Lightweight Directory Access Protocol
description
Transcript of Lightweight Directory Access Protocol
![Page 2: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/2.jpg)
2
LDAP Paulo Repa
What is a directory?
![Page 3: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/3.jpg)
3
LDAP Paulo Repa
Directory Information Tree
o=acme
ou=Sales ou=Marketing ou=Product Development
cn=Fred cn=Fred cn=Joe
cn=Lotty
cn=Fred,ou=Sales,o=acmeDN for Fred in Sales:
cn=eng_lw3
cn=lpr1
![Page 4: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/4.jpg)
4
LDAP Paulo Repa
Directory Solutions
Netscape Directory Server (iPlanet)
SCO UnixWare 7
IBM SecureWay (formerly eNetwork)
Novell NDS
OpenLdap (Linux) Recommended
![Page 5: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/5.jpg)
5
LDAP Paulo Repa
Directory server setup
Schema
ACLs
Data backup and restore
LDIF
UnixWare 7 Directory
![Page 6: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/6.jpg)
6
LDAP Paulo Repa
Directory Setup
scoadmin ldap
![Page 7: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/7.jpg)
7
LDAP Paulo Repa
Backend Setup
![Page 8: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/8.jpg)
8
LDAP Paulo Repa
Directory server setup
Schema
ACLs
Data backup and restore
LDIF
UnixWare 7 Directory
![Page 9: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/9.jpg)
9
LDAP Paulo Repa
Attribute Schema
Defined in slapd.at.conf
Specifies attribute syntax
attribute jpegphoto bin
attribute telephonenumber tel
attribute userpassword ces
![Page 10: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/10.jpg)
10
LDAP Paulo Repa
Objectclass Schema
objectclass simplePersonrequires
cn,sn,objectClass
allowsjpegPhoto,mail,telephoneNumber,userPassword,creatorsName,createtimestamp,modifiersname,modifytimestamp
Defines object contents
Defined in slapd.oc.conf
![Page 11: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/11.jpg)
11
LDAP Paulo Repa
Directory server setup
Schema
ACLs
Data backup and restore
LDIF
UnixWare 7 Directory
![Page 12: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/12.jpg)
12
LDAP Paulo Repa
ACLs
access to attr=userPassword by self write
by * none
ldapstop -i acme
ldapstart -i acme
Controls access for read, write, search, compare and delete operations
Entry or attribute level
Defined in slapd.acl.conf
![Page 13: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/13.jpg)
13
LDAP Paulo Repa
Directory server setup
Schema
ACLs
Data backup and restore
LDIF
UnixWare 7 Directory
![Page 14: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/14.jpg)
14
LDAP Paulo Repa
Data Backup and Restore
ldbmcat -n id2entry.dbb
ldif2ldbm -i data.ldif
Don’t forget directory configuration
![Page 15: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/15.jpg)
15
LDAP Paulo Repa
Directory server setup
Schema
ACLs
Data backup and restore
LDIF
UnixWare 7 Directory
![Page 16: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/16.jpg)
16
LDAP Paulo Repa
LDIF
LDAP Data Interchange Format
Portable
Human readable (almost...)
