LDAP (Lightweight Directory Access Protocol) is an Internet standard protocol used to access and manage directory information in a centralized directory. It allows for a simplified and lightweight protocol to centrally manage users, groups, devices and other data. LDAP uses a client-server model where a client sends search, update, authentication and control requests to an LDAP server which processes the requests and returns any results. The LDAP protocol supports standard operations like search, compare, add, delete, modify, bind and unbind. It defines models for organizing and referring to directory information as well as accessing, updating and securing the information in the centralized directory.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
LDAP (Lightweight Directory Access Protocol) is an Internet standard protocol used to access and manage directory information in a centralized directory. It allows for a simplified and lightweight protocol to centrally manage users, groups, devices and other data. LDAP uses a client-server model where a client sends search, update, authentication and control requests to an LDAP server which processes the requests and returns any results. The LDAP protocol supports standard operations like search, compare, add, delete, modify, bind and unbind. It defines models for organizing and referring to directory information as well as accessing, updating and securing the information in the centralized directory.
LDAP (Lightweight Directory Access Protocol) is an Internet standard protocol used to access and manage directory information in a centralized directory. It allows for a simplified and lightweight protocol to centrally manage users, groups, devices and other data. LDAP uses a client-server model where a client sends search, update, authentication and control requests to an LDAP server which processes the requests and returns any results. The LDAP protocol supports standard operations like search, compare, add, delete, modify, bind and unbind. It defines models for organizing and referring to directory information as well as accessing, updating and securing the information in the centralized directory.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
LDAP (Lightweight Directory Access Protocol) is an Internet standard protocol used to access and manage directory information in a centralized directory. It allows for a simplified and lightweight protocol to centrally manage users, groups, devices and other data. LDAP uses a client-server model where a client sends search, update, authentication and control requests to an LDAP server which processes the requests and returns any results. The LDAP protocol supports standard operations like search, compare, add, delete, modify, bind and unbind. It defines models for organizing and referring to directory information as well as accessing, updating and securing the information in the centralized directory.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PPT, PDF, TXT or read online from Scribd
Download as ppt, pdf, or txt
You are on page 1/ 14
LDAP
Architecture Competency Group
Overview What Is LDAP? What Can LDAP Do for You?
How Does LDAP Work?
The LDAP Models
Architecture Competency Group
What Is LDAP? LDAP (Lightweight Directory Access Protocol) is an Internet standard protocol used by applications to access information in a directory LDAP is a standard, extensible directory access protocola common language that LDAP clients and servers use to communicate with each other.
LDAP is a "lightweight" protocol, which means that it is efficient,
straight- forward, and easy to implement, while still being highly functional. LDAP uses a simplified encoding methods and runs directly on top of TCP/IP. Architecture Competency Group
What Is LDAP? There have been two major revisions of the LDAP protocol. The first widely available version was LDAP version 2. As of now LDAP version 3 is a Proposed Internet Standard, because it is so new, not all vendors completely support LDAPv3 yet.
Architecture Competency Group
What Can LDAP Do for You?
If you are a system administrator, then LDAP Makes it possible for you to centrally manage users, groups, devices, and other data. Helps you do away with managing of separate application-specific directories.
If you are a IT decision maker, then LDAP
Allows you to avoid tying yourself exclusively to a single vendor and/or operating system platform. Helps you decrease the total cost of ownership by reducing the number of distinct directories your staff needs to manage.
If you are a software developer, then LDAP
Allows you to avoid tying your software exclusively to a single vendor and/or operating system platform. Helps you save development time by avoiding the need to construct your own user and group management database.
Architecture Competency Group
How Does LDAP Work?
A client/server protocol is a protocol model in which a client program running on one computer constructs a request and sends it over the network to a computer running a server program. The server program receives the request, takes some action, and returns a result to the client program. The LDAP protocol is a message-oriented protocol. The client constructs an LDAP message containing a request and sends it to the server. The server processes the request and sends the result or results back to the client as a series of LDAP messages. For example, when an LDAP client searches the directory for a specific entry, it constructs an LDAP search request message and sends it to the server. The server retrieves the entry from its database and sends it to the client in an LDAP message. It also returns a result code to the client in a separate LDAP message. This interaction is shown Architecture Competency Group
How Does LDAP Work?
A client retrieves a single entry from the directory.
Architecture Competency Group
How Does LDAP Work?
If the client searches the directory and multiple matching entries are found, the entries are sent to the client in a series of LDAP messages, one for each entry. The results are terminated with a result message, which contains an overall result for the search operation, as shown in
A client searches the directory, and multiple entries are returned.
Architecture Competency Group
How Does LDAP Work?
The LDAP protocol is message-based, it also allows the client to issue multiple requests at once. Suppose, for example, a client might issue two search requests simultaneously. In LDAP, the client would generate a unique message ID for each request; returned results for specific request would be tagged with its message ID, allowing the client to sort out multiple responses to different requests arriving out of order or at the same time. In below diagram, the client has issued two search requests simultaneously. The server processes both operations and returns the results to the client.
A client issues multiple LDAP search requests simultaneously.
Architecture Competency Group
How Does LDAP Work?
Notice that in the diagram the server sends the final result code of message ID 2 to the client before it sends the final result code from message ID 1. This is perfectly acceptable and happens quite frequently. These details are typically hidden from the programmer by an LDAP SDK. Programmers writing an LDAP application don't need to be concerned with sorting out these results; the SDKs take care of this automatically.
Architecture Competency Group
The LDAP Protocol Operations
LDAP has nine basic protocol operations, which can be divided into three categories:
Interrogation operations: search , compare. These two operations allow you to ask questions of the directory. Update operations: add, delete, modify. These operations allow you to update information in the directory.
Authentication and control operations: bind, unbind, abandon. The bind operation allows a client to identify itself to the directory by providing an identity and authentication credentials; the unbind operation allows the client to terminate a session; and the abandon operation allows a client to indicate that it is no longer interested in the results of an operation it had previously submitted.
Architecture Competency Group
The LDAP Protocol Operations
A typical complete LDAP client/server exchange might proceed as depicted in
A typical LDAP exchange.
Architecture Competency Group
The LDAP Protocol Operations
An LDAP client and server perform the following steps:
Step 1: The client opens a TCP connection to an LDAP server and submits a bind operation. This bind operation includes the name of the directory entry the client wants to authenticate as, along with the credentials to be used when authenticating. Credentials are often simple passwords, but they might also be digital certificates used to authenticate the client. Step 2: After the directory has verified the bind credentials, it returns a success result to the client. Step 3: The client issues a search request. Steps 4 and 5: The server processes this request, which results in two matching entries. Step 6: The server sends a result message. Step 7: The client then issues an unbind request, which indicates to the server that the client wants to disconnect. Step 8: The server obliges by closing the connection.
Architecture Competency Group
The LDAP Models
The LDAP standards also define four models that guide you in your use of the directory. These models promote interoperability between directory installations while still allowing you the flexibility to tailor the directory to your specific needs. The models borrow concepts from X.500.The four LDAP models are as follows: The LDAP information model, which defines the kind of data you can put into the directory. The LDAP naming model, which defines how you organize and refer to your directory data. The LDAP functional model, which defines how you access and update the information in your directory. The LDAP security model, which defines how information in the directory can be protected from unauthorized access. Architecture Competency Group
