Professional Documents
Culture Documents
Chng 5
Gii thiu LDAP
5.1
Th mc (Directory)
nh ngha th mc l ni dng cha v cho php thc hin cc thao tc truy
xut thng tin.
LDAP client
LDAP server
LDAP server
Hnh 5 - 3 Nhiu kt qu tm kt cc tr v
Vic cho php nhiu thng ip cng s l ng thi lm cho LDAP linh ng hn cc
nghi thc khc v d nh HTTP, vi mi yu cu t client phi c tr li trc khi
mt yu cu khc c gi i, mt HTTP client program nh l Web browser mun
ti xung cng lc nhiu file th Web browser phi thc hin m tng kt ni cho
tng file, LDAP thc hin theo cch hon ton khc, qun l tt c thao tc trn mt
kt ni.
5.1.3 Cc thao tc ca nghi thc LDAP
LDAP c 9 thao tc c bn, chia thnh 3 nhm thao tc chnh:
Thao tc thm tra (interrogation) : search, compare. Hai thao tc ny cho php
chng ta thc hin thm tra trn th mc.
LDAP control - Nhng phn ca thng tin km theo cng vi cc thao tc LDAP,
thay i hnh vi ca thao tc trn cng mt i tng.
7. thao tc unbind
LDAP server
6. ng kt ni
5.2
Cc m hnh LDAP
ou=People
ou=Engineering
uid=bjensen
ou=Servers
ou=Sales
Server
Applications
Organization units
(departments)
Person
Atrribute type
Atrribute values
cn :
Barbara jensen
Bads jensen
sn :
jensen
telephone number :
mail :
bads@arius.com
LDAP sever khng h tr cc kiu d liu tr tng ch h tr duy nht cho cc kiu
chun. Khng nh nhng nghi thc khc chng hn l X.500 ngoi mt s liu d
liu chun (chui, s, kiu bool) v mt s kiu d liu phc tp xy dng t cc
kiu d liu trn. Tuy nhin nhng giao din plug-in cho php nh ngha cc c php
mi.
Cc thuc tnh cng phn thnh 2 loi: thuc tnh ngi dng, thuc tnh thao tc
Thuc tnh ngi dng (user attributes) l cc thuc tnh bnh thng ca mt
entry th mc, cc thuc tnh ny c th c iu chnh bi user ca th
mc(tt nhin l cc thao tc sa cha c php)..
Hnh 5 - 7 Mt cy th mc LDAP
Chng ta a ra h thng tp tin UNIX thy c nhng im khc bit vi h
thng th mc LDAP, sau phn tch m hnh cy th mc LDAP.
/
user
bin
ect
bin
etc
local
grep
im khc bit u tin gia hai m hnh l trong m hnh LDAP khng
thc s c mt entry gc(root). Root l ni m chng ta c th t cc
entry vo. Trn h thng LDAP c mt entry c bit c gi l root
DES cha cc thng tin v server, nhng y khng phi l mt entry th
mc bnh thng.
2.
dn:ou=People,dc=airius,dc=com
ou: People
dn:ou=Device,dc=airius,dc=com
ou:
Devices
Trong mt h thng tp tin khi ta i t tri sang phi tn tp tin l cch ta thc
hin i t gc(/) n tp tin. V d nh hnh 5-22 h thng file Unix tn file ca
node m mu l : /user/bin/grep
10
ou=saled
ou= Engineering
cn=John Smith
cn=John Smith
Hnh 5 - 10
Mc d cho c hai entry c cng RDN cn=Joohn Smith nh hai entry hai nhnh
khc nhau.
5.2.2.2 B danh (Aliases)
Nhng entry b danh (Aliases entry)trong th mc LDAP cho php mt entry ch n
mt entry khc, do chng ta c th xy dng ra cu trc m th bt khng cn
chnh xc na, khi nim Aliases entry ging nh khi nim symbolic links trong UNIX
hay shortcuts trn Windows9x/NT. Hnh di y cho ta thy c mt aliases entry
tr n mt entry tht s.
to ra mt alias entry trong th mc trc tin bn phi to ra mt entry vi tn
thuc tnh l aliasedOjecctName vi gi tr thuc tnh l DN ca entry m chng ta
mun alias entry ny ch n.
