Page 356 - StudyBook.pdf
P. 356

340    Chapter 5 • Communication Security: Web Based Services



              NOTE
                  X.500 is covered in detail in Chapter 10.





             LDAP

             LDAP services are used to access a wide variety of information that’s stored in a
             directory. On a network, consider that the directory catalogs the name and infor-
             mation on every user, computer, printer, and other resource on the network.The
             information on a user alone may include their username, password, first name, last
             name, department, phone number and extension, e-mail address, and a slew of
             other attributes that are related to the person’s identity.The sheer volume of this
             data requires that LDAP directories are effectively organized, so that the data can be
             easily located and identified in the directory structure.

             LDAP Directories

             Because LDAP is a lightweight version of DAP, the directories used by LDAP are
             based on the same conventions as X.500. LDAP directories follow a hierarchy,
             much in the same way that the directories on your hard drive are organized in a
             hierarchy. Each uses a tree like structure, branching off of a root with containers
             (called organizational units in LDAP; analogous to folders on a hard drive) and
             objects (also called entries in LDAP’s directory; analogous to files on a hard drive).
             Each of the objects has attributes or properties that provide additional information.
             Just as a directory structure on a hard disk may be organized in different ways, so
             can the hierarchy of an LDAP directory. On a network, the hierarchy may be orga-
             nized in a numbers of ways, following the organizational structure, geographical
             location, or any other logical structure that makes it easy to manage the objects
             representing users, computers, and other resources.
                 Because LDAP directories are organized as tree structures (sometimes called the
             Directory Information Tree [DIT]), the top of the hierarchy is called the root.The
             root server is used to create the structure of the directory, with organizational units
             and objects branching out from the root. Because the directory is a distributed
             database, parts of the directory structure may exist on different servers. Segmenting
             the tree based on organization or division and storing each branch on separate
             directory servers increases the security of the LDAP information. By following this





          www.syngress.com
   351   352   353   354   355   356   357   358   359   360   361