technology: Meet the Elephant in the Room ...
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs Ldap
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLL
 
IAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutionsIAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutions
 
Manage password policy in OpenLDAP
Manage password policy in OpenLDAPManage password policy in OpenLDAP
Manage password policy in OpenLDAP
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC project
 
Rhel6
Rhel6Rhel6
Rhel6
 
Marshmallow Test
Marshmallow TestMarshmallow Test
Marshmallow Test
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policy
 
Understanding Akka Streams, Back Pressure, and Asynchronous Architectures
Understanding Akka Streams, Back Pressure, and Asynchronous ArchitecturesUnderstanding Akka Streams, Back Pressure, and Asynchronous Architectures
Understanding Akka Streams, Back Pressure, and Asynchronous Architectures
 

Similaire à Open LDAP vs. Active Directory

Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
SANE Ibrahima
 
Active directory
Active directoryActive directory
Active directory
gunakhan
 
DataGraft Platform: RDF Database-as-a-Service
DataGraft Platform: RDF Database-as-a-ServiceDataGraft Platform: RDF Database-as-a-Service
DataGraft Platform: RDF Database-as-a-Service
Marin Dimitrov
 
Oracle 10g introduction
Oracle 10g introductionOracle 10g introduction
Oracle 10g introduction
sagaroceanic11
 
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQLEin Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
EDB
 
Active directory basics
Active directory basicsActive directory basics
Active directory basics
Sanjeev Gupta
 

Similaire à Open LDAP vs. Active Directory (20)

Directory Introduction
Directory IntroductionDirectory Introduction
Directory Introduction
 
Choosing an IdM User Store technology
Choosing an IdM User Store technologyChoosing an IdM User Store technology
Choosing an IdM User Store technology
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
 
Fox pass
Fox passFox pass
Fox pass
 
Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020
Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020
Moving Beyond Cache by Yiftach Shoolman Redis Labs - Redis Day Seattle 2020
 
Ldap2010
Ldap2010Ldap2010
Ldap2010
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
Security and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web StudioSecurity and LDAP integration in InduSoft Web Studio
Security and LDAP integration in InduSoft Web Studio
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
 
Active directory
Active directoryActive directory
Active directory
 
DataGraft Platform: RDF Database-as-a-Service
DataGraft Platform: RDF Database-as-a-ServiceDataGraft Platform: RDF Database-as-a-Service
DataGraft Platform: RDF Database-as-a-Service
 
ivanova-samba_backend.pdf
ivanova-samba_backend.pdfivanova-samba_backend.pdf
ivanova-samba_backend.pdf
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
Authorization in active directory
Authorization in active directoryAuthorization in active directory
Authorization in active directory
 
LDAP(In_Linux).pptx
LDAP(In_Linux).pptxLDAP(In_Linux).pptx
LDAP(In_Linux).pptx
 
Oracle 10g introduction
Oracle 10g introductionOracle 10g introduction
Oracle 10g introduction
 
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQLEin Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
Ein Expertenleitfaden für die Migration von Legacy-Datenbanken zu PostgreSQL
 
LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)LDAP Applied (EuroOSCON 2005)
LDAP Applied (EuroOSCON 2005)
 
OpenLDAP - Installation and Configuration
OpenLDAP - Installation and ConfigurationOpenLDAP - Installation and Configuration
OpenLDAP - Installation and Configuration
 
Active directory basics
Active directory basicsActive directory basics
Active directory basics
 

Plus de Ahmad Haghighi

Plus de Ahmad Haghighi (7)

DRM - مدیریت محدودیت‌های دیجیتال
DRM - مدیریت محدودیت‌های دیجیتالDRM - مدیریت محدودیت‌های دیجیتال
DRM - مدیریت محدودیت‌های دیجیتال
 
Digital Restrictions Management (DRM)
Digital Restrictions Management (DRM)Digital Restrictions Management (DRM)
Digital Restrictions Management (DRM)
 
نحوه مشارکت در ترجمه وب‌سایت‌های فدورا
نحوه مشارکت در ترجمه وب‌سایت‌های فدورانحوه مشارکت در ترجمه وب‌سایت‌های فدورا
نحوه مشارکت در ترجمه وب‌سایت‌های فدورا
 
An Introduction to GNU/Linux
An Introduction to GNU/LinuxAn Introduction to GNU/Linux
An Introduction to GNU/Linux
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Game Design (طراحی بازی)
Game Design (طراحی بازی)Game Design (طراحی بازی)
Game Design (طراحی بازی)
 
IPv6
IPv6IPv6
IPv6
 

Dernier

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Hung Le
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
ZurliaSoop
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 

