akshay
/
openldap
2
1
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
OpenLDAP Presentation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
21 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
openldap/openldap.md

148 lines
6.7 KiB
Raw Permalink Normal View History

OpenLDAP Presentaion first commit
1 year ago
openldap presentation
1 year ago
Added alternative implementations of LDAP section
1 year ago
openldap presentation
1 year ago
OpenLDAP Presentaion first commit
1 year ago
Added alternative implementations of LDAP section
1 year ago
OpenLDAP Presentaion first commit
1 year ago
openldap presentation
1 year ago
OpenLDAP Presentaion first commit
1 year ago
Added alternative implementations of LDAP section
1 year ago
openldap presentation
1 year ago
Added alternative implementations of LDAP section
1 year ago
openldap presentation
1 year ago
Added alternative implementations of LDAP section
1 year ago
openldap presentation
1 year ago
Added alternative implementations of LDAP section
1 year ago
openldap presentation
1 year ago
Added alternative implementations of LDAP section
1 year ago
openldap presentation
1 year ago
Added alternative implementations of LDAP section
1 year ago
OpenLDAP Presentaion first commit
1 year ago
LDAPToolBox slides
1 year ago
OpenLDAP Presentaion first commit
1 year ago
LDAPToolBox slides
1 year ago
LDAPToolBox slides
1 year ago
 
  1. ---
  2. title: OpenLDAP
  3. author: Akshay Pushparaj
  4. theme: Berlin
  5. mainfont: Iosevka
  6. fontsize: 8pt
  7. ---
  8. # Introduction to LDAP

  9. ## What is LDAP?

  10. LDAP or Lightweight Directory Access Protocol is a standards-based protocol for accessing and maintaining distributed directory information services. LDAP has always been considered a standard for user management in organizations of all sizes.
  11. 

  12. ## What is directory service?

  13. - Directory is a specialized database specifically designed for searching and browsing, in additional to supporting basic lookup and update functions.
  14. - Directories tend to contain descriptive, attribute-based information and support filtering capabilities.
  15. - Directories generally do not support complicated transaction or roll-back schemes found in database management systems designed for handling high-volume complex updates.
  16. - Directories are generally tuned to give quick response to high-volume lookup or search operations.
  17. 

  18. ## What kind of information can be stored in the directory?

  19. LDAP information model is based on entries. An entry is a collection of attributes that has a globally-unique Distinguished Name (DN). The DN is used to refer to the entry unambiguously. Each of the entry's attributes has a type and one or more values.
  20. 

  21. ## How is the information arranged? 

  22. Directory entries are arranged in a hierarchical tree-like structure.
  23. 

  24. ![LDAP Tree](./image/ldap_tree.png){#id .class width=200 height=200 display=block}
  25. 

  26. 

  27. ## Differences between traditional databases

  28. - LDAP is a open standard protocol. 
  29. - LDAP is heavily read optimized. 
  30. - LDAP is lightweight.
  31. 

  32. ## Usecases

  33. Some of the usecases of LDAP are:
  34. 

  35. - Machine Authentication
  36. - User Authentication
  37. - User/System Groups
  38. - Address book
  39. - Organization Representation
  40. - Asset Tracking
  41. - Telephony Information Store
  42. - User resource management
  43. - E-mail address lookups
  44. - Application Configuration store Machine Authentication
  45. - etc
  46. 

  47. # OpenLDAP

  48. ## What is OpenLDAP?

  49. - OpenLDAP is an free and open source implementation of LDAP. The project started at University of Michigan, now maintained by the OpenLDAP Foundation.
  50. 

  51. ## Features

  52. - Lightweight
  53. - Supports a wide variety of backends or databases.
  54. - Supports components called overlays which can be used to customize backend behaviour without the need to write a custom backend.
  55. - Has support for wide variety of OS and services.
  56. - OpenLDAP is highly flexible. Has code-reliant functionality which doesn’t lock users into predetermined workflows; rather, we can manipulate the software to our exact needs.
  57. 

  58. ## Cons

  59. - Directory configuration and management are manual. Hence it is more time consuming and has a higher learning curve.
  60. - OpenLDAP is a command-line application. However there are multiple LDAP browsers available which can be used in case a UI is required. Few of them listed below:
  61. 	- [web2ldap](https://www.web2ldap.de/web2ldap.html)
  62.   - [Apache Directory](https://directory.apache.org/)
  63. 

