The LDAP Protocol. Amrish Kaushik. Graduate Student USC Computer Science (CN)
|
|
- Ronald Allison
- 6 years ago
- Views:
Transcription
1 The LDAP Protocol Amrish Kaushik Graduate Student USC Computer Science (CN)
2 Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model Mapping onto Transport Services Protocol Element Encoding Discussion
3 Background and Motivation Increased reliance on networked computers Need in information Functionality Ease-of-Use Administration (Application specific dirs) Clear and consistent organization Integrity Confidentiality
4 X.500 X.500 standard. CCITT 1988 Refer ISO 9594 X.500-X.521 of 1990
5 X.500 Organizes directory entries into a hierarchical namespace Powerful search capabilities Often used for interfacing incompatible directory services Used DAP for c/s communication DAP (App. Layer) requires ENTIRE OSI stack to operate Too heavy for small environments
6 What is LDAP? Lightweight Directory Access Protocol Used to access and update information in a directory built on the X.500 model Specification defines the content of messages between the client and the server Includes operations to establish and disconnect a session from the server
7 LDAP Server: G/S
8 Understanding LDAP Lightweight alternative to DAP Uses TCP/IP instead of OSI stack Simplifies certain functions and omits others Uses strings rather than DAP s ASN.1 notation to represent data.
9 LDAP Information Structure of information stored in an LDAP directory. Naming How information is organized and identified. Functional / Operations Describes what operations can be performed on the information stored in an LDAP directory. Security Describes how the information can be protected from unauthorized access.
10 LDAP Information Storage
11 LDAP Information Storage Each attribute has a type/syntax and a value Can define how values behave during searches/directory operations Syntax: bin, ces, cis, tel, dn etc. Usage limits: ssn only one, jpegphoto 10K
12 LDAP Information Storage Each entry describes an object (Class) Person, Server, Printer etc. Example Entry: InetOrgPerson(cn, sn, ObjectClass) Example Attributes: cn (cis), sn (cis), telephonenumber (tel), ou (cis), owner (dn), jpegphoto (bin)
13 LDAP Naming DNs consist of sequence of Relative DN cn=john Smith,ou=Austin,o=IBM,c=US (Leaf 2 Root) (~use \ for special) Directory Information Tree (DIT) Follow geographical or organizational scheme Aliases: Tree-like, Aliases can link non-leaf nodes
14 LDAP Naming Referrals: May not store entire DIT (v3) Referrals objectclass=referral, attribute=ref, value=ldapurl Implementation differs Refferals/Chaining (vendor) RFC 1777: server chaining is expected.
15 LDAP Naming Schema Defines what object classes allowed Where they are stored What attributes they have (objectclass) Which attributes are optional (objectclass) Type/syntax of each attribute (objectclass) Query server for info: zero-length DN LDAP schema must be readable by the client
16 LDAP Naming Examples Attribute Type String CommonName LocalityName StateorProvinceName OrganizationName OrganizationalUnitName CountryName StreetAddress domaincomponent Userid CN L ST O OU C STREET DC UID
17 LDAP Functions/Operations Authentication BIND/UNBIND ABANDON Query Search Compare entry Update Add an entry Delete an entry (Only Leaf nodes, no aliases) Modify an entry, Modify DN/RDN
18 Client and Server Interaction Client establishes session with server (BIND) Hostname/IP and port number Security User-id/password based authentication Anonymous connection - default access rights Encryption/Kerberos also supported Client performs operations Read/Update/Search SELECT X,Y,Z FROM PART_OF_DIRECTORY Client ends the session (UNBIND) Client can ABANDON the session
19 BIND/UNBIND/ABANDON Request includes LDAP version, the name the client wants to bind as, authentication type Simple (clear text passwords, anonymous) Kerberos v4 to the LDAP server (krbv42ldap) Kerberos v4 to the DSA server (krbv42dsa) Server responds with a status indication UNBIND: Terminates a protocol session UnbindRequest ::= [APPLICATION 2] NULL ABANDON: MessageID to abandon
20 Search/Compare Request includes baseobject: an LDAPDN Scope: how many levels to be searched derefaliases: handling of aliases sizelimit: max number of entries returned timelimit: max time allowed for search attrsonly: return attribute types OR values also Filter: cond. to be fulfilled when searching Attributes: List of entry s attributes to be returned Read and List implemented as searches Compare: similar to search but returns T/F
21 ADD/MODIFY/DELETE ADD request Entry: LDAPDN List of Attributes and values (or sets of values) MODIFY request Used to add, delete, modify attributes Request includes Object: LDAPDN List of modifications (atomic) Add, Delete, Replace DELETE request Object: LDAPDN
22 Protocol Elements LDAPMessage (MessageID unique)
23 Protocol Elements LDAPString ::= OCTET STRING LDAPDN ::= LDAPString RelativeLDAPDN ::= LDAPString AttributeValueAssertion ::= Sequence { attributetype attributevalue, } attributevalue attributevalue attributetype ::= LDAPString
24 Protocol Elements LDAP Result Errors Truncated DIT RDN sequence is sent nosuchobject aliasproblem invaliddnsyntax isleaf etc.
