基于LDAP目录的校园网用户管理系统JUSTNET
|
摘要
本文分析了目录技术对IP网络管理发展的重要意义,提出了以轻量级目录服务为中心进行IP网络用户管理的设想,并在校园网环境下初步实现了一个基于LDAP目录的IP网络用户管理系统Justnet。Justnet系统在开放的Linux系统平台下实现,主要由LDAP目录服务、DHCP服务、控制网关、客户端登录软件和基于Web浏览器的管理工具等模块组成,使用LDAP目录来集中存储用户信息和部分服务配置信息,能够根据用户身份对其进行主机配置和各种网络服务的访问控制,并采取了各种措施保证可用性和安全性。
This paper first gives an analysis of the important impact caused by directory technology on the development of IP network management, then proposes a scheme of IP network user management in which directory service plays a core role, and explains the implementation of a LDAP based campus network user management system: Justnet. Justnet is implemented on the Linux platform and mainly consists of LDAP service, DHCP service, control gateway, user login client and web based administration tools. A variety of measures have been taken to ensure the security and availability of the system. This system, which stores user account data and some service configurations in a LDAP directory, can perform TCP/IP host configuration and apply proper access control according to user identity and administrator-defined policies.
This paper first gives an analysis of the important impact caused by directory technology on the development of IP network management, then proposes a scheme of IP network user management in which directory service plays a core role, and explains the implementation of a LDAP based campus network user management system: Justnet. Justnet is implemented on the Linux platform and mainly consists of LDAP service, DHCP service, control gateway, user login client and web based administration tools. A variety of measures have been taken to ensure the security and availability of the system. This system, which stores user account data and some service configurations in a LDAP directory, can perform TCP/IP host configuration and apply proper access control according to user identity and administrator-defined policies.
引文
[1] Tim Howes, Mark C. Smith, Gordon S. Good, Timothy A. Howes.Understanding and Deploying LDAP Directory Services.Basingstoke Hampshire: MacMillan Publishers Limited, 1999
[2] Tim Howes, Mark Smith.LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol. Basingstoke Hampshire: MacMillan Publishers Limited, 1997
[3] Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis, Johan Westman.Understanding LDAP.New York: IBM Corporation, 1998
[4] Berry Kercheval.A Guide to Dynamic TCP/IP Network Configuration.New Jersey: Prentice Hall, Inc., 1999
[5] Ted Lemon, Ralph E. Droms.The DHCP Handbook: Understanding, Deploying, and Managing Automated Configuration Services. Basingstoke Hampshire: MacMillan Publishers Limited, 1999
[6] Neall Alcott.DHCP for Windows 2000.Cambridge: O'Reilly & Associates, Inc.,2001
[7] M. Wahl, T. Howes, S. Kille.RFC2251 - Lightweight Directory Access Protocol (v3).Reston: Internet Engineering Task Force, 1997
[8] J. Hodges,R. Morgan, H. Alvestrand, M. Wahl.RFC2829 - Authentication Methods for LDAP.Reston: Internet Engineering Task Force, 2000
[9] E. Stokes, D. Byrne, B. Blakley, P. Behera.RFC2820 - Access Control Requirements for LDAP.Reston: Internet Engineering Task Force, 2000
[10] D.Crocker, Ed, P. Overell.RFC2234 - Augmented BNF for Syntax Specifications.Reston: Internet Engineering Task Force, 1997
[11]M. Wahl, A. Coulbeck, T. Howes, S. Kille.RFC2252 - Lightweight Directory Access Protocol (v3) Attribute Syntax Definitions.Reston: Internet Engineering Task Force, 1997
[12]T. Howes, S. Kille, W. Yeong, C. Robbins.RFC1778 - The String Representation of Standard Attribute Syntaxes.Reston: Internet Engineering Task Force, 1995
[13]M. Wahl.RFC2256 - A Summary of the X.500(96) User Schema for use with LDAPv3.Reston: Internet Engineering Task Force, 1997
[14]T. Howes.RFC2254 - The String Representation of LDAP Search Filters.Reston: Internet Engineering Task Force, 1997
[15]T. Howes, M. Smith.RFC1823 - The LDAP Application Program Interface.Reston: Internet Engineering Task Force,1995
[16]G.Good.RFC2849 - The LDAP Data Interchange Format(LDIF).Reston:Internet Engineering Task Force,2000
[17]R.Braden.RFCl122 - Requirements for Internet Hosts - Communication Layers.Reston:Internact Engineering Task Force,1989
