Directory Protocols ====================== .. toctree:: :maxdepth: 1 :hidden: :includehidden: LDAP LDAPS DAP DSML NIS Directory protocols are used to centrally manage, organize, and access directory information such as users, groups, and devices — typically in enterprise environments that require secure, scalable identity and resource management. .. list-table:: :widths: 20 60 20 :header-rows: 1 * - Protocol - Description - Use Case * - LDAP (Lightweight Directory Access Protocol) - A lightweight protocol used to access and maintain distributed directory services over IP networks. LDAP is widely used in enterprise environments for centralized authentication and directory lookups. *Commonly used with Active Directory and OpenLDAP.* - Enterprise SSO, directory lookups, centralized authentication * - LDAPS (LDAP over SSL/TLS) - Secure version of LDAP that wraps communication in SSL/TLS to encrypt all directory traffic. Operates over TCP port 636 for secure communication. *Encrypts credentials and improves confidentiality and integrity.* :contentReference[oaicite:0]{index=0} - Secure enterprise authentication, especially over untrusted networks * - DAP (Directory Access Protocol) - The original X.500 directory access protocol defined by ITU‑T/ISO. Based on the full OSI protocol stack; less commonly used due to complexity. :contentReference[oaicite:1]{index=1} - Theoretical or legacy directory access in OSI-based systems * - DSML (Directory Services Markup Language) - XML representation of directory service information and operations based on LDAP, often used over SOAP. Enables directory interaction in web and XML-based environments. :contentReference[oaicite:2]{index=2} - Directory integration via XML and web services * - NIS (Network Information Service) - Sun Microsystems protocol for distributing system configuration data like user, host, and group info. Known originally as "Yellow Pages" (YP); not encrypted. :contentReference[oaicite:3]{index=3} - Legacy UNIX authentication and configuration sharing .. tab-set:: .. tab-item:: LDAP (Lightweight Directory Access Protocol) **RFC:** RFC 4511 **Main Features:** - Lightweight protocol for accessing and maintaining directory information - Runs over TCP/IP (commonly on port 389) - Optimized for read-heavy operations - Hierarchical structure using DN (Distinguished Names) - Widely supported in enterprise applications and systems - Supports user and group queries, authentication info, email directories, etc. **Use Cases:** - Centralized authentication in enterprise environments - Directory lookups for users, groups, devices, or services - Integration with Active Directory or OpenLDAP - Enterprise Single Sign-On (SSO) and role-based access control **Alternative Protocols:** - Kerberos – For secure authentication and SSO - RADIUS – For AAA with network access devices - TACACS+ – For device-level admin access and AAA - SCIM – System for Cross-domain Identity Management (modern identity APIs) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about LDAP:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`LDAP Version&IEEE Details ` * :ref:`LDAP Basic Setup on Ubuntu using IPv4 ` * :ref:`LDAP Basic Setup on Ubuntu using IPv6 ` * :ref:`LDAP Protocol Packet Details ` * :ref:`LDAP Usecases ` * :ref:`LDAP Basic Features ` * :ref:`LDAP Feature : Hirerarchical Structure ` * :ref:`LDAP Feature : Standard Protocol ` * :ref:`LDAP Feature : Centralized Authentication ` * :ref:`LDAP Feature : Scalability ` * :ref:`LDAP Feature : Flexible Schema ` * :ref:`LDAP Feature : Access Control ` * :ref:`LDAP Feature : Replication ` * :ref:`LDAP Feature : Search Capabilities ` * :ref:`Reference links ` .. button-link:: ./LDAP.html :color: primary :shadow: :expand: Jump to "LDAP" .. tab-set:: .. tab-item:: LDAPS (LDAP over SSL/TLS) **RFC:** Extension of LDAP with SSL/TLS (not a formal RFC, but widely documented) **Main Features:** - Encrypts LDAP traffic using SSL/TLS to enhance security - Operates over TCP port 636 by default - Protects credentials and directory data from eavesdropping and tampering :contentReference[oaicite:4]{index=4} **Use Cases:** - Secure authentication for enterprise directories over untrusted networks - Compliance with privacy and security regulations **Alternative Protocols:** - LDAP over StartTLS – encryption negotiated during session on port 389 - Kerberos – stronger authentication layer .