25 LDAP Security Current LDAP version supports Clear text passwords KERBEROS version 4 authentication Other authentication methods possible in future versions (March 1995) SASL support added in version 3 Kerberos deemed stronger than SASL
26 LDAP Security Security based on the BIND model Clear text ver 1 Kerberos ver 1,2,3 (depr) SASL ver 3 Simple Authentication and Security Layer uses one of many authentication methods Proposal for Transport Layer Security Based on SSL v3 from Netscape
27 LDAP Security No Authentication Basic Authentication DN and password provided Clear-text or Base 64 encoded SASL (RFC 2222) Parameters: DN, mechanism, credentials Provides cross protocol authentication calls Encryption can be optionally negotiated ldap_sasl_bind() (ver3 call) Ldap://<ldap_server>/?supportedsaslmechanisms
28 LDAP Security LDAP using SASL using SSL/TLS
29 LDAP Security SSL/TLS Handshake
30 Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model Mapping onto Transport Services Protocol Element Encoding Discussion
31 Protocol Model Clients performing protocol operations against servers Client sends protocol request to server Server performs operation on directory Server returns response (results/errors) Asynchronous Server Behavior
32 Directory Client/Server Interaction
33 Mapping onto Transport Uses Connection-oriented, reliable transport TCP LDAPMessage PDU mapped onto TCP byte stream LDAP listener on port 389 Connection Oriented Transport Service (COTS) LDAP PDU is mapped directly onto T-Data
34 Protocol Element Encoding Encoded for Exchange using BER (Basic Encoding Rules) BER defined in Abstract Syntax Notation One (ASN.1) High Overhead for BER Restrictions imposed to improve perf. Definite form of length encoding only Bit Strings/ Octet Strings and all character string types encoded in primitive form only
35 LDAP Implementations C Library API LDAPv2 - RFC 1823 The LDAP API LDAPv3 In Internet Draft stage Java JNDI LDAP v3 uses the UTF-8 encoding of the Unicode character set. HTTP to LDAP gateway LDAP to X.500 gateway ldapd
36 Version 2 v/s Version 3 Referrals A server that does not store the requested data can refer the client to another server. Security Extensible authentication using Simple Authentication and Security Layer (SASL) Internationalization UTF-8 support for international characters. Extensibility New object types and operations can be dynamically defined and schema published in a
The LDAP Protocol. Agenda. Background and Motivation Understanding LDAP
The LDAP Protocol Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model Mapping onto Transport Services Protocol Element Encoding
More informationNetwork Working Group. T. Howes University of Michigan S. Kille ISODE Consortium July 1993
Network Working Group Request for Comments: 1487 W. Yeong Performance Systems International T. Howes University of Michigan S. Kille ISODE Consortium July 1993 Status of this Memo X.500 Lightweight Directory
More informationLDAP Directory Services
ATTENTION LDAP Directory Services THE MATERIAL PROVIDED IN THIS DOCUMENT IS FOR INFORMATION PURPOSES ONLY. IT IS NOT INTENDED TO BE ADVICE. YOU SHOULD NOT ACT OR ABSTAIN FROM ACTING BASED UPON SUCH INFORMATION
More informationNetwork Working Group. Category: Standards Track Netscape Communications Corp. S. Kille Isode Limited December 1997
Network Working Group Request for Comments: 2251 Category: Standards Track M. Wahl Critical Angle Inc. T. Howes Netscape Communications Corp. S. Kille Isode Limited December 1997 1. Status of this Memo
More informationClient API Operations
Client API Operations LDAP Operations This API has been designed to cover all the LDAP operations, with ease of use in mind. One of the important decision was to try to focus on the most used functions
More informationExpires: 20 May December 2000 Obsoletes: 1779, 2253
INTERNET-DRAFT Editor: Kurt D. Zeilenga Intended Category: Standard Track OpenLDAP Foundation Expires: 20 May 2001 20 December 2000 Obsoletes: 1779, 2253 Lightweight Directory Access Protocol (v3): UTF-8
More informationCS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS
