🔍

Understanding LDAP and Its Functionality

Apr 17, 2025

Lecture on LDAP (Lightweight Directory Access Protocol)

Introduction

  • Topic: Overview of LDAP
  • Key Areas:
    • What is LDAP?
    • LDAP vs Active Directory
    • How LDAP works?
    • LDAP Authentication
    • Structure of LDAP

Active Directory (AD)

  • Definition: Active Directory is used for authentication, user, and group management.
  • Functions:
    • Provides authentication and authorization for users and computers.
    • Manages policies.

LDAP (Lightweight Directory Access Protocol)

  • Definition: LDAP is a protocol for accessing and managing directory services.
  • Characteristics:
    • Lightweight and secure.
    • Runs over TCP/IP protocol.
    • Open and cross-platform.

LDAP vs Active Directory

  • LDAP: Protocol used to talk to Active Directory.
  • Active Directory: Directory services database.

How LDAP Works

  • Model: Follows the client-server model.
  • Process:
    • Client (LDAP-ready system) requests information.
    • Credentials are entered and sent to the LDAP server.
    • LDAP server interacts with the LDAP database to authenticate.

LDAP Authentication Process

  • Steps:
    1. Client enters username and password.
    2. Request goes to services/API.
    3. LDAP server checks credentials against database.
    4. Sends response back to client (valid or invalid credentials).

Why Use LDAP?

  • Scenarios:
    • Network Administration: Manage policies and access for large companies efficiently.
    • Library Services: Provides fast access due to lightweight nature.

LDAP Structure

  • Hierarchy: Follows a tree hierarchy.
    • Root: Top of the tree.
    • DC (Domain Component): Represents the top of the tree using DNS.
    • OU (Organizational Unit): Sublevels like user and group.
    • CN (Common Name): Represents individual users.

Example Structure

  • Organization ABC:
    • Developer, Business, Finance teams as OUs.
    • Users like 'John' under respective OUs.

LDAP in Practice

  • DIT (Directory Information Tree): Visual representation of LDAP hierarchy.
  • Attributes:
    • Uses attributes like CN, OU, DC to organize users and groups.
    • Examples of attributes: Employee number, type, home phone, etc.

Adding Users

  • Procedure:
    • Use 'inetOrgPerson' for entries.
    • Follow DN (Distinguished Name) convention.
    • Add attributes like CN and SN (Surname).

Authentication Types in LDAP

  • Simple Authentication:
    • Uses username and password.
    • Checks credentials against the LDAP database.
  • SASL (Simple Authentication and Security Layer):
    • Involves more complex binding.
    • Allows custom security policies and configurations.

Remember to check out additional resources and videos available in the description for more in-depth understanding.

Full transcript