Fedora Directory Server FUDCon III London, 2005

Similar documents
Mac OS X Directory Services

The Integration of LDAP into the Messaging Infrastructure at CERN

Red Hat Identity Management and Security Solutions

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Exam : Administrating Windows Server 2012 R2. Course Overview

Windows Server 2003 Active Directory: Perspective

X.500 and LDAP Page 1 of 8

Revolution R Enterprise DeployR 7.1 Enterprise Security Guide. Authentication, Authorization, and Access Controls

PKI for Electronic Commerce

Mac OS X and Directory Services Integration

CDAT Overview. Remote Managing and Monitoring of SESM Applications. Remote Managing CHAPTER

Introduction to Active Directory Services

Open Directory & OpenLDAP. David M. O Rourke Engineering Manager

Windows Server. Introduction to Windows Server 2008 and Windows Server 2008 R2

Red Hat Enterprise ipa

TIBCO Spotfire Platform IT Brief

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

WINDOWS 2000 Training Division, NIC

FAQs for Oracle iplanet Proxy Server 4.0

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

Forests, trees, and domains

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

owncloud Architecture Overview

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Designing a Windows Server 2008 Applications Infrastructure

The Data Grid: Towards an Architecture for Distributed Management and Analysis of Large Scientific Datasets

How To Understand The History Of The Network And Network (Networking) In A Network (Network) (Netnet) (Network And Network) (Dns) (Wired) (Lannet) And (Network Network)

Websense Support Webinar: Questions and Answers

Using Entrust certificates with VPN

Managing and Maintaining a Windows Server 2003 Network Environment

How To Secure Your Data Center From Hackers

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

RSA Authentication Manager 7.0 Planning Guide

owncloud Architecture Overview

Planning and Implementing Windows Server 2008

Cisco UCS Central Software

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

70-417: Upgrading Your Skills to MCSA Windows Server 2012

Implementing Microsoft Azure Infrastructure Solutions

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

6425C - Windows Server 2008 R2 Active Directory Domain Services

Axway Validation Authority Suite

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Internet infrastructure. Prof. dr. ir. André Mariën

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

MOC 6436A: Designing Active Directory Infrastructure and Services in Windows Server 2008

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval

FreeIPA 3.3 Trust features

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

GlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,

ICANWK504A Design and implement an integrated server solution

User Source and Authentication Reference

External and Federated Identities on the Web

Advanced Farm Administration with XenApp Worker Groups

High Availability for Citrix XenApp

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

NCP Secure Enterprise Management Next Generation Network Access Technology

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Directory-enabled Lights-Out Management

Active Directory and DirectControl

Red Hat Identity Management

Integrating OID with Active Directory and WNA

Going in production Winbind in large AD domains today. Günther Deschner (Red Hat / Samba Team)

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

To integrate Oracle Application Server with Active Directory follow these steps.

Cloudwork Dashboard User Manual

Outline. Definition. Name spaces Name resolution Example: The Domain Name System Example: X.500, LDAP. Names, Identifiers and Addresses

Chapter 3 Authenticating Users

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

MS-6416: Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

FreeIPA Cross Forest Trusts

Planning LDAP Integration with EMC Documentum Content Server and Frequently Asked Questions

Oracle Communications WebRTC Session Controller: Basic Admin. Student Guide

BlackBerry Enterprise Service 10 version 10.2 preinstallation and preupgrade checklist

User Service and Directory Agent: Configuration Best Practices and Troubleshooting

Updating Your Windows Server 2003 Technology Skills to Windows Server 2008

Utilizing LDAP for User Profile and Corporate Structure Integration

Active Directory Implemenation

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity

Transcription:

Jon Fautley <jfautley@redhat.com> Fedora Directory Server FUDCon III London, 2005

Overview of LDAP

What Is LDAP? Lightweight Directory Access Protocol Widely supported, standard protocol, up to version 3 Began at the University of Michigan in the early 1990s to provide "lightweight" access to X.500 directories using ordinary TCP/IP Defined by many IETF RFCs Ongoing work in the IETF LDAP working groups Implemented in many different directory products

Characteristics of a Directory Service Designed to have a high read to write ratio Provides scoped (subtree) search Allows partitioning, distribution, and delegation of control Hierarchical naming Loosely consistent replication Sophisticated authentication & access control Benefits for the Enterprise: Centralizes system administration Enables multi vendor solutions Reduces cost of ownership Saves development time for user and group management