: Computer Networks Lecture 6: Apr 5, 2004 Naming and DNS Any problem in computer science can be solved with another layer of indirection David Wheeler Naming is a layer of indirection What problems does
More informationAdvanced Network and System Administration. Accounts and Namespaces
Advanced Network and System Administration Accounts and Namespaces 1 Topics 1. What is a directory? 2. NIS 3. LDAP 4. OpenLDAP 5. LDAP Authentication 2 What is a Directory? Directory: A collection of information
More informationGrandstream Networks, Inc. LDAP Configuration Guide
Grandstream Networks, Inc. Table of Contents SUPPORTED DEVICES... 4 INTRODUCTION... 5 INSTALLING AND CONFIGURING LDAP SERVER... 6 Installing ApacheDS LDAP Server... 6 Prerequisites... 6 Download and Install
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications
INTERNATIONAL STANDARD ISO/IEC 9594-5 Seventh edition 2014-03-01 Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications Technologies de l'information Interconnexion
More informationConfiguring a Virtual-Domain Server with LDAP
This document provides a recipe for configuring a Mirapoint server to perform LDAP authentication, message routing, and email access proxying. Configuration requires two activities: LDAP Database User
More informationObsoletes: 2253 June 2006 Category: Standards Track
Network Working Group K. Zeilenga, Ed. Request for Comments: 4514 OpenLDAP Foundation Obsoletes: 2253 June 2006 Category: Standards Track Status of This Memo Lightweight Directory Access Protocol (LDAP):
More informationDirectory Service. X.500 Directory Service. X.500 Directory Service and Lightweight Directory Access Protocol (LDAP)
X.500 Directory Service and Lightweight Directory Access Protocol (LDAP) What if we know the names of some object/resource, but want to find out more about them What is the telephone no. of X? What department
More informationISO/IEC Information technology Open Systems Interconnection The Directory: Protocol specifications
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 9594-5 Fifth edition 2005-12-15 Information technology Open Systems Interconnection The Directory: Protocol specifications
More informationAn LDAP server may implement its own schema or a standard schema defined as in RFC Mainstream implementations of LDAP include Netscape
Spectrum Software, Inc. 11445 Johns Creek Pkwy. Suite 300 Duluth, GA 30097 www.spectrumscm.com Subject: LDAP Support for SpectrumSCM Original Issue Date: April 26 th, 2003 Update Date: December 13 th,
More informationBusinessObjects Enterprise XI
Overview Contents This document contains information on LDAP authentication and how to configure with this type of authentication. INTRODUCTION... 2 What Is LDAP?...2 LDAP platforms supported by...3 LDAP
More informationDirectory-Enabled Applications. Tim Howes Netscape Communications Corporation
Directory-Enabled Applications Tim Howes Netscape Communications Corporation Overview What LDAP can and can t do for you LDAP history and overview The LDAP API The Netscape LDAP SDK Integrating LDAP with
More informationPrototype PKD Interface Specification
Prototype PKD Interface Specification 2nd Edition 2 March 2005 Ministry of Economy, Trade and Industry New Media Development Association History: 2 March, 2005 by H.Shimada P10: Modification of 6 Tree
More informationPart 5: Protocol specifications
INTERNATIONAL STANDARD ISO/IEC 9594-5 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications Technologies de l information Interconnexion
More information[MS-GPDPC]: Group Policy: Deployed Printer Connections Extension. Intellectual Property Rights Notice for Open Specifications Documentation
[MS-GPDPC]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationA low-level LDAP library for Python
A low-level LDAP library for Python Release 1.10 David Leonard January 28, 2001 The University of Queensland, Australia E-mail: python-ldap-dev@lists.sourceforge.net Abstract This documents a simple Python
More informationSoftware Product Description
