Directory services Directory offline –Elenchi telefonici –Guide TV –Cataloghi acquisti Directory online –Application specific (lotus notes, MS Exchange.

Presentazione sul tema: "Directory services Directory offline –Elenchi telefonici –Guide TV –Cataloghi acquisti Directory online –Application specific (lotus notes, MS Exchange."— Transcript della presentazione:

1 Directory services Directory offline –Elenchi telefonici –Guide TV –Cataloghi acquisti Directory online –Application specific (lotus notes, MS Exchange 5.5, …) –NOS based (Novell eDirectory, MS Active Directory, SUN nis, …) –Purpose specific (DNS, …) –General Purpose (Netscape Directory, OpenLDAP, …)

2 Caratteristiche directory online Dinamiche Flessibili –Estensibili senza ripianificazione –Flessibilità organizzativa (ricerche flessibili) Sicure (Access Control List, autenticazione) Personalizzabili (profilazione utente)

3 Directory vs Database Rapporto R/W Distribuzione/replicazione Performance Standard di interoperabilità (SQL/LDAP) Transazioni (rollback) e Join

4 Applicazioni delle directory Ricerca informazioni Gestione centralizzata oggetti e cfg sicurezza

5 LDAP X.500 LDAP = semplificazione DAP LDAPv3 –Internazionalizzazione UTF-8 –Referrals –Security (SASL/TLS) –Estensibilità (controlli)

6 LDAP Client LDAP Server 1 – Search operation 2 – Returned entry 3 – Result code

7 LDAP Client LDAP Server 1 – Search operation, msgid=1 3 – Returned entry, msgid=1 5 – Result code, msgid=2 2 – Search operation, msgid=2 4 – Returned entry, msgid=2 6 – Result code, msgid=1 A client issues multiple LDAP Search request simultaneously

8 LDAP Client LDAP Server 1 – Open connection and bind 4 – First entry returned 6 – Result of search operation 3 – Search operation 5 – Second entry returned 8 – Close connection Typical LDAP Exchange 2 – Result of bind operation 7 – Unbind operation

9 Directory enabled email application LDAP Server 1 – Search for user Mario Rossi 2 – Entry for Mario Rossi returned Messaging Server 3 – Client encryps outgoing message using certificate read from directory 4 – Client sends outgoing message to recipient

10 Modelli operativi di LDAP Information Model Naming Model Functional Model Security Model

11 LDAP Information Model Definizione dei tipi di dati Oggetti e attributi Schema

12 LDAP Naming Model dc=example,dc=com ou=people cn=Mario Rossi

13 LDAP Functional Model Operazioni che possono essere effettuate –Interrogazione –Update –Autenticazione e controllo –Extended operations

14 LDAP Security Model Binding Anonymous o DN+pwd Meccanismi SASL (autenticazione) StartTLS (cifratura + autenticazione)

15 Ciclo di vita di un DS Design Deployment Maintenance

16 Design di un DS Directory needs Data Schema Namespace Topology Replication Security

17 Fase di Deployment di un DS Choose directory software Piloting Analyzing cost User feedback Moving to production

18 Fase di Maintenance di un DS Backup e Disaster recovery Data maintenance Monitoring Troubleshooting Change requirements

19 top person organizationalPerson inetOrgPerson Superior class More attributes

20 dc=example,dc=com OU = People Directory Distribuita OU = AcctOU = HR

21 DC=example,DC=com OU = People Directory Distribuita OU = AcctOU = HR

22 Knowledge References dc=example,dc=com Immediate superior knowledge reference Subordinate references