|
|
|
|
LDAP Training Description:
Lightweight Directory Access Protocol (LDAP) is re-emerging as the standard for managing resources and objects used within and in some cases between organizations. The hierarchical, yet flexible architecture, of LDAP makes it suitable for a wide range of tasks from simple customer address lists through operational provision of Single Sign-On (SSO and Identity Management) to a repository for network wide policy management. With resilience, platform independence and distributed functionality built-in, coupled with LDAP abstraction layers available from most transaction oriented database suppliers, LDAP is the ideal standards based approach to unifying data usage on an enterprise wide basis. Microsoft's Active Directory is but one of a number of enterprise wide solutions using LDAP to glue together disparate data.
Students will review the theory and organization of the LDAP hierarchy or Object Tree Structure covering the Data Information Tree (DIT), objectClasses and attributes, schemas and LDIF files. A shell application will be used (and extension of that used in the Basic LDAP course) to provide a hands-on experience. Students will learn the detail syntax of objectClasses and Attributes and design, and add, a new objectClass, multiple Attributes and package them into a new schema. An overview of the LDAP API is provided to allow understanding of alternative implementations and uses of LDAP. A platform independent LDAP browser is used throughout the course to examine both the students application and the Windows Active Directory LDAP implementation. Students need to be thoroughly familiar with basic LDAP technology and ideally should have taken the BASIC LDAP course.
The course uses OpenLDAP which is available on Linux, UNIX and Windows platforms to illustrate LDAP principles and operation and which is relatively invisible during the basic course. The course makes extensive use of a platform independent LDAP browser to discover and interrogate LDAP implementations including Windows Active Directory. The course is offered with Linux (Fedora Core), FreeBSD or Windows as the platform for all exercises.
LDAP Training Audience:
The course is optimized for LDAP designers, architects and implementors, Network and System administrators and those who need a thorough understanding of LDAP technology.
LDAP Training Course duration:
1 day. May be combined with the Basic LDAP Course to create a three day course.
LDAP Training Course outline:
Module 1: LDAP Theory Review
- LDAP Object Tree StructureLDAP
- LDAP models defined (Information, Naming, Functional, Security)
- LDAP Data Information Tree (DIT)
- LDAP DIT root
- LDAP Entries
- LDAP objectClasses
- LDAP hierarchy (Parent, Child, Siblings)
- LDAP attributes
- ASN.1 Notation
- ASN.1 examples
- ASN1. in LDAP
- LDAP Search Filters
- LDAP Utilities
- LDAP LDIF and DSMLLDAP
- LDIF and DSML Overview
- LDIF - Adding Entries
- LDIF - Modifying Entries
- LDIF - Deleting Entries
- LDAP FeaturesLDAP
- LDAP Referrals
- LDAP Replication
- LDAP Archive/Restore
- LDAP Security Overview
- Exercise: Initialise OpenLDAPLDAP
- Exercise: LDAP BrowserLDAP
Module 2: LDAP Extending the Information (Data) Model
- DIT Design and OrganizationLDAP
- Top Level Organization of DIT
- Global Uniqueness or Not
- Multiple DITs
- Future Flexibility
- Flat architecture
- Structural examples
- Adding child entries
- Extending existing entries
- Use and function of groups
- Attribute CharacteristicsLDAP
- Deconstructing Attributes
- Data content and format
- Optional or Mandatory
- Single or multiple instances
- Names and aliases
- Matching Rules
- Designing and Adding Attributes
- ObjectClass CharacteristicsLDAP
- Deconstructing objectClasses
- Collection of Attributes
- Defines attribute properties
- Structural, Auxiliary and Abstract
- LDAP Schemas - packages of objectClasses and Attributes
- Standard objectClasses
- Designing and Adding objectClasses
- LDAP Operational Attributes and ObjectsLDAP
- LDAP subschema
- LDAP collections
- LDAP extensions
- LDAP features
- LDAP matchingrules
- LDAP namingContexts
- Exercise: Browse LDAP subschemas (various)LDAP
- Exercise: Design and Code Attributes, ObjectClass and SchemaLDAP
- Exercise: Add new attributes and objectClass to DIT using LDIFLDAP
Module 3: LDAP Functional Model
- Searching and WritingLDAP
- Read (Search) and Write (Modify) Characteristics
- Distinguished Names (DN)
- Relative Distinguished Names (RDN)
- Simple Searching - wildcards, SUBSTR searches
- Extended Searching - combined filters, binary, changing matching rules
- LDAP URL Notation and structure
- Exercise: Searches using URL, ldapsearch, LDAP BrowserLDAP
- IndexingLDAP
- Power of Indexing
- Controlling Indexing
- Cost of Indexing
- Optimize Indexing - frequently
- Indexing - matchingrules
- Indexing - Substrings
- Exercise: Explore LDAP implementationsLDAP
- LDAP APILDAP
- API Functionality
- API Model
- API Calls
- API - use and application
Module 4: LDAP Security Model
- LDAP Security ModelLDAP
- LDAP Operations vs Data
- LDAP Security Overview (ACP)
- LDAP Security features
- Complex Security
- Designing security policies
- Implementing security policies
- LDAP Security - Student Application
- Exercise: Add Security PolicyLDAP
- LDAP in Access SecurityLDAP
- Authentication and Authorization
- Network Authentication (KERBEROS)
- Platform Authentication - UNIX/Windows
- LINUX/UNIX - posixAccount
- Single User - Single Password
- Single Sign-On (SSO)
- Windows Active Directory
- LDAP with TLS
- LDAP with SASL
- Exercise: Add Authentication to ApplicationLDAP
- Exercise: Add and test security policyLDAP
- SummaryLDAP
- LDAP trends
- LDAP Resources
|
|
|
|
|