What is LDAP? LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications
How Does LDAP work? In short, LDAP specifies a method of directory storage that allows for adding, deleting, and modifying records, and it enables the search of those records to facilitate both authentication and authorization of users to resources.
LDAP’s three main functions are:
Update: This includes adding, deleting, or modifying directory information.
Query: This includes searching and comparing directory information.
Authenticate: The main authentication functions include binding and unbinding; a third function, abandon, can be used to stop a server from completing an operation
LDAP Directory Information Tree LDAP organizes information in a hierarchical tree structure, referred to as a directory information tree (DIT). The LDAP DIT can vary based on the software or directory service you use; however, LDAP directories generally follow this tree structure, where entries without subordinates (users, for example) are leaves, and the root is the overarching entity that encompasses all the information within the directory.
LDAP Authentication and Authorization The LDAP protocol both authenticates and authorizes users to their resources. The protocol authenticates users with a bind operation that allows the user to communicate with an LDAP directory, then authorizes the authenticated user to the resources they need if their input login information matches what’s listed for them in the database.
1.What Is LDAP Authentication ? LDAP authentication relies on a client/server bind operation, which allows the LDAP-ready client, referred to as the directory user agent (DUA), and the directory server, referred to as the directory system agent (DSA), to communicate within a secure, encrypted session.
When authenticating against an LDAP server in an attempt to gain access to the database, the user is prompted to provide their username and password.
If the values the user inputs into the client matches what is found in the LDAP database, the user is granted access by the LDAP server to whatever the IT resource may be.
2. What Is LDAP Authorization ? Once a user is successfully authenticated, they need to be authorized to the resource(s) requested. While different LDAP instances may structure and encode this slightly differently, this is essentially accomplished by assigning permissions with groups and roles in the directory.
Content
0 -> hello everyone welcome to talented
developer in this video we are going to
4.74 -> learn about LDAP so first of all we will
see what is LDAP then LDAP vs Active
10.65 -> Directory after that we will see how
LDAP work and we will also see the
15.99 -> authentication inside the LDAP after
that we will see the structure of LDAP
20.699 -> with the Apache directory studio so
let's begin
34.199 -> so what is AD. ADis stand for Active
Directory, mainly it is used to provide
41.649 -> the authentication to group and user
management. It is also used to provide
47.309 -> policies. It will authenticate and
authorize all kind of user and computer.
57.14 -> so what is LDAP LDAP a stand for
lightweight directory access protocol so
64.129 -> you can see the name lightweight
directory access protocol, so it is very
67.31 -> very lightweight and it is so much
secure it is used to access and manage
72.979 -> the directory services it runs over the
TCP and IP protocol. it is open and
80.619 -> cross-platform
85.04 -> so what is LDAP and Active Directory
90.83 -> LDAP is a way of speaking to Active
Directory and Active Directory is a
97.62 -> directory services database and a LDAP is
always used to talk with them so it is a
105.54 -> protocol that used to talk
so how LDAP works LDAP authentication
114.72 -> follows the client-server model so in
this scenario you can see the client
121.47 -> side is LDAP ready system or application
that is requesting information from the
127.88 -> associate LDAP database and the LDAP
database server so once we will enter
135.18 -> the credential after that it will go to
the LDAP server and LDAP server is
142.01 -> associated with the LDAP database so it
will go and try to authenticate after
148.2 -> that it will give the response so same
thing I am going to show you in the
153.51 -> Apache Directory studio so this is the
LDAP server right what I mention like so
159.989 -> first of all we have to start our server
once our server is running after that it
166.769 -> will link the database same like SQL
Server so you can see the server is
172.41 -> started after that you can see this is
our connection like kind of LDAP
177.45 -> database and here we are having our data
no need to worry about what is LDAP
184.47 -> Apache directories to do I have already
created a video just to go and check out
189.78 -> in the description so here what will
happen you can see I'm having a user
195.15 -> right so this user is currently holding
user ID and password
200.88 -> after that what we'll do we will enter
the user entry and password and
207.24 -> from the client-side will enter and it
will go to the LDAP server after that
212.82 -> LDAP server will talk with their
database LDAP database and it will
217.11 -> verify the user is valid or not so let's
move to the next section so how does
225.86 -> LDAP authentication between a client and
server works like so definitely we need
234.03 -> to understand how the client and server
is related to each other so first of all
240.02 -> from client side we will enter user name
and password after that it will go to
246.3 -> your services or API after that it will
call the LDAP server here he will talk
254.46 -> with their database and once they found
like the user is not authenticated so
260.52 -> they will send the response back to them
like this user is not valid and in case
266.4 -> of it match the credential then it will
authorize them okay you have permission
273.59 -> now you can go and access our services
so this is how a lab authentication work
281.3 -> so why we need to use LDAP I am going to
show you an example suppose you are
287.82 -> working as a network admin in very big
company like they have huge employing
294.21 -> more than one thousand to ten thousand
and in that company you have different
300 -> level of teams like accounts developer
inside developer also you have different
306.33 -> different team and so many sub teams and
someone says to you like ok create
312.63 -> policy for everyone so is this possible
to sit everyone computer and create
317.82 -> policy no it is very very hard and
suppose some time you have to block the
323.46 -> user like ok you don't have permission
