LDAP Training Course

Training » All Courses » Linux » LDAP

Course Summary

Lightweight Directory Access Protocol (LDAP) is re-emerging as the standard for managing resources and objects used within and in some cases between organizations. The hierarchical, yet flexible architecture, of LDAP makes it suitable for a wide range of tasks from simple customer address lists through operational provision of Single Sign-On (SSO and Identity Management) to a repository for network wide policy management. With resilience, platform independence and distributed functionality built-in, coupled with LDAP abstraction layers available from most transaction oriented database suppliers, LDAP is the ideal standards based approach to unifying data usage on an enterprise wide basis. Microsoft's Active Directory is but one of a number of enterprise wide solutions using LDAP to glue together disparate data.

[top] Duration

2 days.

[top] Objectives

Students will learn the theory and organization of the LDAP hierarchy or Object Tree Structure covering the Data Information Tree (DIT), objectClasses and attributes. LDAP Interchange Files (LDIF), LDAP security, STRUCTURAL, AUXILIARY and ABSTRACT Object Classes, Schemas, ASN.1 notation, matching rules, indexing and searching are all covered in detail.

Students will construct a simple application when the basic theory has been covered and then progressively enhance the application with increasingly complex functionality to both fully illustrate all the architectural elements and as a practical demonstration of the flexibility and extensibility of LDAP. A platform independent LDAP browser is used throughout the course to examine both the students application and the Windows Active Directory LDAP implementation.

[top] Audience

The course is optimized for LDAP designers, architects and implementors, Network and System administrators and those who need a thorough understanding of LDAP technology.

[top] Outline

Module 1: LDAP Introduction and Theory

Directory Background

What is a directory
History of directories
X.500 and X.519 DAP
X.500 and Global Uniqueness
The IETF and LDAP

LDAP Introduction

LDAP Scope
LDAP and Transactional Databases
LDAP is good for.....
LDAP - myths, legends and nonsense

LDAP Object Tree Structure

LDAP models defined (Information, Naming, Functional, Security)
LDAP Data Information Tree (DIT)
LDAP DIT root
LDAP Entries
LDAP objectClasses
LDAP hierarchy (Parent, Child, Siblings)
LDAP attributes

LDAP and ASN.1

Global uniqueness
ASN.1 Notation
ASN.1 examples
ASN1. in LDAP

Exercise: White Page attributes

Ideal contents of a White Page directory

Module 2: LDAP Information (Data) Model

Attribute Characteristics

Data content and format
Optional or Mandatory
Single or multiple instances
Names and aliases
Matching Rules

ObjectClass Characteristics

Collection of Attributes
Defines attribute properties
Structural, Auxiliary and Abstract
LDAP Schemas - packages of objectClasses and Attributes

The InetOrgPerson objectClass

Attributes and Structure
OrganizationalPerson objectClass
Person objectClass

DIT Design and Organization

Top Level Organization of DIT
Organizational Units
Global Uniqueness or Not
Future Flexibility
Flat architecture
Structure examples

Exercise: Design White Page LDAP DIT

Module 3: LDAP Functional Model

Reading and Writing

Read (Search) and Write (Modify) Characteristics
Distinguished Names (DN)
Relative Distinguished Names (RDN)
Mapping to White Pages Directory

Indexing

Power of Indexing
Controlling Indexing
Cost of Indexing
Optimize Indexing - frequently

LDIF and DSML

LDAP Interchange Format files
LDIF functions
LDIF Layout
LDIF to Create an empty DIT
DSML Overview
DSML uses and tools

LDAP Searching

Generic Search Parameters
Search Filters - Simple
Search Filters - Extended
Search Examples (ldapsearch, LDAP browser)

LDAP URLs

LDAP URL Notation and structure
LDAP URL Search examples

LDAP Server Configuration

Configuration Basics - depending on Server
OpenLDAP - slapd.conf

Exercise: Create White Page LDAP DIT

Exercise: Browsing and Searching DIT

Browse the DIT
Add Entries
Delete Entries
Search Entries
Browse Active Directory
Search Active Directory

Note: Where the course participants use OpenLDAP the utilities ldapsearch, ldapmodify and ldapdelete will be covered in this session.

Module 4: LDAP Extending the DIT

LDAP is Distributed

LDAP Organizational Hierarchy
Referrals
Defining Referrals
Referral ObjectClass
Referral examples

Exercise: Add Referral to LDAP

Adding New Functionality

Adding child entries
Extending and modifying entries
Adding new Organizational Units

Exercise: Use LDIF to modify DIT

Groups - groupOfNames

Use and function of groups
groupOfNames ObjectClass
Assigning permissions with groups

Exercise: Enhance White Page DIT

Module 5: Backup and Replication

LDAP Archive and Backup

LDIF - Export/Save
LDIF - Import/Restore
Exercise - Save and Restore DIT

LDAP Security Model - Replication

LDAP Replication
LDAP Replication Characteristics and features
Replicate with slurp (OpenLDAP)
Replicate with syncrepl (OpenLDAP)
N-way multi-master with syncrepl (OpenLDAP)

Exercise: Replicate DIT

Module 6: LDAP for Access Security

LDAP Security Model

LDAP Operations vs Data Security
LDAP Security Overview
LDAP Security features
Securing LDAP
White Page Security Requirements
LDAP Security - White Page application

OpenLDAP Access Directive

ACLs - Access Clauses
The <what> component
The <who> component
Simple ACL Examples
Complex ACL Examples
Design White Page Policy (ACLs)

Exercise: Add Security Policy

Access Security

Authentication and Authorization
Network Authentication (KERBEROS)
Single User - Single Password
Single Sign-On (SSO)
Platform Authentication - UNIX/Windows

Adding Authentication and Authorization

LINUX/UNIX - posixAccount
Windows Active Directory

Exercise: Add Authentication to Application

Exercise: Add and test security policy

Module 7: LDAP Summary

LDAP Summary

DIT
objectClasses
Attributes
Schemas
ASN.1
LDIF
Referrals
Searching
Replication
Security