Based On The Research And Design Of The Ldap Directory Service Of A Unified Authentication System

Currently, the scale of network users is growing rapidly. Meanwhile, the identification of users is becoming more diversity. Thus a number of key issues arise, such as the management of large scaled network users, user identification information protection. There are many techniques for these issues, and identity authentication system with directory services is one popular solution.Directory refers to information storage location. It organizes information through the systematic approach or the naming space. Directory service is a network service for the identification of all network resources and to enable users/applications to access them. There exists difference between directory and directory service, directory service is not only communication source, is also a service to make information to be accessed by users.X.500 protocol was developed previously by the ITU TELECOM (ITU-T) for directory service technology to uniform industrial standard. It is available to implement directory functions in complex networks. While it is very complex, and the requirement for the client processing ability is very high, thus its promotion and development is restricted. To deal with this fault and according to new requirement about the directory service, the Internet Engineering Task Force (IETF) established a new technical criterion about directory access. It was the Light Directory Access Protocol (LDAP). The LDAP is not a single protocol, but is a cluster of open and scalable directory access protocol. It reduces performance of the X.500 and promotes efficiency about the client, so it recently becomes a popular directory service on the internet.Through analyzed and researched the LDAP, and referred to practical experience about the software project, this thesis puts forward a new whole architecture about uniform identity authentication system. It includes three subsystems, such as directory section, identification management section and authentication section. The architecture exerts fully the action of directory service in information security field. It is a fresh measure for network information security.It first investigates commonly implemented identification authentication and directory services technologies. Then it proposes to establish a directory based on the LDAP service uniform identity authentication system architecture. This architecture is motivated by a successful implementation of the identity authentication system case, and can meet the requirement of the directory service level. The design of the architecture includes system architecture design and function design, it also includes the system integration and synchronization status Single Sign-On design. Other includes assistant function design of the directory system. It can cope with the enterprise directory services for the specific requirements. Finally, the system testing and verification are given.