Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Network Access Security 135<br />
■ eDirectory was developed by Novell for Novell NetWare networks. Previous<br />
versions for Novell NetWare 4.x and 5.x were called Novell Directory Services<br />
(NDS).<br />
■ OpenLDAP was developed by Apple for networks running Mac OS X Servers.<br />
Lightweight Directory Access Protocol (LDAP) is a protocol that enables clients<br />
to access information within a directory service, allowing the directory to be<br />
searched and objects to be added, modified, and deleted.<br />
■<br />
■<br />
■<br />
■<br />
Characteristics of LDAP are as follows:<br />
■ LDAP was created after the X.500 specification that uses the Directory<br />
Access Protocol (DAP).<br />
■ LDAP directories follow a hierarchy using a tree-like structure, where the<br />
top of the hierarchy is called the root. The root server is used to create the<br />
structure of the directory, with organizational units (OU) and the objects<br />
branching out from the root.<br />
■ Parts of the directory structure may exist on different servers. Segmenting<br />
the tree based on organization or division and storing each<br />
branch on separate directory servers increases the security of the LDAP<br />
information.<br />
■ The topmost level of the hierarchy generally uses the DNS namespace to<br />
identify the tree.<br />
Characteristics of the OU are as follows:<br />
■ OUs are used to identify different branches of the organization or<br />
network.<br />
■ To identify the OUs, each has a name that must be unique in its place in<br />
the hierarchy.<br />
■ Each OU can be nested in other OUs.<br />
■ You can’t have two OUs with the same name in the same parent OU.<br />
■ You can have OUs with the same name in different areas of the hierarchy.<br />
Objects and Attributes:<br />
■ The name given to each object is referred to as a common name, which<br />
identifies the object but doesn’t show where it resides in the hierarchy.<br />
■ You can’t have two objects with the same name in an OU.<br />
■ A distinguished name is used to identify the object’s place in the hierarchy.<br />
■ The distinguished name is a unique identifier for the object and is made<br />
up of several attributes of the object. It consists of the relative distinguished<br />
name, which is constructed from some attribute(s) of the object, followed<br />
by the distinguished name of the parent object.<br />
Schema and Classes:<br />
■ The schema defines the object classes and the attribute types.<br />
■ Object classes define what the object represents (that is, user, computer,<br />
and so forth) and a list of what attributes are associated with the<br />
object.<br />
■ Each of the attributes associated with an object is defined in the schema.<br />
■ Because LDAP is binary, to view the attributes of an object, the information<br />
can be represented in LDAP Data Interchange Format (LDIF).