1 00:00:00,000 --> 00:00:01,150 [No audio] 2 00:00:01,150 --> 00:00:04,198 So the difference between Active Directory, LDAP, 3 00:00:04,294 --> 00:00:07,506 IDM, WinBind, OpenLDAP, what are 4 00:00:07,568 --> 00:00:09,618 all these directory services are? 5 00:00:09,704 --> 00:00:11,338 What are the protocols? 6 00:00:11,434 --> 00:00:12,538 I'm so confused. 7 00:00:12,574 --> 00:00:15,750 Please help me which directory to use for my system? 8 00:00:15,860 --> 00:00:18,814 If I have Linux, do I use Active Directory, 9 00:00:18,862 --> 00:00:20,778 do I use LDAP, which is 10 00:00:20,804 --> 00:00:22,998 not actually a directory service? 11 00:00:22,998 --> 00:00:24,958 So a lot of people have that confusion. 12 00:00:25,054 --> 00:00:28,398 So I have added this lesson specifically for 13 00:00:28,424 --> 00:00:32,238 those people who want to learn more about 14 00:00:32,323 --> 00:00:34,842 directory services, so I could help them, they 15 00:00:34,856 --> 00:00:37,966 would be able to implement in their environment. 16 00:00:38,158 --> 00:00:42,486 So the first one and the top one I would say, 17 00:00:42,608 --> 00:00:46,918 which I really like is the Active Directory is for Microsoft. 18 00:00:47,074 --> 00:00:51,800 Microsoft is the owner who has built this product. 19 00:00:52,190 --> 00:00:55,210 When you have thousands of Windows 20 00:00:55,270 --> 00:00:57,642 computers, you do need accounts to 21 00:00:57,656 --> 00:01:00,334 be authenticated against Active Directory server. 22 00:01:00,442 --> 00:01:02,682 So they have implemented or 23 00:01:02,756 --> 00:01:05,406 built an Active Directory product. 24 00:01:05,528 --> 00:01:08,180 So why it is so important 25 00:01:08,570 --> 00:01:10,666 in Windows as compared to Linux? 26 00:01:10,738 --> 00:01:14,598 As I explained it before, Linux is mostly used 27 00:01:14,684 --> 00:01:19,090 in corporate environment for only system administrators or developers 28 00:01:19,150 --> 00:01:21,894 or QA people, very few limited people. 29 00:01:22,052 --> 00:01:25,494 And the users who actually need to log 30 00:01:25,532 --> 00:01:28,146 in, they use the application to log in. 31 00:01:28,208 --> 00:01:29,394 So let's look at example. 32 00:01:29,492 --> 00:01:32,430 For example, let's say you go to Facebook. 33 00:01:33,230 --> 00:01:34,890 You have your account right? 34 00:01:35,000 --> 00:01:37,842 Now do you think when you log into your account, 35 00:01:37,916 --> 00:01:41,086 by the way, Facebook behind the scene running Linux. 36 00:01:41,218 --> 00:01:44,934 So when you log into Facebook and you log into 37 00:01:44,972 --> 00:01:48,534 your user, your email address or password, do you think 38 00:01:48,572 --> 00:01:51,706 that account information is saved in your Linux? 39 00:01:51,898 --> 00:01:55,294 No, it is saved in some kind of database 40 00:01:55,342 --> 00:01:59,530 and that database is communicating with your client. 41 00:01:59,710 --> 00:02:01,434 You are the client on the other side. 42 00:02:01,472 --> 00:02:02,382 So you log in, it 43 00:02:02,396 --> 00:02:05,170 gets authenticated to another machine. 44 00:02:05,230 --> 00:02:07,506 It's not a Linux local account. 45 00:02:07,628 --> 00:02:09,918 It's some kind of Active Directory or 46 00:02:09,943 --> 00:02:11,526 directory services that they are running. 47 00:02:11,588 --> 00:02:13,338 It gets authenticated and that's how 48 00:02:13,364 --> 00:02:15,380 you are able to log in. 49 00:02:15,890 --> 00:02:18,822 Same way in Windows, it works with Active Directory and 50 00:02:18,896 --> 00:02:23,530 used and built by Microsoft. Then we have IDM. 51 00:02:23,530 --> 00:02:25,878 Now, okay, so Active Directory is 52 00:02:25,904 --> 00:02:27,658 used in Windows environment. 53 00:02:27,694 --> 00:02:28,726 What about Linux? 54 00:02:28,858 --> 00:02:30,822 Well, not to worry about it. 55 00:02:30,956 --> 00:02:33,618 Redhat, which is as I explained before, 56 00:02:33,704 --> 00:02:37,278 is corporate level, operating system enterprise level. 57 00:02:37,424 --> 00:02:38,922 They have to come up with something 58 00:02:38,996 --> 00:02:41,698 else too to maintain their users. 