Download - Introduction to Perl Net::LDAP
![Page 1: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/1.jpg)
Net::LDAP
Clément OUDOTFOSDEM 2014
![Page 2: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/2.jpg)
2
Clément::OUDOT
Work
10
Free software
![Page 3: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/3.jpg)
3
Table::of::contents● LDAP protocol● Net::LDAP● Usage examples
![Page 4: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/4.jpg)
4
LDAP
![Page 5: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/5.jpg)
5
LDAP::protocol● Defined by standards (RFC)● LDAPv2 in 1995, LDAPv3 in 1997● TCP/IP, LBER, ASN1 ● 9 core operations, and extended
operations● Schema define object classes, attributes,
syntaxes and matching rules● Data organized hierarchically (tree)
![Page 6: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/6.jpg)
6
Directory::Information::Tree
dc=linid,dc=org
ou=people ou=groupsou=structures
uid=coudot cn=admin
![Page 7: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/7.jpg)
Entry::Attribute::Value
Attribute Attribute
AttributeAttribute
Entry
Attribute
Value
Value
Value
![Page 8: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/8.jpg)
LDIF● LDAP Data Interchange Format
dn: uid=coudot,ou=users,dc=example,dc=comobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: personobjectClass: topuid: coudotmail: [email protected]: Clément OUDOTsn: OUDOYgivenName: Clément
![Page 9: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/9.jpg)
Tips::Devel::LDAP● LDAP is a connected protocol: 1 connection,
several operations● For each operation, a return code: test it!● LDAPS is deprecated, use startTLS● Use LDAPv3● Say hello! (BIND)● Say goodbye! (UNBIND)● Use search parameters to improve
performances
![Page 10: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/10.jpg)
10
Net::LDAP
![Page 11: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/11.jpg)
11
A module with modules● Net::LDAP: main module● Net::LDAP::LDIF: manipulate LDIF files● Net::LDAP::RFC: list of RFC (POD)● Net::LDAP::Schema: parse schema● Net::LDAP::Extensions::*● Net::LDAP::Control::*● And many others...
![Page 12: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/12.jpg)
12
Credits● Graham Barr <[email protected]>● Peter Marschall <[email protected]>● Chris Ridd <[email protected]>
![Page 13: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/13.jpg)
13
Create a connection● Create a new Net::LDAP object● Specify host, port, scheme● Other options:
● dsebug● IO::Socket options● async● version (v3 is the default)● onerror
![Page 14: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/14.jpg)
14
Authentication● Bind with a DN and a password● Bind anonymously● Bind with SASL● Client certificate with startTLS
![Page 15: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/15.jpg)
15
Search● You need to provide:
● Base● Scope● Filter● Attributes
● Search can return 0 entries and be successful
![Page 16: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/16.jpg)
16
Entry● Entries object are returned by search or
generated from LDIF, or generated from scratch
● Methods to:● browse attributes and values● to add/modify/delete values● export to LDIF
![Page 17: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/17.jpg)
17
Add and delete● Add method parameters:
● Net::LDAP::Entry● DN and list of attributes
● Delete method parameters:● Net::LDAP::Entry● DN
![Page 18: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/18.jpg)
18
Modification● Add, replace, delete values● Modification applies to one entry:
● Net::LDAP::Entry● DN
● To rename/move an entry, use moddn:● Define a new RDN● Define a new superior
![Page 19: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/19.jpg)
19
Password::Policy● Password policy controls password quality
at modification, and prevent brute force attack at authentication
● Net::LDAP::Control::PasswordPolicy:● Sent by client● Sent back by server
![Page 20: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/20.jpg)
20
Usage::examples
![Page 21: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/21.jpg)
21
Apache::Session::LDAP● Implements Apache::Session interface● Store sessions as entries in LDAP● See also
Apache::Session::Browseable::LDAP for indexed sessions
![Page 22: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/22.jpg)
22
Scripts● Provided by LDAP Tool Box project:
● Monitoring scripts:– Check LDAP response time– Check OpenLDAP syncrepl status– Check OpenLDAP monitor data
● Data manipulation:– CSV to LDIF or LDIF to LDIF– Convert data from SUN/Oracle to OpenLDAP
![Page 23: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/23.jpg)
23
LemonLDAP::NG● WebSSO, Access Control and Identity
Federation free software● Authentication against LDAP● Password modification in LDAP● Session storage in LDAP● Configuration storage in LDAP● Notification storage in LDAP● Implements Password Policy
![Page 24: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/24.jpg)
24
Almost the end...
![Page 25: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/25.jpg)
25
Thanks● Special thanks to:
● FOSDEM and their organizers● Company LINAGORA● All Perl developers
● Keep in touch:● Twitter: @clementoudot ● IRC: KPTN #linagora@freenode● Web: http://coudot.blogs.linagora.com
![Page 26: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/26.jpg)
26
Questions?
![Page 27: Introduction to Perl Net::LDAP](https://reader034.vdocuments.net/reader034/viewer/2022052315/54c6af0c4a795938788b4578/html5/thumbnails/27.jpg)
Thanks for your attention
http://www.linid.org
Logiciels et services Open Source80 rue Roque de Fillol l 92800 PUTEAUXTel : 0810 251 251 l Fax : +33 1 46 96 63 64www.linagora.com