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about LDAPS:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`LDAPS Version&IEEE Details ` * :ref:`LDAPS Basic Setup on Ubuntu using IPv4 ` * :ref:`LDAPS Basic Setup on Ubuntu using IPv6 ` * :ref:`LDAPS Protocol Packet Details ` * :ref:`LDAPS Usecases ` * :ref:`LDAPS Basic Features ` * :ref:`Reference links ` .. button-link:: ./LDAPS.html :color: primary :shadow: :expand: Jump to "LDAPS" .. tab-set:: .. tab-item:: DAP (Directory Access Protocol) **RFC:** Defined by ITU‑T/ISO in X.511 (part of X.500 standard) :contentReference[oaicite:5]{index=5} **Main Features:** - OSI-based protocol used to access X.500 directory services - Supports operations like Bind, Read, Search, Modify, Add, Delete - Complex due to use of full OSI stack **Use Cases:** - Historical or theoretical directory access in OSI environments - Basis for LDAP, but rarely used in modern IP networks **Alternative Protocols:** - LDAP – Lightweight alternative over TCP/IP - RESTful directory APIs over HTTP .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about DAP:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`DAP Version&IEEE Details ` * :ref:`DAP Basic Setup on Ubuntu using IPv4 ` * :ref:`DAP Basic Setup on Ubuntu using IPv6 ` * :ref:`DAP Protocol Packet Details ` * :ref:`DAP Usecases ` * :ref:`DAP Basic Features ` * :ref:`Reference links ` .. button-link:: ./DAP.html :color: primary :shadow: :expand: Jump to "DAP" .. tab-set:: .. tab-item:: DSML (Directory Services Markup Language) **RFC:** OASIS DSML v2 specification :contentReference[oaicite:6]{index=6} **Main Features:** - XML-based representation of directory data and operations (LDAP schema) - Can be transported via SOAP for web services integration **Use Cases:** - Directory access in XML/SOAP environments - Enterprise service orchestration and identity federation **Alternative Protocols:** - SCIM – Modern REST API for identity provisioning - LDAP – Traditional binary protocol .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about DSML:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`DSML Version&IEEE Details ` * :ref:`DSML Basic Setup on Ubuntu using IPv4 ` * :ref:`DSML Basic Setup on Ubuntu using IPv6 ` * :ref:`DSML Protocol Packet Details ` * :ref:`DSML Usecases ` * :ref:`DSML Basic Features ` * :ref:`Reference links ` .. button-link:: ./DSML.html :color: primary :shadow: :expand: Jump to "DSML" .. tab-set:: .. tab-item:: NIS (Network Information Service) **RFC:** Proprietary protocol by Sun Microsystems; no formal RFC :contentReference[oaicite:7]{index=7} **Main Features:** - Centralizes system config data (users, groups, hostnames, etc.) across UNIX systems - Known as "Yellow Pages" (YP) originally - No encryption; security risks in modern networks **Use Cases:** - Legacy UNIX network authentication and configuration synchronization - Simple environments without encryption needs **Alternative Protocols:** - LDAP – More secure and flexible directory access - Kerberos – For secure authentication .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: What You Will Learn in This Section **Let us learn more about NIS:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`NIS Version&IEEE Details ` * :ref:`NIS Basic Setup on Ubuntu using IPv4 ` * :ref:`NIS Basic Setup on Ubuntu using IPv6 ` * :ref:`NIS Protocol Packet Details ` * :ref:`NIS Usecases ` * :ref:`NIS Basic Features ` * :ref:`Reference links ` .. button-link:: ./NIS.html :color: primary :shadow: :expand: Jump to "NIS"