Table of Contents
LDAP stands for "Lightweight Directory Access Protocol". It is a TCP/IP
implementation of the X.500 DAP/OSI protocol. Note: X.500 = DAP (DAP is just an older, non-standard name). A Directory is just a database that usually follows these properties: - designed for reading more than writing
- offers a static view of the data
- simple updates without transactions
A Directory Service adds a network protocol used to access the
directory, on top of the above. We've all used a directory service in
the past day: DNS! LDAP is defined by RFC 1777 ( http://www.ietf.org/rfc/rfc1777.txt ). Some
common points of the standard are: - a network protocol for accessing information in the directory
- an information model defining the form and character of the
information
- a namespace defining how information is referenced and organized
- an emerging distributed operation model defining how data may be
distributed and referenced
- designed-in extensibility
A Directory holds information. It doesn't matter what type: text,
photos, urls, pointers to whatever, binary data, public key
certificates, etc. (Note here that the particular LDAP server you use
may have limitations.) There are different contexts for a Directory (and Directory Service). - LOCAL - only for a subset of machines/users/etc.
- GLOBAL - can be accessed by anyone
LDAP is a vendor-independent, platform-independent protocol...this means
interconnection is easy! (The Internet, for instance.) Also because of
this same reason, translating from LDAP to another protocol/system is
easy. Currently existing gateways: - LDAP to X.500 (and vice versa)
- HTTP to LDAP
- WHOIS++ to LDAP
- FINGER to LDAP
- E-mail to LDAP
- ODBC to LDAP
- and more!!!
Concrete example:
Address books usually use LDAP to store the book on a centralized
server and then pull down the information when requested. Netscape
Communicator uses this model. (Microsoft Exchange/Outlook does
something similar, but Microsoft hacks the protocol some.) When the user pulls up his/her address book, the request is sent to
the LDAP server. This server then returns each entry in the book in
a standard format, similar to using XML. The Directory is actually a distributed, tree-like structure. Every
entry in the directory has a distinguished name (DN) which uniquely
identifies that entry. The DN can be generated by concatenating the
relative distinguished names (RDNs) of entries higher up in the tree. ROOT
|
---------------------------------
| |
C=US C=GB
--------------------
| |
O=MIT O=GT
-----------------
| |
OU=Classes OU=Clubs
-------------------
| | |
CN=LUG CN=LAX CN=Ultimate If you notice, the RDNs are all of the form> parameter>=> value>. The
idea behind a schema is related in the following flow chart (read it
like a CFG): root := root country
| root locality
| root organization
| (epsilon).
country := locality
| organization.
locality := organizational_unit.
organization := organizational_unit.
organizational_unit := organizational_unit container
| (epsilon).
[Here a container is the base object, holding extremely specific]
[data, like a person's name, a department's budget, etc. ] A really good reference for learning about schemas for use in LDAP can
be found at: http://homes.ukoln.ac.uk/~lisap/ccsap/Directory/Docs/prep.html . OpenLDAP is perhaps the best known due to naming popularity and
similarities. The project consists of a stand-alone LDAP server, a
replication server, and client-application libraries. The latest
version is 2.1.8 as of this writing. Installing and using OpenLDAP is fairly straight-forward. There is a
great online/HTML HOW-TO available from OpenLDAP's site: http://www.openldap.org/doc/ |
Introduction to LDAP 
