LDAP AND ITS DIFFERENT MODELS

-

Lightweight Directory Access Protocol, or we can refer to it as LDAP, is a security software system that is designed to store and arrange the data to make it easily searchable. 


Sort of information that can be stored by LDAP is -


1) Information about organizations

2) Devices

3) Users stored in directories


Servers mainly use LDAP to speak with on-premise directories.


The information stored in an LDAP system is framed in a hierarchical structure, and it is known as Directory Information Tree (DIT). All the organizing, and structuring of data, which make it easier to navigate directories, find specific data, and administer user access policies is done by DIT. 


LDAP functions to serve as the central hub, or we can source for authentication and authorization.




Apart from data and information, LDAP also stores user credentials (username/password) and then accesses them later to authenticate the user.


LDAP is based and functions on a client-server interaction. 


Let us talk about different LDAP models, and they are mentioned below. So let's have a look at them. 


LDAP Models

There are four different types of LDAP models based on the services LDAP offers. 

 

INFORMATION MODEL

As the name suggests, this model determines what information to store in LDAP. 


The information stored in this LDAP model is done in an entry form, and an entry is identified by the real-world object (servers, devices, users) in a network through attributes describing the object. Users are able to get access based on the entries. 

 

NAMING MODEL

The naming model is responsible for assigning the entries their name, and it is done based on their position in the DIT hierarchy. 

 

FUNCTIONAL MODEL

The functional model has the role of assigning functions in an LDAP server. 


These functions can be broken down into three main categories, and each of them further has its own subcategories.


  • Query 

  • Update 

  • Authentication 


SECURITY MODEL

The last model, i.e., the security model, gives clients an opportunity to provide their identity for authentication. After the authentication process, servers can determine the level of data one can access based on the policies. 

Comments

Post a Comment

Popular posts from this blog

Zero Trust vs. Traditional Security: The Power of Automation and AI in Modern Cybersecurity

-
Image
The Zero Trust Model has emerged as a powerful alternative to traditional security models in the ever-evolving cybersecurity landscape. It challenges the long-standing notion of Trust within a network and offers a more proactive, comprehensive approach to safeguarding sensitive data.  This article conducts a comparative analysis of Zero Trust and traditional security models, shedding light on what sets Zero Trust apart and why it is gaining momentum. Traditional Security: The Perimeter Defense Paradigm The idea of a network perimeter has long been a cornerstone of conventional security approaches. Trust is often assumed inside the network, while external entities are treated as potential threats. Critical characteristics of traditional security include: Firewalls and Intrusion Detection Systems (IDS) - They serve as a perimeter defense and stop unlawful entry. To identify insider risks, though, they might have trouble. VPN and Network Segmentation -   These technologies crea...
Read more

Security of Zero Trust Model in Business Infrastructure

-
The Zero Trust Mode l is a cybersecurity approach that assumes no trust by default, both inside and outside a corporate network. This means that every user, device, and application trying to access resources on a private network must be verified and authenticated, regardless of their location or network environment. The model challenges the traditional notion of "trust but verify" by implementing strict access controls and continuous verification processes. 
Read more

Secure Your Data From Hacker With RBAC System

-
The role based access control system is a secure security approach that helps to protect your business sensitive data from cyber hackers. It is an authorized and restricted cyber security system that gives access data to users that is based on their roles within an organization. It is based on the concept of roles and privileges. The data using the access system is dependent upon authority, competency, and responsibilities.
Read more