59 00:02:41,794 --> 00:02:43,362 Now, Imran, you just said that you 60 00:02:43,376 --> 00:02:45,226 don't really need users in Linux. 61 00:02:45,298 --> 00:02:47,754 Then why do we need IDM? I said that. 62 00:02:47,792 --> 00:02:49,518 But what about the bigger companies? 63 00:02:49,664 --> 00:02:51,802 What about those companies who have like let's 64 00:02:51,826 --> 00:02:54,390 say 100 system administrators working for them? 65 00:02:54,500 --> 00:02:57,874 Then of course you wanted to create user accounts 66 00:02:57,922 --> 00:03:01,602 on a separate Active Directory type of way, right? 67 00:03:01,736 --> 00:03:05,658 So for that, Redhat built this product called 68 00:03:05,744 --> 00:03:12,030 IDM, which is also an abbreviation for Identity Manager. 69 00:03:12,030 --> 00:03:15,982 This is, is it available in CentOS? 70 00:03:16,066 --> 00:03:18,570 I think it is, but I'm not 100% sure. 71 00:03:18,620 --> 00:03:19,940 But I'll look it up. 72 00:03:20,270 --> 00:03:22,906 So it is definitely available in Redhat. 73 00:03:22,978 --> 00:03:25,730 Now also another thing that some of the 74 00:03:25,730 --> 00:03:31,338 Identity Manager features are available in CentOS 75 00:03:31,364 --> 00:03:34,578 that I know, but a complete product? 76 00:03:34,664 --> 00:03:36,126 I'm not 100% sure. 77 00:03:36,248 --> 00:03:38,514 Anyway, look it up, google it 78 00:03:38,612 --> 00:03:41,202 and see how Identity Manager works. 79 00:03:41,396 --> 00:03:43,390 Then we have WinBIND. 80 00:03:43,510 --> 00:03:45,394 Now, what is a WinBIND? 81 00:03:45,562 --> 00:03:47,190 Is that a directory service? 82 00:03:47,360 --> 00:03:48,802 Is that a some kind of directory 83 00:03:48,886 --> 00:03:51,078 out there that's called WinBIND? No. 84 00:03:51,224 --> 00:03:54,042 So what happened is, Samba, you guys 85 00:03:54,176 --> 00:03:56,060 probably have heard of Samba, right? 86 00:03:56,060 --> 00:04:01,698 Samba came up with this add on feature or 87 00:04:01,724 --> 00:04:05,830 you call a component in Linux that allows Linux 88 00:04:05,890 --> 00:04:10,230 users to get authenticated against Windows Active Directory. 89 00:04:11,570 --> 00:04:12,738 What did I just say? 90 00:04:12,824 --> 00:04:16,553 Okay, I'll explain it in a simpler way. 91 00:04:16,712 --> 00:04:19,769 If you have Active Directory users and they 92 00:04:19,820 --> 00:04:23,374 wanted to log into Linux machine, they cannot. 93 00:04:23,541 --> 00:04:26,014 Because Windows only talk to Windows. 94 00:04:26,182 --> 00:04:28,714 So how can I log into Linux machine? 95 00:04:28,882 --> 00:04:31,280 Well, then you need some kind of 96 00:04:31,610 --> 00:04:33,942 a communicator, a messenger in the middle. 97 00:04:34,076 --> 00:04:36,826 So Samba, of course, it's open source. 98 00:04:36,958 --> 00:04:42,034 Samba created this product called WinBIND which allows 99 00:04:42,202 --> 00:04:45,774 Windows users or Windows Active Directory users to 100 00:04:45,812 --> 00:04:50,610 log into Linux machines using WinBIND. How does it work? 101 00:04:50,660 --> 00:04:53,514 You could just go into your Linux machine, you 102 00:04:53,552 --> 00:04:57,078 install, download WinBIND, and configure it, and there 103 00:04:57,104 --> 00:04:59,010 are a few things that you have to make 104 00:04:59,060 --> 00:05:01,470 changes to your machine, and it will start getting 105 00:05:01,520 --> 00:05:03,442 authenticated to the Active Directory. 106 00:05:03,526 --> 00:05:05,226 Is it a long process? No, it's not. 107 00:05:05,288 --> 00:05:07,362 If you read the documentation, there are so 108 00:05:07,376 --> 00:05:10,914 many documentation online that you could use to 109 00:05:10,952 --> 00:05:13,654 configure your Linux machine to get WinBIND 110 00:05:13,702 --> 00:05:16,750 working that will get authenticated for your users 111 00:05:16,810 --> 00:05:18,630 from Active Directory to Microsoft. 112 00:05:19,310 --> 00:05:23,194 Then we have OpenLDAP. LDAP, 113 00:05:23,242 --> 00:05:25,018 I know, what is OpenLDAP. 114 00:05:25,114 --> 00:05:26,490 Now you guys need to make 115 00:05:26,540 --> 00:05:30,102 a difference between LDAP and OpenLDAP. Once again 116 00:05:30,176 --> 00:05:31,374 I'm going to say that again 117 00:05:31,472 --> 00:05:34,482 LDAP is a protocol. Again, 118 00:05:34,556 --> 00:05:38,806 It stands for Lightweight Directory Access Protocol. 