dn: o=acme
objectclass: organization
o: acme
![Page 17: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/17.jpg)
17
LDAP Paulo Repa
LDIF Update Statements
add
delete
modify (attribute add, delete, replace)
moddn
dn: cn=Joe, ou=Product Development, o=acme
changetype: modify
replace: telephoneNumber
telephoneNumber: 958-1234
![Page 18: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/18.jpg)
18
LDAP Paulo Repa
LDAP Commands
ldapsearch
ldapmodify
ldapadd
ldapdelete
ldapmodrdn
![Page 19: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/19.jpg)
19
LDAP Paulo Repa
ldapsearch
ldapsearch -h ldapsvr.acme.com -D “cn=admin” -w “secret” -b “o=acme” -s one “objectclass=*”
![Page 20: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/20.jpg)
20
LDAP Paulo Repa
ldapmodify
ldapmodify -h ldapsvr.acme.com -D “cn=admin” -w “secret” -f modifications.ldif
dn: cn=Joe, ou=Product Development, o=acme
replace: telephoneNumber
telephoneNumber: 958-1234
![Page 21: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/21.jpg)
21
LDAP Paulo Repa
ldapadd
ldapmodify -a -h ldapsvr.acme.com -D “cn=admin” -w “secret” -f additions.ldif
ldapadd -h ldapsvr.acme.com -D “cn=admin” -w “secret” -f additions.ldif
![Page 22: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/22.jpg)
22
LDAP Paulo Repa
ldapdelete
ldapdelete -h ldapsvr.acme.com -D “cn=admin” -w “secret” cn=Fred,ou=Sales,o=acme
![Page 23: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/23.jpg)
23
LDAP Paulo Repa
ldapmodrdn
ldapmodrdn -h ldapsvr.acme.com -D “cn=admin” -w “secret” -r cn=lpr,ou=Sales,o=acme cn=sales_lw1
![Page 24: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/24.jpg)
24
LDAP Paulo Repa
Using the UnixWare 7 LDAP API
Library / Binding to the server
Search
Compare
Add
Modify
Asynchronous LDAP calls
![Page 25: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/25.jpg)
25
LDAP Paulo Repa
LDAP C API
UnixWare 7 ldap package
LDAP C API - RFC1823
LDAP v2 - RFC1777
#include <ldap.h>
#include <lber.h>
cc -o app -lldap -llber -lresolv src.c
![Page 26: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/26.jpg)
26
LDAP Paulo Repa
Binding to the serverLDAP *ld;
ld = ldap_open(“ldapsvr.acme.com”,LDAP_PORT);
if (ldap_simple_bind_s(ld,“cn=admin”,“secret”) != LDAP_SUCCESS) {
ldap_perror(ld,“bind example”);
return;
}
if (ldap_unbind_s(ld) != LDAP_SUCCESS) {
ldap_perror(ld,“bind example”);
return;
}
…LDAP directory operations (search, modify, ...)
...
![Page 27: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/27.jpg)
27
LDAP Paulo Repa
Using the UnixWare 7 LDAP API
Library / Binding to the server
Search
Compare
Add
Modify
Asynchronous LDAP calls
![Page 28: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/28.jpg)
28
LDAP Paulo Repa
Search - API call
LDAPMessage *res, *entry;
BerElement *ber;
char *attr, *dn, **vals, **vp;
if (ldap_search_s(ld, “o=acme”, LDAP_SCOPE_SUBTREE, “telephoneNumber=958*”, 0, &res) != LDAP_SUCCESS) {
ldap_perror(ld, “search example”);
exit(EXIT_FAILURE);
}
![Page 29: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/29.jpg)
29
LDAP Paulo Repa
Search - Process Data
for (entry = ldap_first_entry(ld, res); entry != NULL;entry = ldap_next_entry(ld, entry)) {
if (dn = ldap_get_dn(ld, entry)) {printf(“dn: %s\n”, dn);free(dn);
} for (attr=ldap_first_attribute(ld, entry, &ber);
attr != NULL; attr=ldap_next_attribute(ld, entry, ber)) {vals = ldap_get_values(ld, entry, attr);for (vp = vals; vp && *vp; vp++) printf(“%s: %s\n”, attr, *vp);ldap_value_free(vals);
} if (ber)
ber_free(ber, 0);}ldap_msgfree(res);
![Page 30: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/30.jpg)
30
LDAP Paulo Repa
Using the UnixWare 7 LDAP API
Library / Binding to the server
Search
Compare
Add
Modify
Asynchronous LDAP calls
![Page 31: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/31.jpg)
31
LDAP Paulo Repa
