1 / 13

Implementing LDAP Client/Server System for Directory Service

Implementing LDAP Client/Server System for Directory Service. By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California State University, Sacramento. Agenda. What is directory service? What is LDAP? Why use LDAP? The directory service system design.

kiri
Download Presentation

Implementing LDAP Client/Server System for Directory Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California State University, Sacramento

  2. Agenda • What is directory service? • What is LDAP? • Why use LDAP? • The directory service system design. • Future work.

  3. What is directory service? • Directory is simply a collection of information, e.g. phonebook. • Directory services provide access to the information in a directory. • Directory servers are applications that act as directory services, providing information from a directory to other applications or end users.

  4. What is LDAP • Lightweight Directory Access Protocol (RFC 1777, RFC 2251). • A protocol for accessing global or local directories over a network. • Was developed as the gateway to X.500 • LDAP server Stores attribute based data. • LDAP server is not the place to store very dynamic information. • Currently, LDAP is more commonly used within a single large organization, e.g. a college or a company, for directory services.

  5. What is LDAP (cont.) • Entries • Basic elements stored in an LDAP server. • Entries are made up of attributes. • Entries are organized in a hierarchical structure • Each entry must have a unique “DN” attribute dn: ou=deptA,dc=example,dc=com objectClass: organizationalUnit ou: deptA telephoneNumber: 23432545 email: depta@example.com

  6. What is LDAP (cont.) • Attributes • The type and value pairs that describe a particular entry. • Object classes • Define which attributes are required and allowed to be in a particular LDAP entry. • Schema • Define attribute type and object class in a particular directory

  7. Why use LDAP ? • Simplicity -- TCP/IP based • LDAP directory is extensible • Distributed architecture • Using data replication. • Using referrals. • Widely accepted APIs • C, Java, Perl, PHP …

  8. The directory system design • The proposed system would be a directory server that contains a web server and a LDAP server. • The system will accept users’ requests through web browsers, and access the LDAP server to get the required data. • The system front-end will be written in PHP, and the back-end will use OpenLDAP server. • All users are allowed to search the common information about the departments, groups and employees in the directory server.

  9. The system design (cont.) • Login users with different privileges after passing authentication and authorization, are allowed to access different data and perform different operations on the LDAP directory, such as adding, deleting and modifying. • Employee • Employee administrator • Group administrator • Department administrator

  10. The directory system architecture Users Web Browsers HTTP Apache Web Server Directory Service LDAP PHP API LDAP Directory Server LDAP Server (OpenLDAP) Database (BerkeleyDB)

  11. The organization of the entries in the directory dc=example,dc=com ou=dept_1, dc=example, dc=com cn=DeptAdministrator, dc=example,dc=com ou=dept_n, dc=example, dc=com …. ou=group_1, ou=dept_1, dc=example, dc=com ou=group_m, ou=dept_1, dc=example, dc=com cn=GroupAdministrator, ou=dept_1,dc=example, dc=com …. cn=EmpAdministrator, ou=group_1,ou=dept_1, dc=example,dc=com uid=e1, ou=group_1, ou=dept_1, dc=example, dc=com uid=ek, ou=group_1, ou=dept_1, dc=example, dc=com ….

  12. Future work • Improve the system security, e.g. use Apache-SSL • Create log file to record the changes in the directory • Replicated the LDAP server by using OpenLDAP’s slurpd • Using the referral in LDAP server

  13. Questions ?

More Related