Software Product Description HP OpenVMS Enterprise Directory V5.6 SPD 81.03.05 and HP Administrator for Enterprise Directory V2.2 Description The HP OpenVMS Enterprise Directory V5.6 is the fourth release
More informationHow to integrate hp OpenView Service Desk with Microsoft Active Directory
How to integrate hp OpenView Service Desk with Microsoft Active Directory Copyright 2004 Page 1 of 26 Table of Contents Introduction 3 What is Active Directory 4 Installing Active Directory... 5 Working
More informationNetwork Working Group. Category: Standards Track December The String Representation of LDAP Search Filters
Network Working Group T. Howes Request for Comments: 2254 Netscape Communications Corp. Category: Standards Track December 1997 1. Status of this Memo The String Representation of LDAP Search Filters This
More informationCategory: Experimental June 2006
Network Working Group K. Zeilenga Request for Comments: 4531 OpenLDAP Foundation Category: Experimental June 2006 Lightweight Directory Access Protocol (LDAP) Turn Operation Status of This Memo This memo
More informationLDAP Servers for AAA
This chapter describes how to configure LDAP servers used in AAA. About LDAP and the ASA, page 1 Guidelines for, page 5 Configure, page 5 Test LDAP Server Authentication and Authorization, page 9 Monitoring,
More informationObsoletes: RFC May The String Representation of LDAP Search Filters <draft-ietf-ldapbis-filter-01.txt> 1. Status of this Memo
Network Working Group Request for Comments: DRAFT Obsoletes: RFC 2254 Expires: 7 November 2001 M. Smith, Editor Netscape Communications Corp. T. Howes Loudcloud, Inc. 7 May 2001 The String Representation
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Open Systems Interconnection The Directory: Procedures for distributed operation
INTERNATIONAL STANDARD ISO/IEC 9594-4 Sixth edition 2008-12-15 Information technology Open Systems Interconnection The Directory: Procedures for distributed operation Technologies de l'information Interconnexion
More informationISBG May LDAP: It s Time. Gabriella Davis - Technical Director The Turtle Partnership
ISBG May 2015 LDAP: It s Time Gabriella Davis - Technical Director The Turtle Partnership gabriella@turtlepartnership.com What Is LDAP? Lightweight Directory Access Protocol Standard language for reading
More informationCategory: Experimental March 2010 ISSN: Lightweight Directory Access Protocol (LDAP) Transactions
Independent Submission K. Zeilenga Request for Comments: 5805 Isode Limited Category: Experimental March 2010 ISSN: 2070-1721 Abstract Lightweight Directory Access Protocol (LDAP) Transactions Lightweight
More informationLDAP Quick Start Manual
Version: 1.1 LDAP Quick Start Manual Release date: 2014-02-22 2011-2014 Fanvil Co., Ltd. This document contains information that is proprietary to Fanvil Co., Ltd (Abbreviated as Fanvil hereafter). Specifications
More informationApache Directory Server
Apache Directory Server LDAP Stored Procedures and Triggers in ApacheDS Ersin Er ersiner@apache.org Title of the presentation Agenda Stored Procedures Why do we need them in LDAP? Representation and Execution
More informationACS 5.x: LDAP Server Configuration Example
ACS 5.x: LDAP Server Configuration Example Document ID: 113473 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Directory Service Authentication Using
More informationUnderstanding the LDAP Binding Component
Understanding the LDAP Binding Component Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 820 6573 Dec 2008 Copyright 2008 Sun Microsystems, Inc. 4150 Network Circle, Santa
More informationIdentity Management Technology
Identity Management Technology Version 1.0 Dr. Horst Walther, Software Integration GmbH, 2004-10-20 Lefkosia / Cyprus Technology Evolution how did we get here? Directory services Metadirectory services
More informationPerl for System Administration
Perl for System Administration Networking Power Hour: LDAP David N. Blank-Edelman Northeastern University CCIS USENIX 2003 1 Directories Not your grandparents phone books any more! Many kinds of directories
More informationfanvil file, forbidden to steal!
