akshay
/
openldap
2
1
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
OpenLDAP Presentation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
21 MiB
Tree: e57be0011f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e57be0011f'
${ noResults }
openldap/openldap.md

93 lines
4.9 KiB
Raw Normal View History

OpenLDAP Presentaion first commit
2 years ago
openldap presentation
2 years ago
Added alternative implementations of LDAP section
2 years ago
openldap presentation
2 years ago
OpenLDAP Presentaion first commit
2 years ago
Added alternative implementations of LDAP section
2 years ago
OpenLDAP Presentaion first commit
2 years ago
openldap presentation
2 years ago
OpenLDAP Presentaion first commit
2 years ago
Added alternative implementations of LDAP section
2 years ago
openldap presentation
2 years ago
Added alternative implementations of LDAP section
2 years ago
openldap presentation
2 years ago
Added alternative implementations of LDAP section
2 years ago
openldap presentation
2 years ago
Added alternative implementations of LDAP section
2 years ago
openldap presentation
2 years ago
Added alternative implementations of LDAP section
2 years ago
openldap presentation
2 years ago
Added alternative implementations of LDAP section
2 years ago
OpenLDAP Presentaion first commit
2 years ago
 
  1. ---
  2. title: OpenLDAP
  3. author: Akshay Pushparaj
  4. theme: Berlin
  5. mainfont: Iosevka
  6. fontsize: 8pt
  7. ---
  8. # Introduction to LDAP

  9. ## What is LDAP?

  10. LDAP or Lightweight Directory Access Protocol is a standards-based protocol for accessing and maintaining distributed directory information services. LDAP has always been considered a standard for user management in organizations of all sizes.
  11. 

  12. ## What is directory service?

  13. - Directory is a specialized database specifically designed for searching and browsing, in additional to supporting basic lookup and update functions.
  14. - Directories tend to contain descriptive, attribute-based information and support filtering capabilities.
  15. - Directories generally do not support complicated transaction or roll-back schemes found in database management systems designed for handling high-volume complex updates.
  16. - Directories are generally tuned to give quick response to high-volume lookup or search operations.
  17. 

  18. ## What kind of information can be stored in the directory?

  19. LDAP information model is based on entries. An entry is a collection of attributes that has a globally-unique Distinguished Name (DN). The DN is used to refer to the entry unambiguously. Each of the entry's attributes has a type and one or more values.
  20. 

  21. ## How is the information arranged? 

  22. Directory entries are arranged in a hierarchical tree-like structure.
  23. 

  24. ![LDAP Tree](./image/ldap_tree.png){#id .class width=200 height=200 display=block}
  25. 

  26. 

  27. ## Differences between traditional databases

  28. - LDAP is a open standard protocol. 
  29. - LDAP is heavily read optimized. 
  30. - LDAP is lightweight.
  31. 

  32. ## Usecases

  33. Some of the usecases of LDAP are:
  34. 

  35. - Machine Authentication
  36. - User Authentication
  37. - User/System Groups
  38. - Address book
  39. - Organization Representation
  40. - Asset Tracking
  41. - Telephony Information Store
  42. - User resource management
  43. - E-mail address lookups
  44. - Application Configuration store Machine Authentication
  45. - etc
  46. 

  47. # OpenLDAP

  48. ## What is OpenLDAP?

  49. - OpenLDAP is an free and open source implementation of LDAP. The project started at University of Michigan, now maintained by the OpenLDAP Foundation.
  50. 

  51. ## Features

  52. - Lightweight
  53. - Supports a wide variety of backends or databases.
  54. - Supports components called overlays which can be used to customize backend behaviour without the need to write a custom backend.
  55. - Has support for wide variety of OS and services.
  56. - OpenLDAP is highly flexible. Has code-reliant functionality which doesn’t lock users into predetermined workflows; rather, we can manipulate the software to our exact needs.
  57. 

  58. ## Cons

  59. - Directory configuration and management are manual. Hence it is more time consuming and has a higher learning curve.
  60. - OpenLDAP is a command-line application. However there are multiple LDAP browsers available which can be used in case a UI is required. Few of them listed below:
  61. 	- [web2ldap](https://www.web2ldap.de/web2ldap.html)
  62.   - [Apache Directory](https://directory.apache.org/)
  63. 

  64. 

  65. # Other free software LDAP implementations

  66. ## 389 DS

  67. - Like OpenLDAP, 389 DS or 389 Directory Server is a LDAP implementation by RedHat  as part of the community-supported Fedora project.
  68. - 389 DS have a graphical interface that can be used for administration.
  69. 

  70. ##
  71. ![389 DS management console](./image/389ds.png){#id .class display=block}
  72. 

  73. 

  74. ## FreeIPA

  75. - FreeIPA is an identity management system created by RedHat. The aim with FreeIPA is to provide a centrally managed Identity, Policy and Audit(IPA)  system.
  76.   - Identity management ensure the right users have appropriate access to resources.
  77.   - Security policies are a set of requirements to maintain a safe and secure computing environment.
  78.   - Audit trail are records of events, procedures or operations being done on the system.
  79. 

  80. - FreeIPA uses a combination of different software inorder to acheive an IPA system. It uses Fedora, 389 DS, Kerberos, DNS, SSSD and other free and open source components. 
  81. - The advantage of using FreeIPA is that it is easy to setup. Since everything is taken care by FreeIPA for us it has less flexibilty comapred to OpenLDAP. 
  82. - FreeIPA has a Web UI for administration. 
  83. 

  84. ##
  85. ![Web UI](./image/freeipa.png)
  86. 

  87. ## Samba

  88. -  Samba runs on Unix platforms, but speaks to Windows clients like a native. It allows a Unix system to move into a Windows "Network Neighborhood" without causing a stir. Windows users can happily access file and print services without knowing or caring that those services are being offered by a Unix host.
  89. - Samba is an open source CIFS implementation. CIFS or Common Internet File System is a protocol suite used to share files remotely via IP. 
  90. - Samba allows for a Linux server to act as a Domain Controller. By doing so, user credentials on the Windows domain can be used instead of needing to be recreated and then manually kept in sync on the Linux server.
  91. - A domain controller is a server that manages network and identity security, effectively acting as the gatekeeper for user authentication and authorization to IT resources within the domain.
  92. 

  93.