Dernier (17)

lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 

Open LDAP vs. Active Directory

  • 1. <name> Ahmad Haghighi </name> <e-mail> haghighi.ahmad@gmail.com </e-mail> <date> Apr. 2014 </date> <title>OpenLdap vs. Active Directory</title>
  • 2. WHAT IS A DIRECTORY SERVICE?  A directory service is the software system that stores, organizes and provides access to information in a directory.  In software engineering, a directory is a map between names and values.  A Directory is organized and/or optimized for lookup, searching, browsing and other ‘Read’ activities.  It allows the lookup of values given a name, similar to a dictionary.  In a directory, a name may be associated with multiple, different pieces of information
  • 3. DIRECTORYVS. DATABASE  Typically optimized for a very high ratio of searches to updates  Not suited for information that changes rapidly  Read-write ratio - LDAP is read optimized  Extensibility - LDAP schemas are more easily changed  Distribution - with LDAP data can be near where it is Needed  Different performance - databases are generally deployed for limited amount of applications
  • 4. WHAT IS LDAP?  LDAP=Lightweight Directory Access Protocol  BasedonX.500  Directory Service (RFC1777)  Stores attribute based data  Data generally read more than written  Client-server model  Based on entries  Collection of attributes
  • 5. WHY USE LDAP?  Centrally manage users, groups and other data  Don’t have to manage separate directories for each application  Distribute management of data to appropriate people  Allow users to find data that they need  Authentication  Authorization  Auditing & Monitoring
  • 6. SOME LDAPVENDORS  Fedora DS  OpenDS  OpenLDAP  Microsoft Active Directory  Sun  Novell  HP  CA  Red Hat  IBM  Lotus
  • 7. COMPARISON Based on some common features
  • 8. SUPPORTED INTERNET STANDARD  OpenLdap is a Standard LDAP server and support more than 90 RFC  MS AD in comparison with other vendors support a few RFC’s (about 10)
  • 9. SUPPORTED PLATFORMS  AD -> only Windows Servers  OpenLdap -> all platforms  e.g. Darwin, FreeBSD, Linux, NetBSD, OpenBSD, Apple MacOS X, IBM zOS, and MicrosoftWindows NT/2000/etc.
  • 10. SIMPLE BIND BENCHMARK DATA  MS: AD 3214/second “simple bind” operations on the 100,000 entry 32-bit configuration and 3079/second on the 100,000 entry 64-bit configuration  HP: OpenLDAP delivered 12,800 to 13,600 authentications per second (depending on model) for a 250,000 entry database  For the 3,000,000 user (entry) database: AD: 32-bit and the 64-bit simple bind performance dips below 3,000/second to 2,997/second OpenLdap: 13,043 and 13,639 authentications per second  For 5,000,000 users: OLdap: 13,700 authentications per second OpenLDAP performance is probably in the range of four to eight times faster.
  • 11. PERFORMANCE  The memory required for AD to store the entries appears to be around three times that required for OpenLDAP *this is extrapolating without direct measurements to compare  AD requires several times more memory and processor power than OpenLDAP
  • 12. EASE OF USE  AD is much easier to use and have pre designed schema and policies (less flexibility)  In OpenLDAP admin must define every thing manually and from base
  • 13. QUERY LIMIT  AD has a default query limit of 10,000/1,000  Admin can change this value in configuration  For retrieving large amount of information we need paging
  • 14. PROMINENT LIMITATIONS OF ADAM Neither the LDAP standard nor the OpenLDAP product imposes any of the limitations described next
  • 15. SCHEMA LIMITATIONS  # Page 19  Attribute Character Length  AttributeValue Limits  Relative Distinguished Names  OU Limitations  Distinguished Name Syntax Attributes  Objectclass and Attribute Definitions
  • 16. DATA ACCESS LIMITATIONS  # Page 21  Anonymous Binding  Access Control
  • 17. PERFORMANCE LIMITATIONS  # Page 21  Indexing  Caching
  • 18. FINAL NOTE This is a clear and unambiguous statement that AD fails to provide the flexibility, extensibility, and other attributes needed to be a true directory services technology. AD may be excellent as a NOS directory, but this is an admission that it is NOT an LDAP directory. It is a NOS directory that supports LDAP access to its data There is no particular demand on most LDAP servers to run in any mode or under a specific user ID or restrictions. AD is inflexible in this and that means that experimental or educational instances are difficult to use
  • 19. Q&A
  • 20. REFERENCES  http://en.wikipedia.org/wiki/Directory_services  http://en.wikipedia.org/wiki/Ldap  http://en.wikipedia.org/wiki/Active_Directory  http://en.wikipedia.org/wiki/Openldap  “Assessment of Microsoft’s Active Directory Application Mode (ADAM) as a Potential Enterprise DirectoryTechnology versus OpenLDAP and Other LDAP Offerings”, Symas Corporation, Version: 1.0, Published: October 2007 http://symas.com/documents/Adam-Eval1-0.pdf
  • 21. REFERENCES  http://www.microsoft.com/downloads/details.aspx?FamilyID=52e7c3bd-570a-475c-96e0- 316dc821e3e7&DisplayLang=en  http://www.symas.com/benchmark.shtml  http://www.connexitor.com/blog/archives/archive_2007-m04.php#e130  http://www.connexitor.com/blog/archives/archive_2007-m04.php#e131  http://h71019.www7.hp.com/ActiveAnswers/cache/393495-0-0-0-121.html  How ADAM works: http://technet2.microsoft.com/WindowsServer/en/library/7cfc8997-bab2-4770-aff2- be424fd03cda1033.mspx?mfr=true  FAQ: http://www.microsoft.com/windowsserver2003/adam/ADAMfaq.mspx  AD Schema reference: http://technet2.microsoft.com/windowsserver/en/library/97cae647-d996-48ff-b478- c96193abeadb1033.mspx?mfr=true  SANS Institute Internet Storm Center for Port 135: http://isc.sans.org/port.html?port=135