`
paofan
  • 浏览: 387376 次
社区版块
存档分类
最新评论

Microsoft LDAP

    博客分类:
  • LDAP
阅读更多
www.microsoft.com/technet/archive/winntas/plan/ldapcmr.mspx

The Security Model

LDAP version 2 defines an authentication model based on clear text passwords or Kerberos V4.1. LDAP version 3 defines an extensible model based on the Simple Authentication and Security Layer (SASL). SASL uses a layered architecture for using different security providers. The Generic Security Service Application Program Interface (GSSAPI) is used as one of SASL's principal providers. GSSAPI is a security interface which defines a common interoperable security system for the Internet. LDAP version 3 defines the packet formats of the SASL requests and responses between the LDAP client and server. It supports both security authentication and encryption using different SASL and GSSAPI mechanisms.

In addition to SASL, LDAP version 3 also supports secure connections using the Secure Sockets Layer (SSL) protocol. LDAP SSL connections use port 636, whereas connections using SASL authentication and encryption use port 389.

The Topological Model

A major part of LDAP is that you can build a global directory structure using LDAP. It is essentially a directory Web in much the same way that HTTP and HTML are used to define and implement the global hypertext Web. One or more LDAP servers together make up the directory tree. An LDAP client connects to an LDAP server and makes a request. If the information is available locally, the server attempts to connect to another LDAP server that can fulfill the request. LDAP uses this referral capability to implement a global directory structure of independent LDAP servers that appear to a client to be a single LDAP server.

LDAP C-Binding API

RFC 1823 specifies the C-binding APIs for a client to access a Directory Service that supports the LDAP protocol. This API set is extremely simple and supports both synchronous and asynchronous calls to the server.

An application generally uses the LDAP API in four simple steps.

Open a connection to an LDAP server. The ldap_open() call returns a handle to the connection, allowing multiple connections to be open at once.

Authenticate to the LDAP server and/or the X.500 DSA. The ldap_bind() call and friends support a variety of authentication methods.

Perform some LDAP operations and obtain some results ldap_search() and friends return results which can be parsed by ldap_result2error(), ldap_first_entry(), ldap_next_entry(), and so forth

Close the connection. The ldap_unbind() call closes the connection.

Operations can be performed either synchronously or asynchronously. Synchronous calls end in _s. For example, a synchronous search can be completed by calling ldap_search_s(). An asynchronous search can be initiated by calling ldap_search(). All synchronous routines return an indication of the outcome of the operation (for example, the constant LDAP_SUCCESS or some other error code). The asynchronous routines return the message ID of the operation initiated. This ID can be used in subsequent calls to ldap_result() to obtain the result(s) of the operation. An asynchronous operation can be abandoned by calling ldap_abandon().

Here is a list of the LDAP API calls:

API Name Description

ldap_open

Opens a connection to an LDAP server

ldap_bind

This API and its friends are used to authenticate to the directory

ldap_unbind

This is used to unbind from the directory and close the connection.

ldap_search

This API and friends are used to search the LDAP directory

ldap_modify, ldap_modify_s

These routines are used to modify an existing LDAP entry

ldap_modrdn, ldap_modrdn_s

These routines are used to change the name of an LDAP entry

ldap_add,
ldap_add_s

These are used to add entries to the LDAP directory

ldap_delete,
ldap_delete_s

These are used to delete entries from the LDAP directory

ldap_abandon

This is used to abandon an operation in progress

ldap_result

This is used to obtain the result of a previous asynchronously initiated operation

ldap_result2error, ldap_err2string and ldap_perror

These APIs are used to interpret errors returned by other APIs

ldap_first_entry
ldap_next_entry

These routines are used to step through a set of entries in a search result

ldap_count_entries

This is used to count the number of entries returned

ldap_first_attribute and ldap_next_attribute

These APIs are used to step through the list of attribute types returned with an entry

ldap_get_values and ldap_get_values_len

These APIs are used to retrieve the values of a given attribute from an entry

ldap_get_dn

This is used to retrieve the name of an entry

ldap_explode_dn

This is used to break up the name into its component parts

ldap_dn2ufn

This API converts the DN into the user friendly format.

分享到:
评论

相关推荐

    LdapBrowser2.82版和LDAP使用手册

    1. **选择服务器软件**:常见的LDAP服务器有OpenLDAP、Microsoft Active Directory等,根据需求选择适合的软件。 2. **下载与安装**:从官方网站获取安装程序,按照向导指引完成安装。 3. **配置服务器**:设置全局...

    微软将的LDAP浏览工具

    微软的LDAP连接浏览工具,可以非常方便的浏览LDAP资源。

    Sync_Data.rar_C LDAP AD_c++ ldap_ldap_数据同步

    本文将深入探讨标题“Sync_Data.rar_C LDAP AD_c++ ldap_ldap_数据同步”所涉及的知识点,包括C++ LDAP库的使用、Active Directory(AD)集成以及数据同步策略。 1. **C++ LDAP库**: LDAP(轻量级目录访问协议)...

