Basic LDAP Training

LDAP Training Description:

Lightweight Directory Access Protocol (LDAP) is re-emerging as the standard for managing resources and objects used within and in some cases between organizations. The hierarchical, yet flexible architecture, of LDAP makes it suitable for a wide range of tasks from simple customer address lists through operational provision of Single Sign-On (SSO and Identity Management) to a repository for network wide policy management. With resilience, platform independence and distributed functionality built-in, coupled with LDAP abstraction layers available from most transaction oriented database suppliers, LDAP is the ideal standards based approach to unifying data usage on an enterprise wide basis. Microsoft's Active Directory is but one of a number of enterprise wide solutions using LDAP to glue together disparate data.

Students will learn the theory and organization of the LDAP hierarchy or Object Tree Structure covering the Data Information Tree (DIT), objectClasses and attributes. LDAP Interchange Files (LDIF), LDAP security, STRUCTURAL, AUXILIARY and ABSTRACT Object Classes, Schemas, ASN.1 notation, matching rules, indexing and searching are all covered in detail. Students will construct a simple application when the basic theory has been covered and then progressively enhance the application with increasingly complex functionality to both fully illustrate all the architectural elements and as a practical demonstration of the flexibility and extensibility of LDAP. A platform independent LDAP browser is used throughout the course to examine both the students application and the Windows Active Directory LDAP implementation.

The course uses OpenLDAP which is available on Linux, UNIX and Windows platforms to illustrate LDAP principles and operation and which is relatively invisible during the basic course. The course makes extensive use of a platform independent LDAP browser to discover and interrogate LDAP implementations including Windows Active Directory. The course is offered with Linux (Fedora Core), FreeBSD or Windows as the platform for all exercises.

LDAP Training Audience:

The course is optimized for LDAP designers, architects and implementors, Network and System administrators and those who need a thorough understanding of LDAP technology.

LDAP Training Course duration:

2 or 3 days. If three days the last day is the Advanced LDAP Course.

LDAP Training Course outline:

Module 1: LDAP Introduction and Theory

  • Directory Background
    • What is a directory
    • History of directories
    • X.500 and X.519 DAP
    • X.500 and Global Uniqueness
    • The IETF and LDAP
  • LDAP Introduction
    • LDAP Scope
    • LDAP and Transactional Databases
    • LDAP is good for.....
    • LDAP - myths, legends and nonsense
  • LDAP Object Tree Structure
    • LDAP models defined (Information, Naming, Functional, Security)
    • LDAP Data Information Tree (DIT)
    • LDAP DIT root
    • LDAP Entries
    • LDAP objectClasses
    • LDAP hierarchy (Parent, Child, Siblings)
    • LDAP attributes
  • LDAP and ASN.1
    • Global uniqueness
    • ASN.1 Notation
    • ASN.1 examples
    • ASN1. in LDAP
  • Exercise: White Page attributes
    • Ideal contents of a White Page directory
Module 2: LDAP Information (Data) Model
  • Attribute Characteristics
    • Data content and format
    • Optional or Mandatory
    • Single or multiple instances
    • Names and aliases
    • Matching Rules
  • ObjectClass Characteristics
    • Collection of Attributes
    • Defines attribute properties
    • Structural, Auxiliary and Abstract
    • LDAP Schemas - packages of objectClasses and Attributes
  • The InetOrgPerson objectClass
    • Attributes and Structure
    • OrganizationalPerson objectClass
    • Person objectClass
  • DIT Design and Organization
    • Top Level Organization of DIT
    • Organizational Units
    • Global Uniqueness or Not
    • Future Flexibility
    • Flat architecture
    • Structure examples
  • Exercise: Design White Page LDAP DIT
Module 3: LDAP Functional Model
  • Reading and Writing
    • Read (Search) and Write (Modify) Characteristics
    • Distinguished Names (DN)
    • Relative Distinguished Names (RDN)
    • Mapping to White Pages Directory
  • Indexing
    • Power of Indexing
    • Controlling Indexing
    • Cost of Indexing
    • Optimize Indexing - frequently
  • LDIF and DSML
    • LDAP Interchange Format files
    • LDIF functions
    • LDIF Layout
    • LDIF to Create an empty DIT
    • DSML Overview
    • DSML uses and tools
  • LDAP Searching
    • Generic Search Parameters
    • Search Filters - Simple
    • Search Filters - Extended
    • Search Examples (ldapsearch, LDAP browser)
  • LDAP URLs
    • LDAP URL Notation and structure
    • LDAP URL Search examples
  • LDAP Server Configuration
    • Configuration Basics - depending on Server
    • OpenLDAP - slapd.conf
  • Exercise: Create White Page LDAP DIT
  • Exercise: Browsing and Searching DIT
    • Browse the DIT
    • Add Entries
    • Delete Entries
    • Search Entries
    • Browse Active Directory
    • Search Active Directory
  • Note: Where the course participants use OpenLDAP the utilities ldapsearch, ldapmodify and ldapdelete will be covered in this session.
Module 4: LDAP Extending the DIT
  • LDAP is Distributed
    • LDAP Organizational Hierarchy
    • Referrals
    • Defining Referrals
    • Referral ObjectClass
    • Referral examples
  • Exercise: Add Referral to LDAP
  • Adding New Functionality
    • Adding child entries
    • Extending and modifying entries
    • Adding new Organizational Units
  • Exercise: Use LDIF to modify DIT
  • Groups - groupOfNames
    • Use and function of groups
    • groupOfNames ObjectClass
    • Assigning permissions with groups
  • Exercise: Enhance White Page DIT
Module 5: Backup and Replication
  • LDAP Archive and Backup
    • LDIF - Export/Save
    • LDIF - Import/Restore
    • Exercise - Save and Restore DIT
  • LDAP Security Model - Replication
    • LDAP Replication
    • LDAP Replication Characteristics and features
    • Replicate with slurp (OpenLDAP)
    • Replicate with syncrepl (OpenLDAP)
    • N-way multi-master with syncrepl (OpenLDAP)
  • Exercise: Replicate DIT
Module 6: LDAP for Access Security
  • LDAP Security Model
    • LDAP Operations vs Data Security
    • LDAP Security Overview
    • LDAP Security features
    • Securing LDAP
    • White Page Security Requirements
    • LDAP Security - White Page application
  • OpenLDAP Access Directive
    • ACLs - Access Clauses
    • The <what> component
    • The <who> component
    • Simple ACL Examples
    • Complex ACL Examples
    • Design White Page Policy (ACLs)
  • Exercise: Add Security Policy
  • Access Security
    • Authentication and Authorization
    • Network Authentication (KERBEROS)
    • Single User - Single Password
    • Single Sign-On (SSO)
    • Platform Authentication - UNIX/Windows
  • Adding Authentication and Authorization
    • LINUX/UNIX - posixAccount
    • Windows Active Directory
  • Exercise: Add Authentication to Application
  • Exercise: Add and test security policy
Module 7: LDAP Summary
  • LDAP Summary
    • DIT
    • objectClasses
    • Attributes
    • Schemas
    • ASN.1
    • LDIF
    • Referrals
    • Searching
    • Replication
    • Security
  • LDAP Resources

Wintrac Inc.
16523 SW McGwire Ct.
Beaverton OR 97007
© Wintrac, Inc. All rights reserved.                                                                               Site Map   |   Terms of Use   |   Privacy Policy