Version: 1.1 LDAP Quick Start Manual Release date: 2014-02-22 2011-2014 Fanvil Co., Ltd. This document contains information that is proprietary to Fanvil Co., Ltd (Abbreviated as Fanvil hereafter). Unauthorized
More informationWhitepapers. LDAP and X.500. First Published in Messaging Magazine, September What is Common to X.500 and LDAP
Page 1 of 6 Whitepapers Isode's email and directory server products are used around the world by ISPs, Multinational Corporations, Governments, and Universities. LDAP and X.500 First Published in Messaging
More informationNovell OpenLDAP Configuration
Novell OpenLDAP Configuration To access the GoPrint Novell e-directory LDAP Connector configuration screen navigate to: Accounts Authentication Connectors GoPrint provides two connector options, Standard
More informationDirectory Interoperability: Requirements, Standards and Conformance (or, PICS )
Directory Interoperability: Requirements, Standards and Conformance (or, PICS ) Sandi Miklos, Technical Director Security Management Infrastructure National Security Agency samiklo@missi.ncsc.mil 14 January
More informationGrandstream Networks, Inc. LDAP Configuration Guide
Grandstream Networks, Inc. Table of Contents INTRODUCTION... 4 LDAP SERVER CONFIGURATION... 5 LDAP PHONEBOOK... 6 Access the Default Phonebook DN... 6 Add a New Phonebook DN... 7 Add contacts to Phonebook
More informationCategory: Standards Track Pearl Crescent, LLC O. Natkovich Yahoo J. Parham Microsoft Corporation October 2004
Network Working Group Request for Comments: 3928 Category: Standards Track R. Megginson, Ed. Netscape Communications Corp. M. Smith Pearl Crescent, LLC O. Natkovich Yahoo J. Parham Microsoft Corporation
More informationNoSQL²: Store LDAP Data in HBase
NoSQL²: Store LDAP Data in HBase Stefan Seelmann seelmann@apache.org About me Stefan Seelmann Freelancer Software development with Java LDAP, Identity Management Open Source developer Apache Directory
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationObsoletes: RFC February LDAP: String Representation of Search Filters <draft-ietf-ldapbis-filter-02.txt> 1. Status of this Memo
Network Working Group Request for Comments: DRAFT Obsoletes: RFC 2254 Expires: August 2002 M. Smith, Editor Netscape Communications Corp. T. Howes Loudcloud, Inc. 22 February 2002 LDAP: String Representation
More informationConfiguring Applications to Exploit LDAP
BY BOB PETTI Configuring Email Applications to Exploit LDAP Email applications such as Microsoft Outlook Express, Pegasus Mail, Netscape Communicator, Lotus Notes and Eudora can be configured to retrieve
More informationUnderstanding the LDAP Binding Component
Understanding the LDAP Binding Component Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 820 7855 June 2009 Copyright 2009 Sun Microsystems, Inc. 4150 Network Circle, Santa
More informationPart 5: Protocol specifications
INTERNATIONAL STANDARD ISO/IEC 9594-5 Eighth edition 2017-05 Information technology Open Systems Interconnection The Directory Part 5: Protocol specifications Technologies de l information Interconnexion
More informationLDAP Configuration Guide
LDAP Configuration Guide Publication date: 11/8/2017 www.xcalar.com Copyright 2017 Xcalar, Inc. All rights reserved. Table of Contents About this guide 3 Configuring LDAP 4 Before you start 5 Configuring
More informationNetwork Working Group Request for Comments: 2294 Obsoletes: 1836 March 1998 Category: Standards Track
Network Working Group S. Kille Request for Comments: 2294 Isode Ltd. Obsoletes: 1836 March 1998 Category: Standards Track Status of this Memo Representing the O/R Address hierarchy in the X.500 Directory
More informationFINEID - S5 Directory Specification
FINEID SPECIFICATION 27.3.2007 FINEID - S5 Directory Specification v 2.2 Population Register Centre (VRK Certification Authority Services P.O. Box 70 FIN-00581 Helsinki Finland http://www.fineid.fi FINEID
More informationEnhancing the Performance of OpenLDAP Directory Server with Multiple Caching
Enhancing the Performance of OpenLDAP Directory Server with Multiple Caching Jong Hyuk Choi and Hubertus Franke IBM Thomas J. Watson Research Center P.O. Box 218, Yorktown Heights, NY 10598 jongchoi,frankeh
