LDAP - Lightweight Directory Access Protocol ======================================================= .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is LDAP?** LDAP is a protocol used to access and manage directory services over a network. A directory service is like a specialized database optimized for reading, searching, and browsing, rather than frequent updates. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is LDAP useful?** * Centralizes user information: One place to manage users, groups, and permissions. * Supports authentication: Used for login systems (e.g., corporate logins). * Is scalable: Works well for small to very large organizations. * Is standardized: Supported by many systems (Windows, Linux, macOS, etc.). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * Client connects to the LDAP server. * Authentication: The client may bind (log in) using credentials. * Search or query: The client sends a query. * LDAP server responds with the requested information. * Client disconnects when done. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is LDAP used?** * Enterprise networks (e.g., Microsoft Active Directory). * Email systems (e.g., Microsoft Exchange, Zimbra). * Single Sign-On (SSO) systems. * Web applications for user authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why OSI Layer: Application Layer (Layer 7)?** * It provides network services directly to end-user applications. * It uses protocols like TCP/IP underneath (typically port 389 for LDAP, 636 for LDAPS). * It defines how data is structured and exchanged, not how it’s transported. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is a directory in LDAP?** A directory is a hierarchical database that stores structured information — typically about users, groups, devices, and services. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is LDAP used for?** * Centralized authentication (e.g., login credentials). * Storing user/group information. * Directory lookups (email, phone, etc.). * Integration with apps (Active Directory, OpenLDAP). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are common LDAP operations?** * Bind: Authenticate a user. * Search: Query for entries. * Compare: Check an attribute value. * Add/Modify/Delete: Manage entries. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What's the difference between LDAP and LDAPS?** * LDAP: Transmits data in plaintext (insecure). * LDAPS: Uses SSL/TLS encryption for secure communication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How can we secure LDAP server?** * Use LDAPS (TLS/SSL). * Disable anonymous bind (if not needed). * Implement access control rules. * Regularly audit logs. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the working flow of LDAP?** User Requests Access * A user tries to log in to an application, server, or service (e.g., email, Wi-Fi, web app). Application Sends Credentials to LDAP Server * The application (called the LDAP client) sends the username and password to the LDAP server. LDAP Server Looks Up the User * The LDAP server searches its directory database for the user’s Distinguished Name (DN) — a unique path that identifies the user. LDAP Server Verifies the Password * The LDAP server authenticates the user by comparing the password provided with the one stored in the directory. Application Receives Response * The LDAP server sends the result (success or failure) back to the application. Application Grants or Denies Access * Based on the LDAP response: * If authenticated - App lets the user in. * May also check group membership for role-based access. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the real-time applications of LDAP?** * User Authentication and Single Sign-On (SSO). * Centralized User Management. * Integration with Active Directory. * Application Authorization. * Email Systems. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`LDAP Version&IEEE Details ` * :ref:`LDAP Basic Setup on Ubuntu using IPv4 ` * :ref:`LDAP Basic Setup on Ubuntu using IPv6 ` * :ref:`LDAP Protocol Packet Details ` * :ref:`LDAP Usecases ` * :ref:`LDAP Basic Features ` * :ref:`LDAP Feature : Hirerarchical Structure ` * :ref:`LDAP Feature : Standard Protocol ` * :ref:`LDAP Feature : Centralized Authentication ` * :ref:`LDAP Feature : Scalability ` * :ref:`LDAP Feature : Flexible Schema ` * :ref:`LDAP Feature : Access Control ` * :ref:`LDAP Feature : Replication ` * :ref:`LDAP Feature : Search Capabilities ` * :ref:`Reference links ` .. _LDAP_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _LDAP_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _LDAP_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _LDAP_step5: .. tab-set:: .. tab-item:: LDAP Version&RFC Details .. csv-table:: :file: ./LDAP/LDAP_RFC.csv :widths: 10,10,10,30 :header-rows: 1 .. _LDAP_step18: .. tab-set:: .. tab-item:: LDAP Basic Setup on Ubuntu using IPv4 * setup .. _LDAP_step19: .. tab-set:: .. tab-item:: LDAP Basic Setup on Ubuntu using IPv6 * setup .. _LDAP_step6: .. tab-set:: .. tab-item:: LDAP Protocol Packet Details **LDAP BIND REQUEST Packet** .. csv-table:: :file: ./LDAP/LDAP_Bind_Request_Packet.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP BIND RESPONSE Packet** .. csv-table:: :file: ./LDAP/LDAP_Bind_Response_PAcket.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP SEARCH REQUEST Packet** .. csv-table:: :file: ./LDAP/LDAP_Search_Request_Packet.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP SEARCH ENTRY RESPONSE Packet** .. csv-table:: :file: ./LDAP/LDAP_Search_Entry_Response_Packet.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP SEARCH DONE RESPONSE Packet** .. csv-table:: :file: ./LDAP/LDAP_Search_Done_Response_Packet.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP MODIFY REQUEST Packet** .. csv-table:: :file: ./LDAP/LDAP_Modify_Request_Packet.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP MODIFY RESPONSE Packet** .. csv-table:: :file: ./LDAP/LDAP_Modify_Response_Packet.csv :widths: 10,20,30,10 :header-rows: 1 **LDAP UNBIND REQUEST Packet** .. csv-table:: :file: ./LDAP/LDAP_Unbind_Request_Packet.csv :widths: 10,20,30,10 :header-rows: 1 .. _LDAP_step7: .. tab-set:: .. tab-item:: LDAP Usecases .. csv-table:: :file: ./LDAP/LDAP_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _LDAP_step8: .. tab-set:: .. tab-item:: LDAP Basic Features .. csv-table:: :file: ./LDAP/LDAP_Features.csv :widths: 10,10,30 :header-rows: 1 .. _LDAP_step9: .. tab-set:: .. tab-item:: LDAP Feature : Hirerarchical Structure **Hirerarchical Structure - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature1_Hirerarchical_structure_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step10: .. tab-set:: .. tab-item:: LDAP Feature : Standard Protocol **Standard Protocol - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature2_standard_protocol_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step11: .. tab-set:: .. tab-item:: LDAP Feature : Centralized Authentication **Centralized Authentication - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature3_Centralized_Authentication_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step12: .. tab-set:: .. tab-item:: LDAP Feature : Scalability **Scalability - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature4_Scalability_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step13: .. tab-set:: .. tab-item:: LDAP Feature : Flexible Schema **Flexible Schema - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature5_Flexible_schema_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step14: .. tab-set:: .. tab-item:: LDAP Feature : Access Control **Access Control - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature6_Access_control_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step15: .. tab-set:: .. tab-item:: LDAP Feature : Replication **Replication - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature7_Replication_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step16: .. tab-set:: .. tab-item:: LDAP Feature : Search Capabilities **Search Capabilities - Testcases** .. csv-table:: :file: ./LDAP/LDAP_Feature8_Search_Capabilities_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _LDAP_step17: .. tab-set:: .. tab-item:: Reference links * Reference links