119 00:05:38,998 --> 00:05:41,934 But in Linux, we need some 120 00:05:41,972 --> 00:05:44,194 kind of open source OpenLDAP. 121 00:05:44,242 --> 00:05:49,122 Because IBM is a product by Redhat that you need to buy. 122 00:05:49,256 --> 00:05:51,378 What if I don't want to buy it? 123 00:05:51,524 --> 00:05:53,070 What if I just wanted to test it? 124 00:05:53,120 --> 00:05:56,686 Then there is a product called OpenLDAP. 125 00:05:56,758 --> 00:05:58,494 You could simply download and 126 00:05:58,532 --> 00:06:01,510 install or yum install openldap. 127 00:06:01,630 --> 00:06:04,990 By the way, I will cover OpenLDAP 128 00:06:05,050 --> 00:06:08,480 installation in Linux in my module seven. 129 00:06:08,810 --> 00:06:11,178 Because in module seven we are going 130 00:06:11,204 --> 00:06:14,334 to enable Linux for Internet access. 131 00:06:14,432 --> 00:06:16,338 And that's how we will download all the 132 00:06:16,364 --> 00:06:19,074 packages, we'll do package management, all that stuff. 133 00:06:19,172 --> 00:06:23,746 So I have put this OpenLDAP lesson in that module. 134 00:06:23,878 --> 00:06:27,826 So remember, if you need to come back to this lesson 135 00:06:27,898 --> 00:06:31,686 to relate to that module seven lesson, you could do that. 136 00:06:31,808 --> 00:06:35,994 So again, going back to my point, OpenLDAP is a 137 00:06:36,032 --> 00:06:40,078 directory services just like Active Directory, just like IBM. 138 00:06:40,174 --> 00:06:44,034 It's open source and it is specifically used 139 00:06:44,132 --> 00:06:46,410 for Linux or Unix type of environment. 140 00:06:47,630 --> 00:06:50,346 Then we have IBM Directory Server. 141 00:06:50,528 --> 00:06:54,210 So there is a product by IBM. 142 00:06:54,830 --> 00:06:57,894 It's their own proprietary product, which 143 00:06:57,932 --> 00:06:59,540 they sell to the customers. 144 00:06:59,870 --> 00:07:03,930 So if your company is looking to buy or 145 00:07:03,980 --> 00:07:07,350 looking to implement a directory services to your environment, 146 00:07:07,730 --> 00:07:10,110 you could also look into the IBM. 147 00:07:10,110 --> 00:07:14,178 I never heard, I never used IBM before, but I 148 00:07:14,204 --> 00:07:15,978 heard many good things about it. 149 00:07:16,004 --> 00:07:18,260 So you could try it, look it up online. 150 00:07:19,010 --> 00:07:22,362 Also there's another one, JumpCloud, which is also 151 00:07:22,436 --> 00:07:24,714 serves as a directory, as a service. 152 00:07:24,812 --> 00:07:29,374 You can look it up, and at the end I put it in LDAP. 153 00:07:29,542 --> 00:07:32,166 I am re-emphasizing right here, guys. 154 00:07:32,228 --> 00:07:33,954 LDAP is not a directory service. 155 00:07:33,992 --> 00:07:34,954 It's just a protocol. 156 00:07:35,002 --> 00:07:36,774 So don't confuse that. 157 00:07:36,812 --> 00:07:40,006 It stands for Lightweight Directory Access Protocol. 158 00:07:40,198 --> 00:07:44,086 If you are downloading any of the above directory 159 00:07:44,278 --> 00:07:47,254 service or directory structure in your Linux or Windows, 160 00:07:47,302 --> 00:07:50,178 you need a protocol to communicate to it, 161 00:07:50,204 --> 00:07:52,890 and that protocol is called LDAP. 162 00:07:53,750 --> 00:07:58,110 So once again, I'm going to add that I 163 00:07:58,160 --> 00:08:01,806 will be installing OpenLDAP in my module seven. 164 00:08:01,928 --> 00:08:05,962 So right now you could just wait on it or make a note. 165 00:08:06,046 --> 00:08:09,238 And once you get to module seven, then you'll 166 00:08:09,274 --> 00:08:13,170 see the OpenLDAP installation, download and installation. 167 00:08:14,210 --> 00:08:17,838 So anyway, hopefully this has cleared up a 168 00:08:17,864 --> 00:08:22,014 lot of confusion for those people who actually 169 00:08:22,014 --> 00:08:27,154 are confusing Active Directory, LDAP, OpenLDAP, and WinBIND, and IBM. 170 00:08:27,262 --> 00:08:29,094 If you have any questions, of course feel free 171 00:08:29,132 --> 00:08:31,194 to send me an email or message me. 172 00:08:31,352 --> 00:08:32,717 I'm always here to help. 173 00:08:32,717 --> 00:08:34,070 [No audio]