11
dc=ames, dc=com
dc=airius, dc=com
Server A
Server B
Alias
entry
12
ou= people
ou= people
13
dc=airius, dc=com
ou= people
14
Format
Example
Matches
Equality
(attr=value)
sn=jensen
Tm kim cc entry
c surname l jensen
Substring
(attr=[leading]
*[any]*[trailin
g])
(sn=*jensen*)
(sn=jensen*)
(sn=*jensen)
(sn=je*nse*n)
Surname bt u l
chui jensen
Surname kt thc vi
chui jensen
Surname bt u vi
chui je cha
chuinse v kt
thc l chui n
Approximate
(attr~=value)
(attr=~jensen)
Surname xp x nh
l chui jensen
chng hn nh
jensin hay jenson
Greater than
or equal to
(attr>=value)
(sn>=jensen)
Surname
>=jensen, b lc
ny p dng cho cc
thuc tnh l kiu c
gi tr
Less than or
equal to
(attr<=value)
(sn<=jensen)
Surname >=jensen
Presence
(attr=*)
(sn=*)
Tt c cc entry c
thuc tnh atrr
AND
(&(filter1)(filte
r2))
(&(sn=jensen)(obj
ectclass=person))
Cc entry l
objectclass person v
surname=jensen
OR
(|(filter1)(filter
2))
(|(sn~=jensen)(tel
ephonenumber=89
44570))
Cc entry csurname
xp s nh chui
jensen hay c s
in thoi l 8944570
NOT
(!(filter))
(!(age>=22))
Cc entry c thuc
tnh tui <22
Tn ca thuc tnh.
Chui :=.
Mt gi tr dng so snh.
Add
Thao tc add to ra mt entry mi vi tn DN v danh sch cc thuc tnh truyn
vo, khi thc hin add mt entry mi vo th mc phi tho cc iu kin sau :
Delete
Thao tc xo (delete) ch cn truyn vo tn ca entry cn xo v thao tc thc hin
c nu nh:
Rename
Thao tc rename hay modify DN s dng i tn hay dng di chuyn cc entry
trong th mc, cc tham s cn truyn vo l DN ca entry cn i tn, RDN mi ca
entry v mt s tham s tu chn dnh cho cc entry l cha mi ca entry di chuyn
n, v cui cng l mt c cho php xo hay khng xa vi RDN c. Cng nh trn
thao tc thc hin c nu nh tho
ou=Engineering
ou=Adimistration
dc=airius,dc=com
ou=Adimistration
uid=bjensen
uid=bjensen
dc=airius,dc=com
ou=Engineering
ou=Engineering
ou=Adimistration
uid=bjensen
dc=airius,dc=com
ou=Adimistration
uid=bjensen
dc=airius,dc=com
ou=Engineering
dc=airius,dc=com
ou=Engineering
ou=Adimistration
ou=Adimistration
uid=btom
uid=bjensen
dc=airius,dc=com
ou=Engineering
ou=Adimistration
uid=bjensen
ou=Adimistration
uid=btom
Hnh 5 - 18 thao tc i tn
dc=airius,dc=com
ou=Engineering
dc=airius,dc=com
ou=Engineering
ou=Adimistration
uid=bjensen
ou=Adimistration
uid=btom
Update
Thao tc cui cng l thao tc cp nht vi tham s DN v tp hp cc thay i c
p dng ln y. V thao tc ny i hi :
Thao tc abandon c mt tham s duy nht l ID ca thng ip, client thc hin
thao tc ny khi khng quan tm n kt qu ca thao tc bt k trc .
5.2.4 M hnh LDAP Security
Vn cui cng trong cc m hnh LDAP l vic bo v thng tin trong th mc
khi cc truy cp khng c php. Khi thc hin thao tc bind di mt tn DN hay
c th client mt ngi v danh th vi mi user c mt s quyn thao tc trn entry
th mc. V nhng quyn no c entry chp nhn tt c nhng iu trn gi l
truy cp iu kin (access control). Hin nay LDAP cha nh ngha ra mt m hnh
Access Control, cc iu kin truy cp ny c thit lp bi cc nh qun tr h
thng bng cc server software.
5.3
S dng LDAP
LDAP client
Messaging server
3 . Message server
nhn din c hp
th ngi dng v sau
nhn th
2. Message server d tm a ch
email trong th mc
Message Serserver
LDAP server
Dng LDAP xc thc mt user ng nhp vo mt h thng qua chng trnh thm
tra, chng trnh thc hin nh sau u tin chng trnh thm tra to ra mt i
din xc thc vi LDAP thng qua (1) sau so snh mt khu ca user A vi
thng tin cha trong th mc. Nu so snh thnh cng th user A xc thc thnh
cng
Application
User
A
Login {DN,PW}
1 Bind {DN-AP,PW-AP}
2 Compare {DN,PW}
DUA
LDAP Serserver