Basic LDAP Training

Duration: 2 or 3 days. If three days the last day is the Advanced LDAP Course.

La formation est aussi disponible en français.

Other courses: DNS Training, Telecommunications Training, LDAP Training.

The course uses OpenLDAP which is available on Linux, UNIX and Windows platforms to illustrate LDAP principles and operation and which is relatively invisible during the basic course. The course makes extensive use of a platform independent LDAP browser to discovery and interrogate LDAP implementations including Windows Active Directory. The course is offered with Linux (Fedora Core), FreeBSD or Windows as the platform for all excercises.

Introduction

Lightweight Directory Access Protocol (LDAP) is the emerging standard for managing resources and objects used within and in some cases between organizations. The hierarchical, yet flexible architecture, of LDAP makes it suitable for a wide range of tasks from simple customer address lists through operational provision of Single Sign-On (SSO and Identity Management) to a repository for network wide policy management. With resilience, platform independence and distributed functionality built-in, coupled with LDAP abstraction layers available from most transaction oriented database suppliers, LDAP is the ideal standards based approach to unifying data usage on an enterprise wide basis. Microsoft's Active Directory is but one of a number of enterprise wide solutions using LDAP to glue together disparate data.

Description

Students will learn the theory and organization of the LDAP hierarchy or Object Tree Structure covering the Data Information Tree (DIT), objectClasses and attributes. LDAP Interchange Files (LDIF), LDAP security, STRUCTURAL, AUXILIARY and ABSTRACT Object Classes, Schemas, ASN.1 notation, matching rules, indexing and searching are all covered in detail. Students will construct a simple application when the basic theory has been covered and then progressively enhance the application with increasingly complex functionality to both fully illustrate all the architectural elements and as a practical demonstration of the flexiblibly and extensibility of LDAP. A platform independent LDAP browser is used throughout the course to examine both the students application and the Windows Active Directory LDAP implementation.

Audience:

The course is optimized for LDAP designers, architects and implementors, Network and System administrators and those who need a thorough understanding of LDAP technology.

About the Instructor

Ron Aitchison is the author of Pro DNS and BIND (Apress ISBN 1-59059-494-0) and the on-line LDAP for Rocket Scientists which is read and consulted over 100,000 times per month from around the world. Ron has been involved in communications and networking for more years than he cares to admit and is president and founder of Zytrax, Inc. a company specializing in IP communications (wired and wireless), systems development, training and consulting in Montreal, Canada. He has been involved with Open Source software and systems for over 10 years and Windows since the gory days of Windows 3.1.

Contents

Module 1: LDAP Introduction and Theory

• Directory Background

  • What is a directory
  • History of directories
  • X.500 and X.519 DAP
  • X.500 and Global Uniqueness
  • The IETF and LDAP

• LDAP Introduction

  • LDAP Scope
  • LDAP and Transactional Databases
  • LDAP is good for.....
  • LDAP - myths, legends and nonsense

• LDAP Object Tree Structure

  • LDAP models defined (Information, Naming, Functional, Security)
  • LDAP Data Information Tree (DIT)
  • LDAP DIT root
  • LDAP Entries
  • LDAP objectClasses
  • LDAP hierarchy (Parent, Child, Siblings)
  • LDAP attributes

• LDAP and ASN.1

  • Global uniqueness
  • ASN.1 Notation
  • ASN.1 examples
  • ASN1. in LDAP

• Exercise: White Page attributes

  • Ideal contents of a White Page directory

Module 2: LDAP Information (Data) Model

• Attribute Characteristics

  • Data content and format
  • Optional or Manadatory
  • Single or multiple instances
  • Names and aliases
  • Matching Rules

• ObjectClass Characteristics

  • Collection of Attributes
  • Defines attribute properties
  • Structural, Auxiliary and Abstract
  • LDAP Schemas - packages of objectClasses and Attributes

• The InetOrgPerson objectClass

  • Attributes and Structure
  • OrganizationalPerson objectClass
  • Person objectClass

• DIT Design and Organization

  • Top Level Organization of DIT
  • Organizational Units
  • Global Uniqueness or Not
  • Future Flexibility
  • Flat architecture
  • Structure examples

• Exercise: Design White Page LDAP DIT

Module 3: LDAP Functional Model

• Reading and Writing

  • Read (Search) and Write (Modify) Characteristics
  • Distinguished Names (DN)
  • Relative Distinguished Names (RDN)
  • Mapping to White Pages Directory

• Indexing

  • Power of Indexing
  • Controling Indexing
  • Cost of Indexing
  • Optimize Indexing - frequently

• LDIF

  • LDAP Interchange Format files
  • LDIF functions
  • LDIF Layout
  • LDIF to Create an empty DIT

• Exercise: Create White Page LDAP Application

• Exercise: The LDAP Browser

  • Browse the Structure
  • Add Records
  • Delete Records
  • Search Records
  • Browse Active Directory
  • Search Active Directory

• LDAP URLs

  • LDAP URL Notation and structure
  • LDAP URL Limits and Functionality

• Exercise: Use Browser to explore LDAP

Module 4: LDAP Referrals and Security

• LDAP is Distributed

  • LDAP Organizational Hierarchy
  • Referrals
  • Defining Referrals
  • Referral examples

• Exercise: Add Referral to LDAP

• LDAP Security Model

  • LDAP Operations vs Data
  • LDAP Security Overview
  • LDAP Security features
  • Securing AD
  • White Page Security Requirements
  • LDAP Security - White Page application

• Exercise: Add Security Policy

• LDAP Save/Restore

  • Using LDIF files

• Exercise: Archive/Restore LDAP

Module 5: Extending LDAP

• Adding New Functionality

  • Adding child entries
  • Extending existing entries
  • Adding new Organizational Units

• Groups - groupOfNames

  • Use and function of groups
  • Assigning permissions with groups

• Exercise: Enhance white Page application

• LDAP Security Model - enhanced

  • LDAP Complex Security
  • LDAP Enhanced Security Policy requirement

• Exercise: Add and test security policy

• LDAP Security Model - Replication

  • LDAP Replication
  • LDAP Replication Characteristics and features

• Exercise: Replicate Application

Module 6: LDAP for Access Security

• Access Security

  • Authentication and Authorization
  • Network Authentication (KERBEROS)
  • Single User - Single Password
  • Single Sign-On (SSO)
  • Platform Authentication - UNIX/Windows

• Adding Authentication and Authorization

  • LINUX/UNIX - posixAccount
  • Windows Active Directory

• Exercise: Add Authentication to Application

• Exercise: Add and test security policy

Module 7: LDAP Summary

• LDAP Summary

  • DIT
  • objectClasses
  • Attributes
  • Schemas
  • LDIF

• LDAP Resources

Other courses: DNS Training, Telecom Training, LDAP Training.