LDAP System Administration
LDAP System Administration#
1. LDAP Basics#
DNS - most successful dirctory services ever implemented on the internet
Five characteristics of directory services:
- Highly optimised for reads
- distributed model for storing information
- Can extend types of info it stores
- Advanced search capanbilities
- Loosely consistent replication
Lightweight Directory Access Protocol#
The potencial of LDAP to consolidate existing services into a single directory. Reducing data redundancy. Administrative saving on creating and deleting users.
- Lightweight - compared to X.5000 directory services. LDAP uses low overhead TCP over 389. X.500 had alot more baggage.
- Directory - different from a database as it is designed to be read more than written. Transaction and write locks are not necessary. LDAP is just a protocol it says nothing about where the data is stored. Made for general directories not specialised ones - filesystems and DNS.
- Access Protocol - LDAP is asynchronous.
LDAP Models#
Present the services provided by a server.
Information Model#
An entry is the basic unit of a directory.
An entry contains informaiton about one or more objectClasses
Naming Model#
How entries and data are uniquely referenced. Each entry has an attribute unique among all sibling called the RDN - Relative Distinguished Name.
The string created by combining RDN’s for a unique name is called the Distinguished Name (DN)
Eg. RDN (includes attribute name and value)
cn=geraldcarter
The DN (distinguished name) for the node would be
cn=geraldcarter,ou=people,dc=plainjoe,dc=org
Functional Model#
Protocol itself. Authentication operations (bindings), query operations (searches and reads) and update operations (writes)
Security Model#
Mechanism for clients to prive their identity (authnetication) and control authenticated clients access to data (authorization)