  64. 

  65. # Other free software LDAP implementations

  66. ## 389 DS

  67. - Like OpenLDAP, 389 DS or 389 Directory Server is a LDAP implementation by RedHat  as part of the community-supported Fedora project.
  68. - 389 DS have a graphical interface that can be used for administration.
  69. 

  70. ##
  71. ![389 DS management console](./image/389ds.png){#id .class display=block}
  72. 

  73. 

  74. ## FreeIPA

  75. - FreeIPA is an identity management system created by RedHat. The aim with FreeIPA is to provide a centrally managed Identity, Policy and Audit(IPA)  system.
  76.   - Identity management ensure the right users have appropriate access to resources.
  77.   - Security policies are a set of requirements to maintain a safe and secure computing environment.
  78.   - Audit trail are records of events, procedures or operations being done on the system.
  79. 

  80. - FreeIPA uses a combination of different software inorder to acheive an IPA system. It uses Fedora, 389 DS, Kerberos, DNS, SSSD and other free and open source components. 
  81. - The advantage of using FreeIPA is that it is easy to setup. Since everything is taken care by FreeIPA for us it has less flexibilty comapred to OpenLDAP. 
  82. - FreeIPA has a Web UI for administration. 
  83. 

  84. ##
  85. ![Web UI](./image/freeipa.png)
  86. 

  87. ## Samba

  88. -  Samba runs on Unix platforms, but speaks to Windows clients like a native. It allows a Unix system to move into a Windows "Network Neighborhood" without causing a stir. Windows users can happily access file and print services without knowing or caring that those services are being offered by a Unix host.
  89. - Samba is an open source CIFS implementation. CIFS or Common Internet File System is a protocol suite used to share files remotely via IP. 
  90. - Samba allows for a Linux server to act as a Domain Controller. By doing so, user credentials on the Windows domain can be used instead of needing to be recreated and then manually kept in sync on the Linux server.
  91. - A domain controller is a server that manages network and identity security, effectively acting as the gatekeeper for user authentication and authorization to IT resources within the domain.
  92. 

  93. # LDAPToolBox

  94. ##
  95. - LDAPToolBox is a compilation of tools for LDAP administrators
  96. - LDAPToolBox contains:
  97. 	- Monitoring plugins
  98. 	- Howtos and scripts
  99. 	- Web interfaces for password and account management
  100.   - OpenLDAP packages and extensions
  101. 

  102. ## Service Desk

  103. - Application for teams who need to check, lock, unlock and reset user passwords
  104. - Quick search for an account
  105. - Features:
  106.   - View main attributes
  107.   - View account and password status
  108.   - Test current password
  109.   - Reset password and force password change at next connection
  110.   - Lock and unlock account
  111.   - Dashboards:
  112.     - Accounts locked
  113.     - Accounts with a password that will soon expire
  114.     - Accounts with an expired password
  115.     - Accounts idle (never connected or not connected since a number of days)
  116. 

  117. ##
  118. ![Service-Desk](./image/servicedesk.png)
  119. 

  120. ## Self Service Password

  121. - Self Service Password is a PHP application that allows users to change password in an LDAP directory.
  122. - In Addition to standard LDAP directories, it also supports Active Directory
  123. - Features:
  124.   - Local password policy
  125.   - Help messages
  126.   - Reset by questions
  127.   - Reset by mail challenge (token sent by mail)
  128.   - Reset by SMS (through external Email 2 SMS service)
  129.   - reCAPTCHA (Google API)
  130.   - Mail notification on password change
  131. 

  132. ## 

  133. ![Self Service Password](./image/resetpassword.png)
  134. 

  135. ## White Pages

  136. - White page is a PHP application that allows users to search and display data stored in LDAP directory
  137. - It has the following features:
  138.   - Quick search: a simple input in menu bar searching on some classic attributes
  139.   - Advanced search: a full form to search on several attributes
  140.   - Directory : display of all entries in a table form
  141.   - Gallery: display of all entries with their photo
  142.   - Search and display groups and members
  143.   - Export results as CSV
  144.   - Export entry as vCard
  145. 

  146. ## 

  147. ![Self Service Password](./image/whitepages.png)
  148.