Oct 21

AD, LDAP & Some Involved Services

Lightweight Directory Access Protocol, also known as LDAP, is a protocol created to gain access to directory services so that you can grab data. A directory service is a service, done by software, that organized, stores and presents access to the information stored inside it. Active directory is a type of directory service made by Microsoft. With this said, you need to follow through with LDAP in order for Active Directory to comprehend and respond back to your requests.
Now LDAP and Active Directory are not required to be used together, you have other options. There are freeware Active Directory services such as OpenLDAP. There has also been services designed that, in my opinion, goes above and beyond LDAP. Kerberos, created by Microsoft, is an Active Directory developed for just this reason.
I’ll get back to Kerberos in just a moment. LDAP is a creation for the cooperation of telecommunication companies which allowed the pulling of data from a server through TCP/IP. LDAP, designed in the 1980’s has obviously been through many changes since. Now Active Directory on the other hand, is a Microsoft product which has been created based mostly on LDAP so that the two can work together “peacefully,” if you will.
Now I’ll get back to the protocol that goes by the name of Kerberos. Kerberos is an authentication protocol within computer networking. This protocol allows nodes that are communicating through an unsecure network to securely identify themselves to one another. Kerberos is an extremely popular protocol for authentication. This is set default in the Windows 2000 and Windows 2003 environments.
How Kerberos works is that there’s a central authorization server known as the Key Distribution Center which issues a “ticket” to any client that succeeds in logging into the network. That ticket is now used as a “key” for a user or even system to use the resources on the network. These resources can include databases, printers, intranet applications and more. Anything that Kerberos supports can be shared using this key.
One of the main benefits to using Kerberos is that it enables you with a single sign on feature, extremely helpful to users in a large “mixed up” network. How this comes in handy is that once someone has been granted access by the Key Distribution Center, they won’t have a problem accessing multiple network resources without having to keep entering their provided username and password each time.
The Challenge Handshake Authentication Protocol, also known as CHAP, is a bit different ballgame than Kerberos. CHAP is more of just an authentication method. CHAP is a popular, widely compatible authentication technique which sends a different version of a user’s password instead of the password itself. The RAS (remote access server) sends a challenge to the RAC (remote access client) using the MD5 hash algorithm I’ve spoken about before for authentication. This provides a one way encryption for this authentication protocol.
Extended Research
LDAP Alternatives!
Although countless hours are put into designing software and testing it for “bugs” (flaws found in software), there are always going to be something that someone does not like about the application. This is why there are so many different versions of the programs that are out there. Just as people have different taste in music, people also have different taste in software.
For example, there are many versions of the popular instant messaging software that goes by the name of AOL Instant Messenger (AIM). Some of these alternative applications are Trillin, Pidgin (also known as GAIM), Dead AIM (an add-on to older versions of AIM), Miranda and many more. It is no different with more professional software used by companies to help run their hundred thousand or even billion dollar company. Whether you’re against using the original versions of software because of the price, compatibility or just simply the features, there are alternatives for almost every piece of software out there.
LDAP is no different. OpenLDAP is I mentioned earlier is a great authentication system which is can be used on Linux and like many software applications for Linux, is completely free. OpenLDAP is also open source which means users can edit it themselves to fit their needs or others needs but must provide the source code when distributing it.
iPlanet is another LDAP alternative only this one can run on not only Linux, but Solaris and Windows systems also. One downside to iPlanet though, is that although the directory server has a Windows NT to LDAP password system, direct authentication to the directory server isn’t possible from Windows systems. This is what leads me to believe NDS is probably the best alternative.
NDS, Novell’s directory service can run on Windows, NetWare, Solaris, and Linux. Almost all versions of Windows (even Windows 98), Linux and Solaris can all be used. It’s compliant with all standards and has been found to perform well in many situations. The only major downside to NDS though seems to be the price.
Like I said before, almost all software and services out there has alternatives to it. Have a program that you think should be free, have better features or work on a different operating system? Try going to www.Google.com and typing in the software name (and version if available), followed by the word “alternatives.” If you’re looking for a free version of the software you can try something like “freeware alternative” or for operating systems “Linux alternative.”

Mathew Gajewski

Warning: count(): Parameter must be an array or an object that implements Countable in /homepages/4/d289686807/htdocs/drpcrepair/blog/wp-includes/class-wp-comment-query.php on line 405

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>