- LDAP is the Lightweight Directory Access Protocol, is an application protocol for accessing and maintaining distributed server directory information services over an TCP/IP network.
- LDAP Servers - Netscape Directory Server, Microsoft Active Directory (AD), Novell Directory Services (NDS), Sun Directory Services (SDS), ucent's Internet Directory Server (IDS)
- LDAP uses a client server model, with clients sending LDAP request over TCP/IP to the server.
- Stores attribute based data information. Stores these entries in a hierachial structure (i.e., Directory Information Tree(DIT)), based on the unique identifier (Distinguish Name(DN)).
- Designed to be read data more than written, such as No transactions or rollback.
- LDIF - LDAP Data Interchange Format, is a human readable format, to allow easily
exchanging and modifying of the data.
ldbmcat converts ldbm database to ldif. ldif2ldbm converts ldif back to ldbm database.
LDIF example, entry for a user account
dn : CN=Day Night,CN=Users,DC=DNS,DC=local
cn: Day Night
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: user
mail : mkader@daynightsoft.com
mailnickname : mkader
memberof : CN=DNS-SPAdmin,CN=Users,DC=DNS,DC=local
- Abbreviations
uid - User ID
cn - Comman Name
sn - Surname
l - Location
ou - Organization Unit
o- Organization
dc - domain Component
st - state
c - country
oid - Object Identifier
RDN - Relative Distinuished Name
- Search Filters - Criteria for attributes that must be fulfilled for an entry to be returned, and a base DN that the search is performed against
Operators
& - and
| - or
! - not
~= - approx equal
>= - greater than or equal
<= - less than or equal
* - any
Example
(&(uid=d*)(uid=*l)) - search for all users who's userid (uid), started with d and ended with l. (cn=Jim*) - LDAP URL - ldap://hostname:[portnumber]/[attributes][ "?" scope "?" filter]
attributes - List of attributes you want returned
scope - base = base object search, one = one level search, sub = subtree search
filter - Standard LDAP search filter
Examples:
LDAP://DNS-FPS01.DNS.local:389/DC=DNS,DC=local
ldap://ldap.sun.com/dc=bar,dc=com?cn?sub?uid=jim - LDAP Windows AD Search
Open Active Directory Users and Computers. Right-click the domain object and select Find.
Click the drop-down list next to Find, and then select Custom Search. From the next screen, select the Advanced tab. Type the appropriate LDAP statement under Enter LDAP query.
- LDAP WINDOWS AD search using LDP tool
Open LDP and connect to a valid domain controller.
- LDAP command line UNIX tools
ldapadd, ldapmodify - Used to add or modify ldap entries
$ ldapmodify -r -D 'cn=foo,dc=bar,dc=com' -W < /tmp/user.ldif
ldapdelete - Used to delete entries
$ ldapdelete -D 'cn=foo,dc=bar,dc=com' -W 'cn=user,dc=bar,dc=com'
ldapsearch - Used to search ldap servers
$ ldapsearch -L -D 'cn=foo,dc=bar,dc=com' 'objectclass=posixAccount'
Pages
▼
No comments:
Post a Comment