Compare - API call
Matches for an attribute type of “tel” syntax
if ((res = ldap_compare_s(ld, “cn=Fred, ou=Sales, o=acme”, “telephoneNumber”, “9589876”)) == -1) {
ldap_perror(ld, “compare example”);
exit(EXIT_FAILURE);
}
if (res = LDAP_COMPARE_TRUE)
// Attribute type and value found
else
// Not found
dn: cn=Fred, ou=Sales, o=acme
objectclass: simplePerson
cn: Fred
sn: Jones
telephoneNumber: 958-9876
![Page 32: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/32.jpg)
32
LDAP Paulo Repa
Using the UnixWare 7 LDAP API
Library / Binding to the server
Search
Compare
Add
Modify
Asynchronous LDAP calls
![Page 33: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/33.jpg)
33
LDAP Paulo Repa
LDAPMod structure
One structure per attribute type
Add, delete and replace operations
Text or binary data
Multiple values
mod_op
mod_type
mod_values
LDAP_MOD_ADD
“mailAliasMembers”
“Joe”
“Lotty”
![Page 34: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/34.jpg)
34
LDAP Paulo Repa
char *cnvals[]={"John", NULL}, *snvals[]={"Smith", NULL};char *objvals[]={”simplePerson", NULL};LDAPMod mod[3], *mods[4];
mod[0].mod_op = LDAP_MOD_ADD;mod[0].mod_type = "cn";mod[0].mod_values = cnvals;mod[1].mod_op = LDAP_MOD_ADD;mod[1].mod_type = "sn";mod[1].mod_values = snvals;mod[2].mod_op = LDAP_MOD_ADD;mod[2].mod_type = "objectClass";mod[2].mod_values = objvals;
for (i=0; i < sizeof(mod) / sizeof(LDAPMod); i++)mods[i] = &mod[i];
mods[i] = NULL;
Add Entry - Data
![Page 35: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/35.jpg)
35
LDAP Paulo Repa
if (ldap_add_s(ld, “cn=John,ou=Marketing,o=acme”,&mods[0]) != LDAP_SUCCESS) {
ldap_perror(ld, “add example”);exit(EXIT_FAILURE);
}
Add Entry - API call
dn: cn=John, ou=Marketing, o=acme
objectclass: simplePerson
cn: John
sn: Smith
![Page 36: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/36.jpg)
36
LDAP Paulo Repa
Using the UnixWare 7 LDAP API
Library / Binding to the server
Search
Compare
Add
Modify
Asynchronous LDAP calls
![Page 37: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/37.jpg)
37
LDAP Paulo Repa
char *snvals[] = { “Smithe”, NULL};char *telvals[] = { “958-2357”, NULL};LDAPMod mod[2], *mods[3];
mod[0].mod_op = LDAP_MOD_REPLACE;mod[0].mod_type = "sn";mod[0].mod_values = snvals;
mod[1].mod_op = LDAP_MOD_ADD;mod[1].mod_type = ”telephoneNumber";mod[1].mod_values = telvals;
for (i=0; i < sizeof(mod) / sizeof(LDAPMod); i++)mods[i] = &mod[i];
mods[i] = NULL;
Modify Entry - Data
![Page 38: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/38.jpg)
38
LDAP Paulo Repa
if (ldap_modify_s(ld,“cn=John,ou=Marketing,o=acme”,&mods[0]) != LDAP_SUCCESS) {
ldap_perror(ld, “modify example”);exit(EXIT_FAILURE);
}
Modify Entry - API call
dn: cn=John, ou=Marketing, o=acme
objectclass: simplePerson
cn: John
sn: Smithe
telephoneNumber: 958-2357
![Page 39: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/39.jpg)
39
LDAP Paulo Repa
Using the UnixWare 7 LDAP API
Library / Binding to the server
Search
Compare
Add
Modify
Asynchronous LDAP calls
![Page 40: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/40.jpg)
40
LDAP Paulo Repa
Asynchronous LDAP calls Client need not block Operations may be multiplexed on a connection Function names omit “_s”
int msgid, rc;
if ((msgid = ldap_search(ld, “o=acme”, LDAP_SCOPE_SUBTREE, “objectclass=*”, NULL, 0)) == -1)
error_handler();
while ((rc = ldap_result(ld, msgid, 0, NULL, &result)) ==
LDAP_RES_SEARCH_ENTRY) {
process_results(result);
ldap_msgfree(result);
}
![Page 41: Lightweight Directory Access Protocol](https://reader031.fdocuments.in/reader031/viewer/2022013004/5681449c550346895db14c19/html5/thumbnails/41.jpg)
41
LDAP Paulo Repa
Bibliography
LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol
– Howes, Smith RFC1777 - Lightweight Directory Access Protocol RFC1823 - The LDAP Application Program Interface