Embed Size (px)
Citation preview
Directory services
• Directory offline
– Elenchi telefonici
– Guide TV
– Cataloghi acquisti
• Directory online
– Application specific (lotus notes, MS Exchange 5.5, …)
– NOS based (Novell eDirectory, MS Active Directory, SUN nis, …)
– Purpose specific (DNS, …)
– General Purpose (Netscape Directory, OpenLDAP, …)
Caratteristiche directory online
• Dinamiche
• Flessibili
– Estensibili senza ripianificazione
– Flessibilità organizzativa (ricerche flessibili)
• Sicure (Access Control List, autenticazione)
• Personalizzabili (profilazione utente)
Directory vs Database
• Rapporto R/W
• Distribuzione/replicazione
• Performance
• Standard di interoperabilità (SQL/LDAP)
• Transazioni (rollback) e Join
Applicazioni delle directory
• Ricerca informazioni
• Gestione centralizzata oggetti e cfg
• sicurezza
LDAP
• X.500
• LDAP = semplificazione DAP
• LDAPv3– Internazionalizzazione UTF-8– Referrals– Security (SASL/TLS)– Estensibilità (controlli)
LDAP Client LDAP Server
1 – Search operation
2 – Returned entry
3 – Result code
LDAP Client LDAP Server
1 – Search operation, msgid=1
3 – Returned entry, msgid=1
5 – Result code, msgid=2
2 – Search operation, msgid=2
4 – Returned entry, msgid=2
6 – Result code, msgid=1
A client issues multiple LDAP Search request simultaneously
LDAP Client LDAP Server
1 – Open connection and bind
4 – First entry returned
6 – Result of search operation
3 – Search operation
5 – Second entry returned
8 – Close connection
Typical LDAP Exchange
2 – Result of bind operation
7 – Unbind operation
Directory enabled email application
LDAP Server
1 – Search for user Mario Rossi
2 – Entry for Mario Rossi returned
Messaging Server
3 – Client encryps outgoing message using certificate read from directory
4 – Client sends outgoing message to recipient
Modelli operativi di LDAP
• Information Model
• Naming Model
• Functional Model
• Security Model
LDAP Information Model
• Definizione dei tipi di dati
• Oggetti e attributi
• Schema
LDAP Naming Model
dc=example,dc=com
ou=people
cn=Mario Rossi
LDAP Functional Model
• Operazioni che possono essere effettuate– Interrogazione– Update– Autenticazione e controllo– Extended operations
LDAP Security Model
• Binding
• Anonymous o DN+pwd
• Meccanismi SASL (autenticazione)
• StartTLS (cifratura + autenticazione)
Ciclo di vita di un DS
• Design
• Deployment
• Maintenance
Design di un DS
• Directory needs
• Data
• Schema
• Namespace
• Topology
• Replication
• Security
Fase di Deployment di un DS
• Choose directory software
• Piloting
• Analyzing cost
• User feedback
• Moving to production
Fase di Maintenance di un DS
• Backup e Disaster recovery
• Data maintenance
• Monitoring
• Troubleshooting
• Change requirements
top
person
organizationalPerson
inetOrgPerson
Sup
erio
r cla
ssM
ore attributes
dc=example,dc=com
OU = People
Directory Distribuita
OU = AcctOU = HR
DC=example,DC=com
OU = People
Directory Distribuita
OU = AcctOU = HR
Knowledge Referencesdc=example,dc=com
Immediate superior knowledge reference
Subordinate references
