CIS 527



Lab 4 - Directory Services Overview

Directory Service

  • Store and Retrieve Information
  • Multiple Types
    • Users
    • Groups
    • Systems
    • Resources

Image Source: Wikipedia

History

  • 1988- X.500 Standard Published
  • 1992 - Samba Released
  • 1993 - Novell Directory Services
  • 1993 - Kerberos Protocol
  • 1999 - Microsoft Active Directory

X.500 Standard

  • Released in 1988
  • Name Lookups for X.400 Email Standards
  • Built for OSI Networking Protocols
  • Defines Several Protocols
    • Directory Access Protocol (DAP)
    • Directory System Protocol (DSP)
    • Directory Information Shadowing Protocol (DISP)

Lightweight Directory Access Protocol (LDAP)

  • Implementation of X.500 DAP Using TCP/IP
  • Used by Many Systems
    • Microsoft Active Directory
    • Novell Directory Services
    • OpenLDAP

LDAP vs. X.500

Image Source: x500standard.com

LDAP Uses

Image Source: Apache

LDAP Tree Structure

Image Source: Apache

LDAP Entry Items

  • dn - Distinguished Name
  • cn - Common Name
  • sn - Surname
  • dc - Domain Component
  • ou - Organizational Unit

Sample LDAP Entry

dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

Samba

  • Reverse Engineered SMB/CIFS Network Protocol
  • Allows File Sharing between Linux and Windows
  • Can Act as Part of an Active Directory Domain

Novell Directory Services

  • Released in 1993 by Novell
  • Now Called NetIQ eDirectory
  • Originally Used IPX/SPX Protocols
  • Most Common Directory Service Before Active Directory's Release

NDS Example

Image Source: Novell

Workgroup/Homegroup

  • Windows File Sharing
  • Each Computer Has Local Users
  • Share Resources Without Server
  • Designed for Home Users

Workgroup

Image Source: eTutorials.org

Active Directory

  • Introduced in 1999 with Windows 2000
  • Directory Service using LDAP and Kerberos
  • Common in Windows-Based Enterprises
  • Central Management of Security Policies and More

Domain

Image Source: eTutorials.org

Kerberos

Image Source: Wikipedia

Kerberos Protocol

  • Developed by MIT in 1980s
  • Published in 1993 as RFC 1510
  • Authentication via 3rd Party Server
  • Used by Many LDAP Servers

Image Source: Wikipedia

Coming Up

  • Install Active Directory on Windows
    • Configure Group Policy
  • Install OpenLDAP on Ubuntu
  • Configure Clients