More informationRequest for Comments: 2589 Category: Standards Track. Innosoft International, Inc. T. Genovese. Microsoft. May 1999
Network Working Group Request for Comments: 2589 Category: Standards Track Y. Yaacovi Microsoft M. Wahl Innosoft International, Inc. T. Genovese Microsoft May 1999 Status of this Memo Lightweight Directory
More informationTSIN02 - Internetworking
Lecture 10: SNMP and AAA Literature: Forouzan, chapter 23 RFC2881 RFC2905 RFC2903 Diameter next generation's AAA protocol by Håkan Ventura (handouts) 2004 Image Coding Group, Linköpings Universitet Lecture
More informationPresentation Services. Presentation Services: Motivation
Presentation Services need for a presentation services ASN.1 declaring data type encoding data types implementation issues reading: Tannenbaum 7.3.2 Presentation Services: Motivation Question: suppose
More informationEmbedded Web Server Security. Administrator's Guide
Embedded Web Server Security Administrator's Guide August 2017 www.lexmark.com Contents 2 Contents Change history... 4 Overview... 5 Supported printers... 5 Securing network connections...7 Accessing the
More informationGetting Started With Authentication Servers
Getting Started With Authentication Servers The Authentication Servers application enables you to create, modify, and delete authentication servers in OmniVista. An authentication server could be an LDAP,
More informationINTERNET DIRECTORY SERVICES USING THE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL
INTERNET DIRECTORY SERVICES USING THE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL Greg Lavender and Mark Wahl Sun Microsystems, Inc. ABSTRACT We survey the history, development and usage of directory services
More informationLDAP Servers for AAA
This chapter describes how to configure LDAP servers used in AAA. About LDAP and the ASA, page 1 Guidelines for, page 5 Configure, page 5 Monitoring, page 11 History for, page 11 About LDAP and the ASA
More informationRed Hat Directory Server
Red Hat Directory Server HP User Society / DECUS 17. Mai 2006 Joachim Schröder Red Hat GmbH How Identity Management can Save In a one year period in a typical 10,000 user organization: 54,180 employee
More informationNovember Replication and Distributed Operations extensions to provide an Internet Directory using X.500
Network Working Group Requests for Comments 1276 S.E. Hardcastle-Kille University College London November 1991 Replication and Distributed Operations extensions to provide an Internet Directory using X.500
More informationNetwork Working Group. Category: Experimental December Domain Administrative Data in Lightweight Directory Access Protocol (LDAP)
Network Working Group A. Newton Request for Comments: 3663 VeriSign, Inc. Category: Experimental December 2003 Status of this Memo Domain Administrative Data in Lightweight Directory Access Protocol (LDAP)
More informationDIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION. Gabriella Davis The Turtle Partnership
DIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION Gabriella Davis The Turtle Partnership In This Session Review possible use cases for multiple directories Understand security implications
More informationNetwork Working Group. Category: Experimental August 1995
Network Working Group S. Kille Request for Comments: 1836 ISDE Consortium Category: Experimental August 1995 Status of this Memo Representing the /R Address hierarchy in the X.500 Directory Information
More informationASA AnyConnect Double Authentication with Certificate Validation, Mapping, and Pre Fill Configuration Guide
ASA AnyConnect Double Authentication with Certificate Validation, Mapping, and Pre Fill Configuration Guide Document ID: 116111 Contributed by Michal Garcarz, Cisco TAC Engineer. Jun 13, 2013 Contents
More informationUnderstanding Active Directory Level 100
Understanding Active Directory Level 100 Ashwin Venugopal BinaryTitans IT Solutions Pvt. Ltd. What we are going to Learn here? Content What is Directory Service? Active Directory History of Directory Service
More informationIntroduction to LAN Introduction to TDC 363 Lecture 05 Course Outline What is NOS?
