2. Stay connected to Allidm
Find us on Facebook:
http: //www. facebook.com/allidm
Follow us on Twitter:
http: //twitter.com/aidy_idm
Look for us on LinkedIn:
http: //www. linkedin.com/allidm
Visit our blog:
http://www.allidm.com/blog
3. Disclaimer and Acknowledgments
The contents here are created as a own personal endeavor and
thus does not reflect any official stance of any Identity and
Access Management Vendor on any particular technology
4. Contact Us
On this presentation we’ll talk about some useful topics that
you can use no matter which identity and access management
solution or product you are working on.
If you know one that make a big difference please tell us to
include it in the future
aidy.allidm@gmail.com
5. Introduction
A directory is a collection of information about
objects arranged in some order that gives details
about each object. Popular examples are a city
,telephone ,directory and a library card catalog.
6. What’s a Directory Solution?
A directory is a specialized database, also called a data
repository, that stores typed and ordered information about
objects.
A directory is a listing of information about objects arranged in
some order that gives details about each object.
Directories allow users or applications to find resources that
have the characteristics needed for a particular task.
For example, a directory of users can be used to look up a
person’s e-mail address or phone number.
7. Directory Features
A directory service is highly optimized for reads
A directory service implements a distributed model for storing
information
A directory service can extend the types of information it stores
A directory service has advanced search capabilities
A directory service has loosely consistent replication among
directory servers
8. Directory clients and servers
Directories are usually accessed using the
client/server model of communication.
An application that wants to read or write
information in a directory does not access the
directory directly.
Instead, it calls a function or application programming
interface (API) that causes a message to be sent to
another process.
9. Differences Between Directories and
Databases
A directory is often described as a database, but it is a
specialized database that has characteristics that set
it apart from general-purpose relational databases.
10. What is LDAP?
LDAP is an open industry standard that defines a standard method for
accessing and updating information in a directory.
The Lightweight Directory Access Protocol, a standard, extensible
Internet protocol used to access directory services
The Lightweight Directory Access Protocol (LDAP) defines a message
protocol used by directory clients and directory servers.T
The LDAP Data Interchange Format (LDIF), a standard text format for
exchanging directory data
LDAP protocol uses different messages.
A searchRequest is used to search for a specific entry in the directory.
11. Interaction between an LDAP client
and an LDAP server
general interaction between an LDAP client and an
LDAP server takes the following form:
Establish a session
Perform Operations
Finish Session
12. Interaction between an LDAP
client and an LDAP server
Establish a session
The client establishes a session with an LDAP server
known as binding to the server.
The client specifies the host name or IP address and TCP/IP
port number where the LDAP server is listening.
The client can provide a user name and a password to
properly authenticate with the server.
Or the client can establish an anonymous session with default
access rights.
The client and server can also establish a session that uses
stronger security methods such as encryption of data.
13. Interaction between an LDAP
client and an LDAP server
Perform Operations
The client performs operations on directory data.
LDAP offers both read and update capabilities.
This allows directory information to be managed as well as
queried.
LDAP also supports searching the directory for data
meeting arbitrary user-specified criteria.
Searching is a very common operation in LDAP.
A user can specify what part of the directory to search and
what information to return.
A search filter that uses Boolean conditions specifies what
directory data matches the search.
14. Ldap Components
A directory entry usually describes an object such as a
person, a printer, a server, and so on.
Each entry has a name called a distinguished name
(DN) that uniquely identifies it.
The DN consists of a sequence of parts called relative
distinguished names (RDNs)
The entries can be arranged into a hierarchical treelike structure based on their distinguished names.
This tree of directory entries is called the Directory
15.
16. What’s LDIF?
Is a standard text file format for storing LDAP
configuration information and directory contents.
LDIF file is:
A collection of entries separated from each other by
blank lines
A mapping of attribute names to values
A collection of directives that instruct the parser how to
process the information
17. Why LDIF ?
System administrators prefer to use plain-text files for
server configuration information, as opposed to some
binary store of bits.
More comfortable to deal with data in vi, Emacs, or
notepad than to dig though raw bits and bytes
18. Types
An directory server could be installed in the next
ways:
Directory Server
Proxy Server
Replication Gateway
21. What look for an LDAP Solution
Ease of Deploy
Portability
Open Standards
built using open standards and specifications as far as
possible.
DSML
Ease of Administration
web-based, graphical administration console
command line interfaces
Security
23. Keys to Successfully Implementing
LDAP
Distinguish clearly between requirements.
Involve everyone, from the chief executive to the users, in
the project.
Make sure users are actively involved in the project.
Use LDAP as an entry point for facilitating identity and
access management (IAM) projects. .
.