Skip to content

Quiz: LDAP & Identity Management

← Back to quiz index

3 questions

L0 (1 questions)

1. What is a Distinguished Name (DN) in LDAP, and what are its components?

Show answer A DN is the full path to an entry in the LDAP directory tree, read from most specific to least specific. Example: uid=alice,ou=People,dc=example,dc=com. Components: uid (user ID), ou (Organizational Unit — a container), dc (Domain Component — builds the domain). The RDN (Relative Distinguished Name) is just the entry's own name component (e.g., uid=alice).

L1 (1 questions)

1. Describe the Linux authentication chain from user login to LDAP, naming each component.

Show answer User types password -> PAM (Pluggable Authentication Modules, configured in /etc/pam.d/) handles the authentication flow -> NSS (Name Service Switch, /etc/nsswitch.conf) maps identities (uid to username) -> SSSD (System Security Services Daemon) acts as the cache and backend connector -> LDAP/AD/FreeIPA backend validates credentials and provides identity data. Understanding this chain is essential for debugging login failures.

L2 (1 questions)

1. What do the PAM control flags 'required', 'requisite', 'sufficient', and 'optional' mean, and why does their order matter?

Show answer required: must pass, failure is fatal but continues checking remaining modules. requisite: must pass, failure stops immediately (no more modules checked). sufficient: if it passes, skip remaining modules in this stack (success short-circuits). optional: result only matters if it is the only module. Order matters because a misplaced 'sufficient' can bypass all subsequent security checks, and 'requisite' stops evaluation early.