170 likes | 266 Views
Introduction To OpenLDAP Directory Services. What is a Directory Service?. A specialized database optimized for reading, browsing, and searching. No complicated Transactions or roll-back schemes. (“all or nothing” changes) Sophisticated filtering capabilities
E N D
What is a Directory Service? • A specialized database optimized for reading, browsing, and searching. • No complicated Transactions or roll-back schemes. (“all or nothing” changes) • Sophisticated filtering capabilities • Tuned for quick response to high volume lookup
How a is Directory Service provided? • Some are local. Service is provided in a restricted context. (the finger service on a machine) • Others are global. (the internet) – Usually distributed service. The Internet Domain Name System is a distributed directory service.
What is LDAP? • Lightweight Directory Access Protocol • Runs over TCP/IP • Details of LDAP can be found at RFC2251
What kind of info can be stored? • It is based on entries like a Db • An entry is defined as – A collection of attributes that has a globally-unique Distinguished Name (DN). • All entries are arranged in a tree-like structure.
C = US C = GB St = California THE ORGANIZATION O = Acme ORGANIZATIONAL UNIT Ou = Marketing Ou = Sales Cn = Barbara Jensen PERSON TRADITIONAL NAMING
Dc = net Dc = com Dc = DE THE ORGANIZATION Dc = example ORGANIZATIONAL UNIT Ou = Servers Ou = People Uid = babs PERSON INTERNET NAMING TREE
Diagram Diagram O=Edu (Organization) Ou=Villanova (Organization Unit) Ou =People Cn =Jill Smith Ssn=1234753548 Persons Cn =Bob Smith Ssn=1234758807 Cn =Jim Smith Ssn=1236198807
What about Unauthorized Access? • Some have no protection • Some protection packages can be written by the developers. • There are authentication mechanisms provided.
How does LDAP work? • It is based on a client server model. • One or more servers contain the info. That makes up the directory tree. • A client connects to the server and asks a question. • Sever answers and a pointer to where the client can get additional info. • The same view of the directory is available no matter where the client connects from. This is important feature in a global service.
How is Information Referenced? • An Entry is referenced by its DN. • A DN is made by concatenating the name of the entry itself and the names of its ancestor entries.
What About X.500? • Technically, LDAP is a protocol to an X.500 directory service. • LDAP makes it easier to access X.500 but still needs a full X.500 service to make data available to all the LDAP clients being developed.
So what does OpenLDAP provide? • OpenLDAP is just an open source version of LDAP. • It contains slurpd and slapd. • Slapd: stand-alone LDAP daemon • Slurpd: stand-alone LDAP update replication daemon.
SLAPD • Slapd is a directory server that runs on many platforms. Can be used to create a personal directory service. • Removes the burden from the server-side of LDAP.
SLURPD • A daemon that helps slapd provide replicated service. Which cuts down on response time. • Responsible for distributing changes to the master slapd to the various replicas. • Slurpd and Slapd communicate via a simple log file.
Works Cited • http://www.openldap.org/doc/admin/intro.html • http://www.whatis.com