Sample Directory Information Tree (DIT) The organization itself dc=fedoraproject, dc=org ou=people ou=servers ou=developers ou=marketing cn=download.fed.. uid=jfautley A person entry Organizational units (departments) A server entry

Differences Between LDAP Directory and Relational DB Relational Database: High update performance Relational data model; no hierarchy Tight replication consistency two phase commit LDAP Directory: High search performance Scope matters hierarchical data model; no relational join Loose replication consistency, wide data availability

Fedora Directory Server

Code History

Fedora Directory Server Red Hat purchased assets from AOL which included Netscape Directory Server Netscape Certificate System Mail and Calendar applications People Customers Directory Server allows us to glue a lot of technologies together in one location Red Hat provided the Directory Server to the Open Source community No other open source enterprise-ready directory servers out there Netscape Directory Server has customer stories to tell and has long history

Fedora Directory Server: Scalable Identity LDAP based authentication ( who are you ): Widely supported; OS access through NIS or PAM gateway Supports Kerberos via SASL GSS-API mechanism Integrated support for X.509 certificates Supports databases, legacy systems via plug-in API Fine-grained access control ( what can you do ) Using external criteria e.g. type of connection, day of week/time, hostname/ip Using groups ( engineering ) and roles ( managers ) Controls access to services, devices, other resources High availability and scalability through Multi-Master Replication, chaining, and distribution

Key Features: Flexible Administration Many tasks possible without downtime, e.g.: Change server and database configuration Bulk-load data, export data, back up database Add new/change schema, create new indexes LDAP used for configuration and monitoring Configuration exposed as a set of LDAP entries Real-time status and statistics available over LDAP Configuration files are LDIF File format same as LDAP format Can also use SNMP for monitoring Administration can be done from the command line or a GUI console

Console Interface

Key Features: Performance and Scalability High speed search and retrieval Thousands of reads per second per server Hundreds of writes per second per server Reflects years of experience with very large deployments. High performance data store Designed for 10M+ entries on average Maximum capacity in the terabytes (up to OS limit) Data distribution for scalability Server farm distributes entries; server farm to store "buckets" Distribution schemes are plug-ins Scalability to hundreds of millions of entries exists

Key Features: Reliability and Availability High availability through multi master replication Simultaneous update with conflict resolution Write availability n o single point of write failure Read availability p ut data close to the application Data redundancy for failover, load balancing When you make a change to one server, you don't have to wait for change to propagate to all servers Fault tolerance via database transaction logging with automated recover

What Is Multi-Master Replication? Master copies reside on multiple servers Masters can be situated in different data centers, different geographic areas Changes to data can be made to closest server, and are then propagated to the other masters Failover ensures continuous service Automatic time based conflict resolution Not appropriate for every deployment adds some complexity Development requires extensive testing

Key Elements of Multi-Master Replication Updateable Masters with Multi-Master replication to each other Replica Hubs Used to reduce work load on masters Read-Only Replicas Local replicas servicing search and lookup requests from apps

Deployment Scenarios Very high availability requirements Multiple masters running in different geographic locations Replication Supplier/Consumer or Multi-Master Over slow links Fractional Replication Chaining Performance Indexes Multiple front end search servers Online Backups

Key Features: Access Control Access can be controlled down to the attribute value level if desired Very fine grained control Hierarchical (scope matters) Lower levels inherit access control from higher levels Access control info stored with data on server Access controls based on user or group membership, IP or domain name, time of day, and many other criteria

Key Features: Security Multiple authentication mechanisms Userid/passwd, Digest MD5 User certificate (X.509) Kerberos authentication via SASL/GSSAPI Impersonation (proxy) for multi tier client apps Built in password management Hack protection login tries, account lockout Crack protection minimum length, no "trivial" passwords, password history Selectable password storage (clear, crypt, SHA1) Secure access using TLS (SSL) and certificates Denial of Service protection

Key Features: Plug-in API Easily customize and extend Directory Server via the plug in API (C/C++) Categories of plug ins Pre operation filters Post operation triggers Core features, such as the data store, access control, replication implemented with the Plug in API Plug ins can be turned on or off as needed

Roadmap Solidify leadership in enterprise directory features. Under consideration: x86 64-bit support MS Active Directory improvements Better manage resource consumption Expose High Availability features of SleepyCat backend database Virtual directory features Layered products built on core Directory capabilities, such as Improved desktop applications (phonebook, organisation chart) Identity management user portal Identity management/policy server

Questions? http://fedora.redhat.com/ http://www.fedoraproject.org/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information