to access that file or some time you
328.47 -> have to provide only some a specific
user so how you can achieve that one so
333.9 -> definitely you can achieve through the
you can take another example also
339.79 -> suppose you are running a library
services in that you have a huge
344.17 -> collection a book after that if someone
is going to search it will take
349.69 -> definitely huge time so what you can do
is you can use LDAP LDAP will provide
355.72 -> very very fast services because it is
very very light and here what you can do
361.12 -> you can capture the ID card details and
according to that you can verify
367.78 -> everything so that's why we are saying
like in LDAP write or update ones and
375.03 -> read multiple time
what is LDAP structure so first of all
382.56 -> we are going to see the structure of 3 3
means definitely all this structure is
388.57 -> following the tree hierarchy that means
the root always root will be the top one
396.6 -> after that they have another level that
name is BC here
404.08 -> DC is stand for domain component DC
always represents the top of the tree
411.52 -> and use DNS to define name space after
that we have another sublevel that is oh
420.58 -> you oh you stand for organization unit
here we have to owe you one is user and
429.37 -> one is group after that inside user we
have some user so you can see one
437.41 -> example C and here C n stand for John
and C n means common name right so I'm
446.68 -> just going to relate this structure with
an example so amazing ABC is a company
454.11 -> inside that they have different groups
or team developer business and finance
461.86 -> inside the developer also they have
another group and team inside finance
467.26 -> they have another team
and inside back in and account they have
472.54 -> some user you can relate this example
with the LDAP structure so what will
479.08 -> happen here ABC will be organization
name and the developer business finance
488.17 -> back in and account is a organization
unit inside that they have one user that
498.1 -> username is shown right so same thing I
am going to show you inside the lab
504.13 -> Apache directory studio so this is di t
directory information tree inside they
511.39 -> have root you can see this equal to
example and TC calm here we are having
517.9 -> three oh you so I'm just going to open
system or you inside we have another oh
524.71 -> you that is user and here we are having
one user Mike so if you go to the
533.23 -> properties and you can see the DN what
will be the DN of that one C and Mike CN
541.27 -> Mike and he inside the user right he is
inside the user and this user belongs to
547.99 -> all you system right so you can see how
we have related each other so no need to
554.32 -> worry about this LDAP Apache a directory
studio I have already created the video
559.12 -> so it will definitely help you so next
what we can do so here we can say like C
567.13 -> n right this is a C and common name John
Mark hey it inside the back in oh you
573.49 -> write and this back in is inside the
developer oh you write and this
580.18 -> developer o you is inside one
organization type name is ABC right so
584.86 -> same thing I just show you so this is
how we can easily understand
591.31 -> next thing like imagine you have a
organisation or equal to company inside
597.79 -> that we have 200 users and group and
inside the user we have added all the
604.959 -> user attribute here one user can belongs
to different group so here when we are
611.829 -> going to create a group we have to use
one attribute that name is group of
617.019 -> unique names and suppose here run is
inside the users and how we can link Ram
626.589 -> inside the admin group so definitely we
can link we have to use one attributes
631.54 -> that name is unique member if we use
unique member attribute after that just
637.149 -> follow the path of ROM so you can see CN
Ram right and he is inside the user
643.87 -> right users and you means organisation
name is company right so this is how we
650.379 -> have follow so let's see in that a lab
Apache directory studio also right I
656.92 -> have discussed there are some user so
this user can belongs to one group like
661.75 -> the group name is administrator here you
can see we already have one unique
667.089 -> member this unique member is admin right
so how we have used and how we added we
673.029 -> have added by unique member tag and in
LDAP database we are just not adding
679.75 -> only CNS in on user name we can add
multiple field also so you can see they
686.829 -> have huge attribute list more than 20
employee number employee type keeping
692.86 -> name home phone right so we have to
follow some term oh stand for
700.54 -> organization name oh you means
organization unit C and C n means common
706.779 -> name s and surname DN means just to miss
name and
712.19 -> we have user I net all person and use or
equal to group of unique name so the
718.49 -> collection of both we can say like
object so I'm just going to show you a
723.23 -> simple overview how we can add user so
you can see this is one Oh you I'm just
731.66 -> going to click here new entry after that
click on next and here what we have to
737.66 -> add we have to use I net or person after
that click on next
742.85 -> and here you can see which I didn't we
need to use I'm just going to follow the
749.12 -> C N and here you can add some name so I
just follow hi you can see the DN
757.79 -> preview also changing when I'm adding
anything in the C N and once you click
763.13 -> next it will ask the SN so just enter
something and click on finish once you
769.22 -> click in the log you can see it will
show the user has been added right and
774.88 -> if you go to the properties you can see
the path of that user right so this is
781.49 -> the way to how to add use so next we are
going to discuss about the
787.4 -> authentication type in LDAP here
generally two type of authentication
792.95 -> first one is simple in simple what will
happen it will capture user name and
798.8 -> password after that it will bind and go
to the LDAP database and check the user
805.22 -> is valid or invalid if the user is valid
then they will keep the permission like
809.75 -> okay you can go and access that one next
one is SASL here bind will be involved
815.66 -> much more and it will allow client
server to negotiate a particular
821.32 -> authentication mechanism that he used to
check there LDAP connection and they can
827.51 -> create their own security policy and
they can also configure I hope this
832.67 -> video will be helped you a lot please
thumbs up alike and write your comment
