LDAP: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 36: Line 36:
| valign="top" |
| valign="top" |
* [https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-ubuntu-16-04 Install and Configure OpenLDAP & phpLDAPadmin]
* [https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-ubuntu-16-04 Install and Configure OpenLDAP & phpLDAPadmin]
* [https://github.com/spring-projects/spring-ldap/issues/423 Generalized Date as String to ZonedDateTime]
* [[Build Kerberos Docker Image from Ubuntu]]
* [[Build Kerberos Docker Image from Ubuntu]]
* [[Build LDAP Docker Image from Ubuntu]]
* [[Build LDAP Docker Image from Ubuntu]]
* [https://stackoverflow.com/questions/28566250/ Convert Calendar Date to LDAP Date]
* [https://stackoverflow.com/questions/45260380/ Spring Security Ldap authentication]
* [https://spring.io/guides/gs/authenticating-ldap/ Authenticating a User with LDAP]
* [https://spring.io/guides/gs/authenticating-ldap/ Authenticating a User with LDAP]
* [https://gist.github.com/mahirrudin/9b7754e54f1e8e532049484864beba42 OpenLDAP with MySQL Backend]
* [https://gist.github.com/mahirrudin/9b7754e54f1e8e532049484864beba42 OpenLDAP with MySQL Backend]

Latest revision as of 23:37, 3 September 2022

The Lightweight Directory Access Protocol (LDAP; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Overview

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS (LDAP over SSL, see below). The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).


The client may request the following operations:

  • StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
  • Bind — authenticate and specify LDAP protocol version
  • Search — search for and/or retrieve directory entries
  • Compare — test if a named entry contains a given attribute value
  • Add a new entry
  • Delete an entry
  • Modify an entry
  • Modify Distinguished Name (DN) — move or rename an entry
  • Abandon — abort a previous request
  • Extended Operation — generic operation used to define other operations
  • Unbind — close the connection (not the inverse of Bind)

In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out.

References