Hello everyone welcome to Talented Developer In this video we are going to learn about LDAP First of all we will see what is LDAP Then LDAP vs Active Directory After that we will see how LDAP works And we will also see the authentication inside the LDAP After that we will see the structure of LDAP with Apache Directory Studio So let's begin so what is ad ad stands for active directory mainly it is used to provide the authentication group and user management it is also used to provide policies it will authenticate and authorize all kind of user and computer so what is ldap ldap stands for lightweight directory access protocol so you can see the name lightweight directory access protocol so it is very very lightweight and it is so much secure it is used to access and manage the directory services it runs over the TCP and IP protocol it is open and cross-platform so what is LDAP and Active Directory LDAP is a way of speaking to active directory and active directory is a directory services database and ldap is always used to talk with them so it is a protocol that used to talk so how ldap works ldap authentication follows the client server model so in this scenario you can see the The client side is LDAP ready system or application that is requesting information from the associate LDAP database and the LDAP database server. So once we will enter the credential after that it will go to the LDAP server and LDAP server is associated with the LDAP database. So it will go and try to authenticate after that it will give the response. so same thing i am going to show you in the apache directory studio so this is the ldap server right what i mentioned like so first of all we have to start our server once our server is running after that it will link the database same like sql server so you can see the server is started after that you can see this is our connection like kind of ldap database and here we are having our data no need to worry about what is LDAP apache directory studio I have already created a video just go and check out in the description so here what will happen you can see I am having a user right so this user is currently holding user ID and password after that what we'll do we will enter the user ID and password and from the client side will enter and it will go to the LDAP server after that LDAP server will talk with their database LDAP database and it will verify the user is valid or not so let's move to the next section so how does LDAP authentication between a client and server works right so definitely we need to understand how the client and server is related to each other so first of all from client side we will enter username and password after that it will go to your services or api after that it will call the ldap server here he will talk with their database and once they found like the user is not authenticated so they will send the response back to them like this user is not valid and in case of it match the credential then it will authorize them okay you have permission now you can go and access our services so this is how ldap authentication work so why we need to use ldap i am going to show you an example suppose you are working as a network admin in very big company like they have huge employee more than one thousand to ten thousand and In that company, you have different level of teams like accounts developer inside developer also you have different different team and so many sub teams and someone says to you like okay create policy for everyone so is this possible to sit everyone computer and create policy no it is very very hard and suppose sometime you have to block the user like okay you don't have permission to access that file or sometime you have to provide only some specific user so how you can achieve that one so definitely you can achieve through the l tab you can take another example also suppose you are running a library services in that you have huge collection of book after that if someone is going to search it will take definitely huge time so what you can do you can use l tab l type will provide very very fast services because it is very very light and here what you can do you can capture the ID card details and according to that you can verify everything so that's why we are saying like in LDAP write or update once and read multiple time what is LDAP structure so first of all we are going to see the structure tree tree means definitely all the structure is following the tree hierarchy that means the root always root will be the top one after that they have another label that name is dc here dc is stand for domain component dc always represents the top of the tree and use DNS to define namespace.
After that we have another sub-level that is OU. OU stands for Organization Unit. Here we have two OU, one is User and one is Group.
After that inside User we have some user. So you can see one example CN. Here CN stands for John and CN means common name right so I'm just going to relate this structure with an example so imagine ABC is a company inside that they have different groups or team developer business and finance inside the developer also they have another group and team inside finance they have another team and inside backing and account they have some user you can relate this example with the LDAP structure so what will happen here ABC will be organization name and the developer business finance back end and account is a organization unit inside that they have one user that username is John right So same thing I am going to show you inside buildapp apache directory studio.
So this is dit directory information tree. Inside they have root. You can see dc equal to example and dc com. Here we are having three OU. So I am just going to open system OU.
Inside we have another OU that is user. And here we are having one user. mic so if you go to the properties and you can see the dn what will be the dn of that one cn mic cn mic and he is inside the user right he is inside the user and this user belongs to ou system right so you can see how we have related each other so no need to worry about this l tab apache directory studio i have already created the video so it will definitely help you so next what we can do so here we can say like cn right this is a cn comma name john mark he is inside the backend ou right and this packing is inside the developer ou right and this developer ou is inside one organization that name is abc right so same thing i just show you so this is how we can easily understand next thing like imagine you have a organization or equal to company inside that we have to owe you users and group and inside the user we have added all the user attribute here one user can belongs to different group so here when we are going to create a group we have to use one attribute that name is group of unique names and suppose here Ram is inside the users and how we can link Ram inside the admin group so definitely we can link we have to use one attributes that name is unique member if you use unique member attribute after that just follow the path of ram so you can see c and ram right and he is inside the user right users and o means organization name is company right so this is how we have follow so let's see in that ldap apache directory studio also right i have discussed there are some user so this user can belongs to one group right the group name is administrator here you can see we already have one unique member this unique member is admin right so how we have used and how we added we have added by unique member tag and in ldap database we are just not adding only cn sn or username we can add multiple field also so you can see they have huge attribute list more than 20 employee number employer type given name home phone right so we have to follow some term o stands for organization name ou means organization unit cn cn means common name sn sir name dn means distinguished name and we have user inet or person and user equal to group of unique name. So, the collection of both we can say like object. So, I am just going to show you a simple overview how we can add user.
So, you can see this is one OU. I am just going to click here new entry. After that click on next. And here what we have to add? We have to use inet org person.
After that click on next. And here you can see. which IDN we need to use. I'm just going to follow the CN and here you can add some name. So, I just follow Hi.
You can see the DN preview also changing when I'm adding anything in the CN. And once you click next, it will ask the SN. So, just enter something and click on finish. Once you click in the log, you can see it will show the user has been added.
Right? And if you go to the properties you can see the path of that user right so this is a way to how to add user so next we are going to discuss about the authentication type in ldap here generally two type of authentication first one is simple in simple what will happen it will capture username and password after that it will bind and go to the ldap database and check the user is valid or invalid if the user is valid then they will give the permission like okay you can go and access that one next one is sasl here bind will be involved much more and it will allow client server to negotiate a particular authentication mechanism that used to check their ldap connection and they can create their own security policy and they can also configure i hope this video