[18]R.Braden.RFC1123 - Requirements for Internet Hosts - Application and Support.Reston:Internet Engineering Task Force,1989
[19]R.Droms.RFC2131 - Dynamic Host Configuration Protocol.Reston:Internet Engineering Task Force,1997
[20]S.Alexander.RFC1533 - DHCP Options and BOOTP Vendor Extensions.Reston:Internet Engineering Task Force,1993
[21]W.Richard Stevens.TCP/IP Illustrated,Volume 1.Boston:Addison-Wesley Professional,1994
[22]Anthony Jones,Jim Ohlund.Network Programming for Microsoft Windows.Redmond:Microsoft Press,1999
[23]W.Richard Stevens.Advance Programming in the UNIX Environment.Boston:Addison-Wesley Professional,1992
[24]David J.Kruglinski.Programming Visual C++.Redmond:Microsoft Press,1998
[25]Tim Parker.TCP/IP技术大全.北京:机械工业出版社,2000
[26]Paul Albitz,Cricket Liu.DNS与BIND.第三版.北京:中国电力出版社,2000
[27]Douglas E.Comer,David L.Stevens.TCP/IP网络互连技术 卷1.第三版.北京:清华大学出版社,1998
[28]Douglas E.Comer,David L.Stevens.TCP/IP网络互连技术 卷3.第二版.北京:清华大学出版社,1998
[29]W.Richard Stevens.Unix网络程序设计 卷1.第二版.北京:清华大学出版社,1998
[30]Anthony Jones,Jim Ohlund.Windows网络编程技术.北京:机械工业出版社,2000
[2] Tim Howes, Mark Smith.LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol. Basingstoke Hampshire: MacMillan Publishers Limited, 1997
[3] Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis, Johan Westman.Understanding LDAP.New York: IBM Corporation, 1998
[4] Berry Kercheval.A Guide to Dynamic TCP/IP Network Configuration.New Jersey: Prentice Hall, Inc., 1999
[5] Ted Lemon, Ralph E. Droms.The DHCP Handbook: Understanding, Deploying, and Managing Automated Configuration Services. Basingstoke Hampshire: MacMillan Publishers Limited, 1999
[6] Neall Alcott.DHCP for Windows 2000.Cambridge: O'Reilly & Associates, Inc.,2001
[7] M. Wahl, T. Howes, S. Kille.RFC2251 - Lightweight Directory Access Protocol (v3).Reston: Internet Engineering Task Force, 1997
[8] J. Hodges,R. Morgan, H. Alvestrand, M. Wahl.RFC2829 - Authentication Methods for LDAP.Reston: Internet Engineering Task Force, 2000
[9] E. Stokes, D. Byrne, B. Blakley, P. Behera.RFC2820 - Access Control Requirements for LDAP.Reston: Internet Engineering Task Force, 2000
[10] D.Crocker, Ed, P. Overell.RFC2234 - Augmented BNF for Syntax Specifications.Reston: Internet Engineering Task Force, 1997
[11]M. Wahl, A. Coulbeck, T. Howes, S. Kille.RFC2252 - Lightweight Directory Access Protocol (v3) Attribute Syntax Definitions.Reston: Internet Engineering Task Force, 1997
[12]T. Howes, S. Kille, W. Yeong, C. Robbins.RFC1778 - The String Representation of Standard Attribute Syntaxes.Reston: Internet Engineering Task Force, 1995
[13]M. Wahl.RFC2256 - A Summary of the X.500(96) User Schema for use with LDAPv3.Reston: Internet Engineering Task Force, 1997
[14]T. Howes.RFC2254 - The String Representation of LDAP Search Filters.Reston: Internet Engineering Task Force, 1997
[15]T. Howes, M. Smith.RFC1823 - The LDAP Application Program Interface.Reston: Internet Engineering Task Force,1995
[16]G.Good.RFC2849 - The LDAP Data Interchange Format(LDIF).Reston:Internet Engineering Task Force,2000
[17]R.Braden.RFCl122 - Requirements for Internet Hosts - Communication Layers.Reston:Internact Engineering Task Force,1989
[18]R.Braden.RFC1123 - Requirements for Internet Hosts - Application and Support.Reston:Internet Engineering Task Force,1989
[19]R.Droms.RFC2131 - Dynamic Host Configuration Protocol.Reston:Internet Engineering Task Force,1997
[20]S.Alexander.RFC1533 - DHCP Options and BOOTP Vendor Extensions.Reston:Internet Engineering Task Force,1993
[21]W.Richard Stevens.TCP/IP Illustrated,Volume 1.Boston:Addison-Wesley Professional,1994
[22]Anthony Jones,Jim Ohlund.Network Programming for Microsoft Windows.Redmond:Microsoft Press,1999
[23]W.Richard Stevens.Advance Programming in the UNIX Environment.Boston:Addison-Wesley Professional,1992
[24]David J.Kruglinski.Programming Visual C++.Redmond:Microsoft Press,1998
[25]Tim Parker.TCP/IP技术大全.北京:机械工业出版社,2000
[26]Paul Albitz,Cricket Liu.DNS与BIND.第三版.北京:中国电力出版社,2000
[27]Douglas E.Comer,David L.Stevens.TCP/IP网络互连技术 卷1.第三版.北京:清华大学出版社,1998
[28]Douglas E.Comer,David L.Stevens.TCP/IP网络互连技术 卷3.第二版.北京:清华大学出版社,1998
[29]W.Richard Stevens.Unix网络程序设计 卷1.第二版.北京:清华大学出版社,1998
[30]Anthony Jones,Jim Ohlund.Windows网络编程技术.北京:机械工业出版社,2000