Introduction to LAN TDC 363 Lecture 05 Nt Network rkoprti Operating Systems tm Windows Based Networking NetWare Based Networking Book Reading: Chapters 8 1 Course Outline Network operating system (NOS)
More informationDeficiencies in LDAP when used to support Public Key Infrastructures
Deficiencies in LDAP when used to support Public Key Infrastructures Author: David Chadwick, University of Salford, Salford M5 4WT, England. Email: d.w.chadwick@salford.ac.uk Introduction The lightweight
More informationSecurity Assertions Markup Language
. Send comments to: Phillip Hallam-Baker, Senior Author 401 Edgewater Place, Suite 280 Wakefield MA 01880 Tel 781 245 6996 x227 Email: pbaker@verisign.com Security Assertions Markup Language Straw-man
More informationJob Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.1
Job Reference Guide SLAMD Distributed Load Generation Engine Version 1.8.1 December 2004 Contents 1. Introduction...3 2. The Utility Jobs...4 3. The LDAP Search Jobs...11 4. The LDAP Authentication Jobs...22
More informationAPPLICATION LAYER APPLICATION LAYER : DNS, HTTP, , SMTP, Telnet, FTP, Security-PGP-SSH.
APPLICATION LAYER : DNS, HTTP, E-mail, SMTP, Telnet, FTP, Security-PGP-SSH. To identify an entity, the Internet used the IP address, which uniquely identifies the connection of a host to the Internet.
More informationSNMP and Network Management
Contents SNMP and Network Management Network Management MIB naming tree, MIB-II SNMP protocol SNMP traps SNMP versions Nixu Ltd 2 Network management When you have 100s of computers in a network or are
More informationUsing LDAP for Directory Integration
Using LDAP for Directory Integration A Look at IBM SecureWay Directory, Active Directory and Domino LDAP integration guidelines for systems administrators Referrals and schema extensions Examples to help
More informationNetwork Working Group. Category: Standards Track Netscape Communications Corp. May 1999
Network Working Group Request for Comments: 2596 Category: Standards Track M. Wahl Innosoft International, Inc. T. Howes Netscape Communications Corp. May 1999 Use of Language Codes in LDAP Status of this
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory
I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.520 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2016) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY
More informationInformation technology Open Systems Interconnection The Directory: Models. Recommendation X.501 ISO/IEC
Information technology Open Systems Interconnection The Directory: Models Recommendation X.501 ISO/IEC 9594-2 Contents Foreword... iv Introduction...v SECTION 1: GENERAL 1 1 Scope...1 2 Normative references...2
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationThe OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).
Network Models The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding and developing computer-to-computer communication
More informationNetwork Working Group Request for Comments: 2696 Category: Informational Microsoft T. Howes Netscape September 1999
Network Working Group Request for Comments: 2696 Category: Informational C. Weider A. Herron A. Anantha Microsoft T. Howes Netscape September 1999 LDAP Control Extension for Simple Paged Results Manipulation
More informationOverview. RADIUS Protocol CHAPTER
CHAPTER 1 The chapter provides an overview of the RADIUS server, including connection steps, RADIUS message types, and using Cisco Access Registrar as a proxy server. Cisco Access Registrar is a RADIUS
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationA NAMING AND DIRECTORY SERVICE FOR PUBLISHER-SUBSCRIBER S STATUS DISSEMINATION PING JIANG
A NAMING AND DIRECTORY SERVICE FOR PUBLISHER-SUBSCRIBER S STATUS DISSEMINATION By PING JIANG A thesis submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN COMPUTER
More informationJNDI and LDAP Part I
JNDI and LDAP Part I Noel J. Bergman DevTech Noel J. Bergman JNDI and LDAP, Part I Page 1 Session Overview JNDI is commonly used as the general mechanism for exposing resources to J2EE applications. This
More informationRUBY/LDAP TUTORIAL. The common API for application development is described in RFC1823 and is supported by Ruby/LDAP.
