Pages

Thursday, July 28, 2011

LDAP

  1. LDAP is the Lightweight Directory Access Protocol, is an application protocol for accessing and maintaining distributed server directory information services over an TCP/IP network.
  2. LDAP Servers - Netscape Directory Server, Microsoft Active Directory (AD), Novell Directory Services (NDS), Sun Directory Services (SDS), ucent's Internet Directory Server (IDS)
  3. LDAP uses a client server model, with clients sending LDAP request over TCP/IP to the server.
  4. Stores attribute based data information. Stores these entries in a hierachial structure (i.e., Directory Information Tree(DIT)), based on the unique identifier (Distinguish Name(DN)).
  5. Designed to be read data more than written, such as No transactions or rollback.
  6. LDIF - LDAP Data Interchange Format, is a human readable format, to allow easily
    exchanging and modifying of the data.

    ldbmcat converts ldbm database to ldif. ldif2ldbm converts ldif back to ldbm database.

    LDIF example, entry for a user account
    dn : CN=Day Night,CN=Users,DC=DNS,DC=local
    cn: Day Night
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: user
    mail : mkader@daynightsoft.com
    mailnickname : mkader
    memberof : CN=DNS-SPAdmin,CN=Users,DC=DNS,DC=local
  7. Abbreviations
    uid - User ID
    cn - Comman Name
    sn - Surname
    l - Location
    ou - Organization Unit
    o- Organization
    dc - domain Component
    st - state
    c - country
    oid - Object Identifier
    RDN - Relative Distinuished Name
  8. Search Filters - Criteria for attributes that must be fulfilled for an entry to be returned, and a base DN that the search is performed against

    Operators
    & - and
    | - or
    ! - not
    ~= - approx equal
    >= - greater than or equal
    <= - less than or equal
    * - any

    Example
    (&(uid=d*)(uid=*l)) - search for all users who's userid (uid), started with d and ended with l. (cn=Jim*)
  9. LDAP URL - ldap://hostname:[portnumber]/[attributes][ "?" scope "?" filter]

    attributes - List of attributes you want returned
    scope - base = base object search, one = one level search, sub = subtree search
    filter - Standard LDAP search filter

    Examples:
    LDAP://DNS-FPS01.DNS.local:389/DC=DNS,DC=local
    ldap://ldap.sun.com/dc=bar,dc=com?cn?sub?uid=jim
  10. LDAP Windows AD Search
    Open Active Directory Users and Computers. Right-click the domain object and select Find.
    Active Directory Users and Computers Select Find
    Click the drop-down list next to Find, and then select Custom Search. From the next screen, select the Advanced tab. Type the appropriate LDAP statement under Enter LDAP query.
    Active Directory Users and Computers Custom Search
  11. LDAP WINDOWS AD search using LDP tool
    Open LDP and connect to a valid domain controller.
    Screen Shot of LDP.EXE Drop down
    Specify Search Criteria for LDP.EXE
    Specify Search Criteria for LDP.EXE

  12. LDAP command line UNIX tools
    ldapadd, ldapmodify - Used to add or modify ldap entries
    $ ldapmodify -r -D 'cn=foo,dc=bar,dc=com' -W < /tmp/user.ldif
     ldapdelete - Used to delete entries
    $ ldapdelete -D 'cn=foo,dc=bar,dc=com' -W 'cn=user,dc=bar,dc=com'
    ldapsearch - Used to search ldap servers
    $ ldapsearch -L -D 'cn=foo,dc=bar,dc=com' 'objectclass=posixAccount'

No comments:

Post a Comment