Implementing LDAP Client/Server System for Directory Service - PowerPoint PPT Presentation

About This Presentation
Title:

Implementing LDAP Client/Server System for Directory Service

Description:

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California State ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 14
Provided by: ECS121
Category:

less

Transcript and Presenter's Notes

Title: Implementing LDAP Client/Server System for Directory Service


1
Implementing LDAP Client/Server System for
Directory Service
  • By Maochun Sun
  • Project Advisor Dr. Chung-E Wang
  • Department of Computer Science
  • California State University, Sacramento

2
Agenda
  • What is directory service?
  • What is LDAP?
  • Why use LDAP?
  • The directory service system design.
  • Future work.

3
What is directory service?
  • Directory is simply a collection of information,
    e.g. phonebook.
  • Directory services provide access to the
    information in a directory.
  • Directory servers are applications that act as
    directory services, providing information from a
    directory to other applications or end users.

4
What is LDAP
  • Lightweight Directory Access Protocol (RFC
    1777, RFC 2251).
  • A protocol for accessing global or local
    directories over a network.
  • Was developed as the gateway to X.500
  • LDAP server Stores attribute based data.
  • LDAP server is not the place to store very
    dynamic information.
  • Currently, LDAP is more commonly used within a
    single large organization, e.g. a college or a
    company, for directory services.

5
What is LDAP (cont.)
  • Entries
  • Basic elements stored in an LDAP server.
  • Entries are made up of attributes.
  • Entries are organized in a hierarchical structure
  • Each entry must have a unique DN attribute
  • dn oudeptA,dcexample,dccom
  • objectClass organizationalUnit
  • ou deptA
  • telephoneNumber 23432545
  • email depta_at_example.com

6
What is LDAP (cont.)
  • Attributes
  • The type and value pairs that describe a
    particular entry.
  • Object classes
  • Define which attributes are required and allowed
    to be in a particular LDAP entry.
  • Schema
  • Define attribute type and object class in a
    particular directory

7
Why use LDAP ?
  • Simplicity -- TCP/IP based
  • LDAP directory is extensible
  • Distributed architecture
  • Using data replication.
  • Using referrals.
  • Widely accepted APIs
  • C, Java, Perl, PHP

8
The directory system design
  • The proposed system would be a directory server
    that contains a web server and a LDAP server.
  • The system will accept users requests through
    web browsers, and access the LDAP server to get
    the required data.
  • The system front-end will be written in PHP, and
    the back-end will use OpenLDAP server.
  • All users are allowed to search the common
    information about the departments, groups and
    employees in the directory server.

9
The system design (cont.)
  • Login users with different privileges after
    passing authentication and authorization, are
    allowed to access different data and perform
    different operations on the LDAP directory, such
    as adding, deleting and modifying.
  • Employee
  • Employee administrator
  • Group administrator
  • Department administrator

10
The directory system architecture
Users
Web Browsers
HTTP
Apache Web Server
Directory Service
LDAP PHP API
LDAP
Directory Server
LDAP Server (OpenLDAP)
Database (BerkeleyDB)
11
The organization of the entries in the directory
dcexample,dccom
oudept_1, dcexample, dccom
cnDeptAdministrator, dcexample,dccom
oudept_n, dcexample, dccom
.
ougroup_1, oudept_1, dcexample, dccom
ougroup_m, oudept_1, dcexample, dccom
cnGroupAdministrator, oudept_1,dcexample, dcco
m
.
uide1, ougroup_1, oudept_1, dcexample, dccom

uidek, ougroup_1, oudept_1, dcexample, dccom

cnEmpAdministrator, ougroup_1,oudept_1, dcexam
ple,dccom
.
12
Future work
  • Improve the system security, e.g. use Apache-SSL
  • Create log file to record the changes in the
    directory
  • Replicated the LDAP server by using OpenLDAPs
    slurpd
  • Using the referral in LDAP server

13
Questions
  • ?
Write a Comment
User Comments (0)
About PowerShow.com