1 min read

Streamlining Network Management: Harnessing the Power of LDAP

Streamlining Network Management: Harnessing the Power of LDAP
What is LDAP Authentication for Active Directory

Installation and configuration of a LDAP Server on a Unix based machine.
Operating System: Raspbian GNU/Linux 10 (buster).
LDAP Version: 2.4.47.
BIND Version: 9.11.5.

Overview

The LDAP (Lightweight Directory Access Protocol) is a client-server directory service that communicates using the TCP/IP suite and is based on the standardized data representation model "X.500." It functions like a database service, capable of performing insertions, modifications, and deletions but optimized for reading rather than writing.

The storage structure of entries, called the DIT (Directory Information Tree), is a hierarchical tree consisting of entries that act as nodes. Each entry is uniquely identified by a DN (Distinguished Name), which is in turn composed of an RDN (Relative Distinguished Name) followed by the DN of the parent entry.

For example: cn=mrossi,dc=people,dc=gruppo9,dc=labreti,dc=it

It consists of an RDN part, i.e., cn=mrossi, and a DN part of the parent entry, i.e., dc=people,dc=gruppo9,dc=labreti,dc=it.

Each entry is thus identified by a DN and a set of attributes. Each entry permits and requires the "ObjectClass" attribute, which, in turn, specifies a set of other attributes that can be accepted by the entry, some mandatory and some not.

For example, the following entry: dn: ou=people,dc=gruppo9,dc=labreti,dc=it objectClass: organizationalUnit objectClass: top ou: people

It contains the "ObjectClass" attributes "top" and "organizationalUnit." Specifically, "organizationalUnit" declares that additional attributes are now allowed in the entry, such as ou (ou stands for Organization Unit) or telephoneNumber (which is not used in this case because it's not mandatory).

The ObjectClasses and their attributes are defined in "schemas." By default, LDAP includes some predefined schemas, and others can be added by the user.