Title: Implementing LDAP Client/Server System for Directory Service
1Implementing LDAP Client/Server System for
Directory Service
- By Maochun Sun
- Project Advisor Dr. Chung-E Wang
- Department of Computer Science
- California State University, Sacramento
2Agenda
- What is directory service?
- What is LDAP?
- Why use LDAP?
- The directory service system design.
- Future work.
3What is directory service?
- Directory is simply a collection of information,
e.g. phonebook. - Directory services provide access to the
information in a directory. - Directory servers are applications that act as
directory services, providing information from a
directory to other applications or end users.
4What is LDAP
- Lightweight Directory Access Protocol (RFC
1777, RFC 2251). - A protocol for accessing global or local
directories over a network. - Was developed as the gateway to X.500
- LDAP server Stores attribute based data.
- LDAP server is not the place to store very
dynamic information. - Currently, LDAP is more commonly used within a
single large organization, e.g. a college or a
company, for directory services.
5What is LDAP (cont.)
- Entries
- Basic elements stored in an LDAP server.
- Entries are made up of attributes.
- Entries are organized in a hierarchical structure
- Each entry must have a unique DN attribute
- dn oudeptA,dcexample,dccom
- objectClass organizationalUnit
- ou deptA
- telephoneNumber 23432545
- email depta_at_example.com
6What is LDAP (cont.)
- Attributes
- The type and value pairs that describe a
particular entry. - Object classes
- Define which attributes are required and allowed
to be in a particular LDAP entry. - Schema
- Define attribute type and object class in a
particular directory
7Why use LDAP ?
- Simplicity -- TCP/IP based
- LDAP directory is extensible
- Distributed architecture
- Using data replication.
- Using referrals.
- Widely accepted APIs
- C, Java, Perl, PHP
8The directory system design
- The proposed system would be a directory server
that contains a web server and a LDAP server. - The system will accept users requests through
web browsers, and access the LDAP server to get
the required data. - The system front-end will be written in PHP, and
the back-end will use OpenLDAP server. - All users are allowed to search the common
information about the departments, groups and
employees in the directory server.
9The system design (cont.)
- Login users with different privileges after
passing authentication and authorization, are
allowed to access different data and perform
different operations on the LDAP directory, such
as adding, deleting and modifying. - Employee
- Employee administrator
- Group administrator
- Department administrator
10The directory system architecture
Users
Web Browsers
HTTP
Apache Web Server
Directory Service
LDAP PHP API
LDAP
Directory Server
LDAP Server (OpenLDAP)
Database (BerkeleyDB)
11The organization of the entries in the directory
dcexample,dccom
oudept_1, dcexample, dccom
cnDeptAdministrator, dcexample,dccom
oudept_n, dcexample, dccom
.
ougroup_1, oudept_1, dcexample, dccom
ougroup_m, oudept_1, dcexample, dccom
cnGroupAdministrator, oudept_1,dcexample, dcco
m
.
uide1, ougroup_1, oudept_1, dcexample, dccom
uidek, ougroup_1, oudept_1, dcexample, dccom
cnEmpAdministrator, ougroup_1,oudept_1, dcexam
ple,dccom
.
12Future work
- Improve the system security, e.g. use Apache-SSL
- Create log file to record the changes in the
directory - Replicated the LDAP server by using OpenLDAPs
slurpd - Using the referral in LDAP server
13Questions