“This is the second day of my participation in the Gwen Challenge in November. See details: The Last Gwen Challenge in 2021”
Recently, services need to connect to LDAP. What is LDAP?
Let’s do some research, fill in my blind spots
What is LDAP?
LDAP is a Lightweight Directory Access Protocol based on the X.500 standard
We can understand that it is a directory database, read performance is super high, write performance is not satisfactory, so we basically query it most
What are the products of LDAP?
- OpenLDAP
- MiscroSoft Active Directory
- IBM Security Directory
- Sun’s LDAP
- Other ldap
I believe that as long as you are familiar with the basic LDAP protocol, the docking of other companies’ products should be easy
Basic concepts that LDAP must know?
Since there are many products based on LDAP, let’s use Active Directory as an example to look at the basic concepts we need to know about LDAP
Active Directory means Active Directory
The key concepts are:
DC Domain Controller
It’s the domain controller. It’s very core
In fact, it is a server in AD, a PC with an active directory installed. All the information of Domain users will be stored in this Domain Controller. It is the server of the entire active directory
When Active Directory is installed on your local PC, there will be no local users and all users will automatically become domain users
Member computer
After establishing trust with the domain controller and joining the computers in the domain, each computer will generate trust keys when joining the domain, similar to the token used by the server
And every once in a while, access to other members of the computer is required through the Domain Controller to obtain tokens, so that the Domain computers can access each other
For example, IF I am A Domain Controller and I send A token to computer A, THEN I will add computer A to my Domain
SID Security id
Both the user and the computer have a SID, which is a unique identifier
DNS service
When setting up the active directory, you must also set up a DNS service, because when we access the active directory, we generally do not use IP to access, but use the domain name to access
This is required to configure DNS on the local, generally configured DNS service and active directory server together
Let’s look at an example of an LDAP server I set up myself:
DN Distinguished Name Distinguished Name
Is a unique identifier that can be used to find a record that identifies the path from the root of the tree to the node. The DN also identifies the detailed location of the node in the tree
For example, this is a simple LDAP server. Ou =people in the figure, we can see that there is a DN at the top which says OU =people,dc=ldapdomain,dc=com. This is a DN
A DN is like a database primary key, identifying a unique item that cannot be repeated
RDN Reletive Distinguished Name
Ou =people,dc= ldapDomain,dc=com contains three RDNS, each of which is an RDN
DC domain component
Dc =ldapdomain,dc=com
For example,dc= ldapdomain,dc=com ldapdomain.com
C country
On behalf of the state
O Organization
Representing the organization, representing the company
OU Organization Unit
Represents organizational units, represents departments
For example, OU =people, OU =group, we can also understand that OU stands for branch
The OU can contain many things, such as computers, users, printers, security policies, other organizations, and so on
CN Common Name
This is the name of a record, and uid in the diagram is the name of a record, and they can coexist
ObjectClass object class
ObjectClass will pre-define some classes, and you can define some rules on this class, such as defining some tag fields and so on
DIT Directory Information Tree
The meaning of directory information tree, see our own server, the location of the above screenshot is a directory information tree
Visual LDAP client
The two LDAP visualization tools I have started using so far are:
- LdapAdmin
- LdapBrowser
Generally, LDAP is used for interconnection. The ldapsearch command is used most often. The more you search, the higher the performance of LDAP is
Feel it slowly and eat it
Welcome to like, follow and favorites
Friends, your support and encouragement, I insist on sharing, improve the quality of the power
All right, that’s it for this time
Technology is open, our mentality, should be more open. Embrace change, live in the sun, and strive to move forward.
I am Nezha, welcome to like, see you next time ~