LDAP

Loading...

From the course by Google

IT Security: Defense against the digital dark arts

539 ratings

Google

IT Security: Defense against the digital dark arts

539 ratings

Course 5 of 5 in the Specialization Google IT Support Professional Certificate

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: Authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: - how various encryption algorithms and techniques work and their benefits and limitations. - various authentication systems and types. - the difference between authentication and authorization. At the end of this course, you’ll be able to: - evaluate potential risks and recommend ways to reduce risk. - make recommendations on how best to secure a network. - help others to understand security concepts and protect themselves.

From the lesson

AAA Security (Not Roadside Assistance)

In the third week of this course, we'll learn about the "three A's" in cybersecurity. No matter what type of tech role you're in, it's important to understand how authentication, authorization, and accounting work within an organization. By the end of this module, you'll be able to choose the most appropriate method of authentication, authorization, and level of access granted for users in an organization.

Authentication Best Practices6:17

Multifactor Authentication12:24

Certificates3:37

Single Sign-On3:37

Rob Path to IT1:29

Meet the Instructors

Google

LDAP, or Lightweight Directory Access Protocol, is an open industry-standard

protocol for accessing and maintaining directory services.

When we say directory services,

we're referring to something similar to a phone or email directory.

It's most commonly used as a backend for authentication of accounts.

The LDAP specification describes the data structure of the directory itself.

And defines functions for interacting with the service, like performing look ups and

modifying data.

You can think of a directory like a database, but with more details or

attributes, describing entities within the database.

The structure of an LDAP directory is a sort of tree layout and is optimized for

retrieval of data more so than writing.

Think of it as being similar to a phone book being used for

looking up data far more often than making modifications to that data.

Directories can be hosted across lots of different LDAP servers to facilitate more

rapid look ups, and are kept in sync through replication of the directory.

So what kind of data gets stored in directory entry, exactly?

Similar to an address book, an entry for a particular user will contain

information pertaining to that user account, like their first and last name,

phone number, desk location, email address, login shell, and other such data.

Along with object attributes the location of an entry within the overall data

structure will represent information pertaining to the objects as relationships

between objects.

Because LDAP uses a tree structure called a Data Information Tree, objects will

have one parent and can have one or more children that belong to the parent object.

You can also think about this like a file system

with a root file system in folders under that.

The folder an object belongs to will provide information about that object

because of its relationship to the parent object.

In LDAP language, we call these folders Organizational Units, or OUs.

They let us group related objects into units like people or groups to distinguish

between individual user accounts and groups that accounts can belong to.

This tree structure also allows for inheritance and

nesting of objects, where attributes or properties of a parent object

can be inherited by children further down the tree.

Now, since it is possible for entries in the directory to share attributes,

there must be a unique identifier for each entry.

We call this, Distinguished Name, or DN.

Coming back to our file system analogy,

you can think of a DN as a full path to a file as opposed to a file name.

This is because you can have multiple files with the same file name across

a file system.

But the fully qualified path to the file would describe one unique file.

Some of the more common operations that can be called by a client to interact

with an LDAP server are bind, which is how clients authenticate to the server.

StartTLS, which permits a client to communicate using LDAP v3 over TLS.

Search, for performing look ups and retrieval of records.

Add/delete/modify which are various operations to write data to the directory,

and Unbind, which closes the connection to the LDAP server.

Now, there are many implementations of LDAP servers,

like Active Directory from Microsoft and OpenLDAP for open source implementations.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play