    非常好用的ldap连接工具

    **Active Directory** 是微软公司推出的目录服务,基于 LDAP 标准,主要用于 Windows 网络环境,管理网络资源如用户账户、计算机、打印机等。 **ApacheDirectoryStudio 在管理 Active Directory 中的应用:** 1. **...

    java连接和验证ldap文档

    它提供了一个标准的方式来访问和管理目录服务中的数据,支持多种类型的目录服务,包括微软的 Active Directory、Novell 的 eDirectory 等。 二、Java 连接 LDAP Java 语言提供了多种方式来连接和访问 LDAP 服务器...

    什么是LDAP连接工具?如何利用好它.docx

    此外,Apache Directory Studio 支持 LDAP v3 标准,兼容多种 LDAP 服务器,包括 ApacheDS、OpenLDAP 和 Microsoft AD。 ### 2. JXplorer JXplorer 是一个轻量级且跨平台的 LDAP 浏览器,适用于 Windows、Linux 和...

    ldap-master.zip

    - **配置LDAP服务器**:学习如何安装和配置OpenLDAP或其他LDAP服务器软件,如Apache Directory Server或Microsoft Active Directory。 - **管理对象**:学习如何创建、修改和删除用户、组、OU(组织单元)等对象。 -...

    LDAP中文学习手册

    4. **LDAP目录服务器**:介绍一些流行的LDAP服务器软件,如OpenLDAP、Microsoft Active Directory、389 Directory Server等,以及它们的安装、配置和管理。 5. **LDAP安全**:了解如何保护LDAP服务,包括SSL/TLS...

    ldap组件配置案例.doc

    以Microsoft Active Directory为例,配置步骤包括在CAMS系统的组件管理中选择LDAP服务器管理,添加新服务器并配置相关参数,特别是Base DN的设置。 总结起来,配置LDAP组件在CAMS系统中的应用,涉及到对LDAP协议的...

    ldap-notify:LDAP 密码登录到期通知工具

    ldap-通知名称ldap-notify ...选项-h , --help显示此帮助-c , --conf config-file强制参数:配置文件名-k忽略 SSL/TLS 证书--dry不要发送电子邮件或修改 ldap 中的任何内容--test test-address将所有邮件发送到给定地址

    LDAP实现AD域账号验证 - Java/SpringBoot

    在IT行业中, Lightweight Directory Access Protocol (LDAP) 是一种用于存储和检索目录信息的标准协议,而Active Directory (AD) 是微软提供的目录服务,广泛应用于企业环境中进行用户身份验证和权限管理。...

    LDAP 中文资料介绍

    7. **LDAP目录服务器**:如 Apache Directory Server、OpenLDAP 和 Microsoft Active Directory 是常见的 LDAP 实现,它们提供了服务器端的实现,存储和管理目录信息,并处理来自客户端的请求。 8. **LDAP客户端...

    LDAPBrowser.rar

    - `Mfc42u.dll`: Microsoft Foundation Class (MFC) 库的Unicode版本,提供C++类库支持,用于开发Windows应用程序。 - `libeay32.dll`, `nss3.dll`: 这些是OpenSSL库的组件,用于加密、哈希和SSL/TLS等功能,与网络...

    LdapAdmin-1.8.3.zip

    LDAP是一种标准的网络协议,用于访问和管理分布式目录服务,比如Microsoft的Active Directory。它支持在不同系统间共享用户账户、组、资源等信息。在这个版本1.8.3中,LdapAdmin 提供了对加密和非加密LDAP连接的支持...

    ldap client C source code

    由于能够“compile pass in VC and Linux, MAC for multi-platform”,我们可以推断这个源码包具有良好的可移植性,使用了跨平台的编译工具或API,如POSIX函数或者Microsoft的Win32 API。 “mozldap-6.0.5”这个...

    LDAP服务器资料,很经典的

    2. Windows Server AD(Active Directory):微软的目录服务解决方案。 3. Linux OpenLDAP:开源的LDAP服务器实现。 4. ApacheDS:另一个开源的LDAP服务器。 而LDAP客户端软件,如ApacheDirectoryStudio和JX,提供...

    ldap源代码

    **LDAP(轻量目录访问协议)源代码解析** LDAP是一种开放的标准协议,用于访问和管理分布式目录服务。它基于X.500标准,但设计得更为轻便,适合互联网环境。在本篇文章中,我们将深入探讨`openldap-OPENLDAP_REL_...

    ldapbrowser工具

    它支持多种LDAP服务器,如OpenLDAP、Microsoft Active Directory等。该工具的主要目标是简化LDAP数据的查看和管理,减轻管理员的工作负担。 ### 主要功能 1. **连接与身份验证**:ldapbrowser能够连接到各种类型的...

    自己总结的LDAP使用经验

    1. **配置LDAP服务器**:安装并配置LDAP服务器,如OpenLDAP或Microsoft Active Directory。 2. **创建目录结构**:根据企业需求设计目录树结构,定义组织单元(Organizational Unit,OU)和子OU。 3. **导入目录信息...

Global site tag (gtag.js) - Google Analytics