📁

Understanding LDAP and Its Functions

Sep 30, 2024

LDAP Overview

Introduction to LDAP

  • LDAP stands for Lightweight Directory Access Protocol.
  • Used for accessing and managing directory services.
  • Operates over TCP/IP, open and cross-platform.
  • Not to be confused with Active Directory (AD).

What is Active Directory (AD)?

  • Active Directory is a directory services database.
  • Provides user and group management, policies, authentication, and authorization for users and computers.

LDAP vs Active Directory

  • LDAP: A protocol used to communicate with Active Directory.
  • Active Directory: A directory services database.

How LDAP Works

  • LDAP follows a client-server model for authentication.
  • Client: An LDAP-ready system/application requesting information.
  • LDAP Server: Authenticates the client by verifying credentials against the LDAP database.
  • Example: User enters credentials, sent to the LDAP server for verification.

LDAP Authentication Flow

  1. User Input: Username and password entered by the client.
  2. API Call: Credentials passed to the LDAP server.
  3. Authentication: LDAP server checks against its database.
  4. Response: Valid or invalid response sent back to the client.

Why Use LDAP?

  • Useful for managing large groups in organizations (e.g., companies with 1,000+ employees).
  • Facilitates policy creation and permissions management without needing to manage individual computers.
  • Example: Library services can utilize LDAP for efficient book management and user verification.

LDAP Structure

  • Structure Hierarchy: Follows a tree model.
    • Root: Top of the tree.
    • Domain Component (DC): Represents the top level and defines DNS namespace.
    • Organizational Unit (OU): Groups within the organization.
      • Example: Users and Groups.
    • Common Name (CN): Represents individual user entries.

Example Structure

  • Example company ABC:
    • OUs: Developer, Business, Finance.
    • Users: CN=John under OU=User.

Directory Information Tree (DIT)

  • Visually represents the LDAP structure in Apache Directory Studio.
  • Example: dc=example, dc=com with OUs and users.

User and Group Management

  • Users can belong to multiple groups.
  • Use uniqueMember attribute to link users to groups.
  • Attributes used in LDAP include CN, SN, DN, O, and OU.

Adding Users in LDAP

  1. Click on OU to add a new entry.
  2. Choose inetOrgPerson for user type.
  3. Fill out required fields (e.g., CN, SN).
  4. Confirm successful addition in the log.

Authentication Types in LDAP

  1. Simple Authentication: Captures username and password for basic binding to check validity.
  2. SASL (Simple Authentication and Security Layer): Allows negotiation of authentication mechanisms and security policies.

Conclusion

  • LDAP is essential for efficient directory management and authentication in large organizations.
  • Understanding its structure and operation is crucial for network administrators.

Full transcript