http://www.tutorialspoint.com/ruby/ruby_ldap.htm RUBY/LDAP TUTORIAL Copyright tutorialspoint.com Ruby/LDAP is an extension library for Ruby. It provides the interface to some LDAP libraries like OpenLDAP,
More informationpython-ldap Documentation
python-ldap Documentation Release 3.0.0b1 python-ldap project December 05, 2017 Contents 1 What is python-ldap? 1 2 Get it! 3 3 Mailing list 5 4 Documentation 7 5 Contents 9 5.1 Installing python-ldap..........................................
More informationSolstice X.500 Directory Management
Solstice X.500 Directory Management A Sun Microsystems, Inc. Business 2550 Garcia Avenue Mountain View, CA 94043 U.S.A Part No.: 802-5304-10 Revision A, January 1996 1996 Sun Microsystems, Inc. 2550 Garcia
More informationSecurity Protocols and Infrastructures. Winter Term 2015/2016
Security Protocols and Infrastructures Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 5: Standards for Security Infrastructures Contents Introduction and naming scheme X.509 and its core
More informationApache Directory Studio LDAP Browser. User's Guide
Apache Directory Studio LDAP Browser User's Guide Apache Directory Studio LDAP Browser: User's Guide Version 2.0.0.v20180908-M14 Copyright 2006-2018 Apache Software Foundation Licensed to the Apache Software
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 15 Create an Identity Rule, page 15 Manage a Realm, page 20 Manage an Identity
More informationToday: Naming. Example: File Names
Today: Naming Names are used to share resources, uniquely identify entities and refer to locations Need to map from name to the entity it refers to E.g., Browser access to www.cnn.com Use name resolution
More informationInformation technology Open Systems Interconnection The Directory. Part : Procedures for distributed operation
)NTERNAT)ONAL STANDARD ISO/IEC 9594-4 Eighth edition - Information technology Open Systems Interconnection The Directory Part : Procedures for distributed operation Technologies de l information Interconnexion
More informationIBM. Reporting. Version 6.4
IBM Reporting Version 6.4 ii Reporting Contents Reporting.............. 1 IBM Security Directory Server audit reporting... 1 Prerequisites for audit reporting....... 2 Audit reporting configuration.......
More informationChapter 9: File System Interface
Chapter 9: File System Interface File System Interface File Concept Computers store information on different [physical] media Flash Drives, Magnetic disk, Optical Disks, Magnetic Tapes OS provides a uniform
More informationeduperson 1.0 Specification
eduperson 1.0 Specification Internet2/Educause eduperson Working Group 12-Feb-2001 edupersonaffiliation (defined in eduperson); OID: 1.3.6.1.4.1.5923.1.1.1.1 Application utility class: standard; # of values:
More informationLDAP Directory Integration
LDAP Server Name, Address, and Profile Configuration, on page 1 with Cisco Unified Communications Manager Task List, on page 1 for Contact Searches on XMPP Clients, on page 6 LDAP Server Name, Address,
More informationSERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory
International Telecommunication Union ITU-T X.520 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (10/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Directory Information technology
More informationMODIFYING LDAP TO SUPPORT PKI
MODIFYING LDAP TO SUPPORT PKI D.W.Chadwick, E. Ball, M.V. Sahalayev University of Salford Abstract: Key words: One of the impediments to a successful roll out of public key infrastructures (PKIs), is that
More informationSMS 2.0 SSO / LDAP Launch Kit
SMS 2.0 SSO / LDAP Launch Kit Table of Contents What options are available in SMS 2.0 for Single Sign On?... 4 LDAP (Lightweight Directory Access Protocol)... 4 SkySSO (Skyward Single Sign On)... 4 SkySTS
More informationDirectory Integration
Directory Parameters, page 1 Attribute Mapping Parameters, page 4 CDI Parameters, page 6 UDS Parameters, page 18 Directory Server Configuration Examples, page 20 Directory Parameters The following table
More informationIPv6 Support for LDAP
The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an IP network. The feature module describes the
More information