Menu
I am getting into integrating my app with LDAP and I just recently learned that it's not a request sent over HTTP, it's actually it's own protocol? I have no idea what this means but I am going to be using a plugin for .NET called IP works from nsoftware.com. Can someone tell me what one of these requests looks like and what a response would look like? What form is the data in, text? I talked to our partner who has the AD and they said I need an IP and a Port and I need to tell them the IP of my server (this makes sense to me). However I don't get what an LDAP request is. Preferable example would be showing me what the request would look like that contains a username and password and the response that comes back with the users data. I need to generate such a request from a form and parse the response into the database. Also, what does 'Secure LDAP' mean, what kind of credentials am I going to need to make these requests and how do they get 'into' the request?
424
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate data about organizations, individuals and other resources such as files and devices in a network -- whether on the public Internet or on a corporate Intranet.
An LDAP query consists of the following major elements: Search DN - An LDAP directory is organized as a tree structure, with a root node and a number of branches off this root. The Search DN specifies at which node the search originates. Entries greater than this level in the tree are searched.
LDAP stores and arranges data in a hierarchical structure called DIT (Directory Information Tree) to make it easy for admins to explore their directories and user access policies. This lightweight protocol is an alternative protocol that allows the admin to access x. 500 directory services with TCP/IP protocol.
If you want to learn about LDAP (assuming someone has configured an LDAP server for you), I'd suggest using an LDAP browser, for example Apache Directory Studio.
There are multiple security aspects regarding LDAP.
First, there's the security of the communication itself. This can be done in two ways: using SSL or TLS upfront, using an ldaps:// URI (port 636 by default) or using STARTTLS (same port as plain LDAP, 389 by default, but you need your client to send an additional command to switch to TLS after having exchanged some LDAP messages).
Secondly, some requests will produce different result depending on whether you've bound an identity to your request (i.e. depending on whether your request is authenticated) and what this authenticated user is allowed to see. Most clients will allow you to connect using a given Distinguished Name (i.e. a "full" LDAP user-name) or anonymously. Authentication can be done in various ways, including password, SASL or client SSL/TLS certificates.
54
Here is an good example how LDAP Requests/Queries look like: http://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx
Just think of an Database Query request, if that helps to understand LDAP a bit better :-)
If you need more details check out the RFC: https://www.rfc-editor.org/rfc/rfc4511
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
