MODULE 4

avatar
Created by
Jev

Cards (63)

  • Directory Server
    A lookup service that provides mapping between network resources and network addresses
  • Replication
    The stored directory data can be copied and distributed across servers but still appear as one unified data store
  • Replication
    • Provides redundancy by having multiple servers available simultaneously
    • Decreases latency when accessing the directory service
  • Organizational Units (OUs)

    Containers or folders that can contain objects or more OUs
  • Directory Service Structure
    • Hierarchical model of objects and containers (OUs)
    • OUs can convey differences between sub-users
  • X.500 Directory Standard
    Approved in 1988, included protocols like Directory Access Protocol, Directory System Protocol, Directory Information Shadowing Protocol, and Directory Operational Bindings Management Protocol
  • LDAP
    Lightweight directory access protocol, open standards for communication and access for directory services
  • LDAP Implementations

    • Apache
    • Oracle
    • IBM
    • Red Hat
  • Active Directory (AD)

    Microsoft's implementation of directory services with customization and added features for the Windows platform
  • OpenLDAP
    Supports a wide range of platforms like Windows, Unix, Linux and various Unix derivatives
  • ADUC
    Microsoft Office Active Directory Users and Computers, client tools for accessing and administering a directory server
  • Directory Services
    • Provide centralized authentication, authorization, and accounting (AAA)
    • Provide role-based access control (RBAC) to restrict network access based on user roles
  • Centralized Configuration Management
    Frameworks like Chef, Puppet or SCCM can be used for simple to powerful configuration management
  • LDAP Entry
    A collection of information used to describe something, with a distinguished name (dn), common name (CN), organizational unit (OU), and domain component (DC)
  • LDAP Authentication
    Anonymous, simple (username and password), or SASL (using security protocols like TLS)
  • Kerberos
    A network authentication protocol used to authenticate user identity and secure the transfer of user credentials
  • Active Directory
    The native directory service for Microsoft Windows, includes group policy objects (GPOs) to manage Windows machine configuration
  • Active Directory
    • Contains objects, some of which are containers that can hold other objects
    • A forest contains one or more domains
    • Domain controllers host a replica of the AD database and provide services like DNS, Kerberos authentication
  • FSMO Roles
    Flexible single-master operations roles in Active Directory
  • Security Accounts Manager (SAM)

    A database in Windows that stores user names and password hashes
  • Security Group Types
    • Security groups
    • Distribution groups
    • Domain local groups
    • Global groups
    • Universal groups
  • AD doesn't store user passwords, only one-way cryptographic hashes
  • Encrypting File System (EFS)

    A feature to encrypt files in Active Directory
  • Group Policy Object (GPO)
    A set of policies and preferences that can be applied to a group of objects in the directory
  • GPOs
    • Can contain Computer Configuration and/or User Configuration settings
    • Policies are reapplied every 90 minutes and not meant to be changed by local admins
    • Preferences are meant to be templates for settings
  • Windows Registry
    A hierarchical database of settings used by Windows and many applications for storing configuration data
  • OpenLDAP
    A free and open source directory service that operates similarly to Active Directory
  • LDIF
    LDAP Data Interchange Format, a text file listing attributes and values to describe something
  • OpenLDAP Command Line Tools

    • ldapadd
    • ldapmodify
    • ldapdelete
    • ldapsearch
  • Centralized Management
    • a central service that provides instructions to all of the different parts of IT infrastructure.
  • CN is the common name of the object
  • DC is the main component
  • OU is the organizational unit such as a group
  • Bind Operations - which authenticates clients
  • SASL (simple authentication and security layer) - employ the help of security protocols like TLS, which we've already learned about in Kerberos
  • The security count manager or SAM, is a database in windows that stores user names and password.
  • Policies in the GPO will be reapplied on the machine every 90 minutes
  • Policies are settings that are reapplied every few minutes, and aren't meant to be changed even by the local administrators.
  • LDAP notation or LDAP data interchange format
  • It's easy to manage OpenLDAP through a web browser and tool like phpLDAPadmin, but you can also use command line tools to achieve the same result.