An Introduction to the LDAP
http://www.danscomputersystems.com/articles/1129/1/An-Introduction-to-the-LDAP/Page1.html
Peter Garant
Peter Garant is writing articles about Widescreen ( <a href="http://www.tech-faq.com/widescreen.shtml" title="http://www.tech-faq.com/widescreen.shtml" target="_blank">http://www.tech-faq.com/widescreen.shtml</a> ) and articles about Widescreen TVs ( <a href="http://www.tech-faq.com/widescreen-tv.shtml" title="http://www.tech-faq.com/widescreen-tv.shtml" target="_blank">http://www.tech-faq.com/widescreen-tv.shtml</a> ) for a site about tech news. By Peter Garant
Published on 11/7/2008
Whether it is for arranging or evaluating address books, phone directories or computer data, the LDAP (Light Directory Access Protocol) is the application that most TCIP/IP administrators now use, owing to its flexibility and wide support range
An Overview of the LDAP Tree Structure
Regardless of the data, the LDAP always presents the information in a hierarchical way
Whether it is for arranging or evaluating address books, phone directories or computer data, the LDAP (Light Directory Access Protocol) is the application that most TCIP/IP administrators now use, owing to its flexibility and wide support range.
An Overview of the LDAP Tree Structure
Regardless of the data, the LDAP always presents the information in a hierarchical way. In most cases, the elements of an LDAP directory are called trees, or just a tree. Its contents are referred to as entries, and each one has its own unique properties or values.
Every entry in an LDAP tree has a Distinguished Name (DN). This is made up of the RDN (Relative Distinguished Name) and the DN of the higher level entry. To make it easier to comprehend, one could visualize the DN as the name of a file and the RDN a filename in a folder.
At the top level of the hierarchy is a DNS name. Going into the lower levels there will be the various objects, which, in the case of computer and personnel can represent network elements, computers, end users, or various types of hardware.
How the LDAP Operates
The basic process involves the interaction of an LDAP server and LDAP client. It commences when the client issues a Message ID, to which the server responds with an identical message. The result would include in part a numeric code that indicates whether the query was successful, a failure etc. It should be noted that an LDAP server may return the client with other messages or information requested before the delivery of the response to the initial query.
Some Typical LDAP Functions
StartTLS: the purpose of this function is to set up a secure environment via the Transport Layer Security. It allows for the complete protection of data during transmission. This procedure, in fact, was the precursor to SSL, now used by several online sites.
Bind: this is also known as authenticate, and is used to verify the identity of the client. This can be straightforward (in the Simple Bind the user’s password and Designated Name are sent to the server). The Anonymous Bind on the other hand, works by setting to anonymous the connection. SASL (Simple Authentication and Security Layer) Bind allows for additional checks and verification processes.
Search and Compare: as the name connotes, this LDAP operation is for conducting searches. It has several parameters, and among them are: baseObject, which uses the DN to conduct the search; scope, how wide ranging it will be; filter, similar to the ones used in some spreadsheet and database programs; others are attribute, typesOnly, and sizeLimit and timeLimit.
Abandon: this allows the client to ask the server to abort performance of the requested task.
LDAP Variations
The growing popularity of the LDAP has led to other variants, and additions to its capabilities. Some software now gives it the power to sort through SQL files, and the Unix OS can now put files in LDAP and access it through NSS and PAM.
An Overview of the LDAP Tree Structure
Regardless of the data, the LDAP always presents the information in a hierarchical way. In most cases, the elements of an LDAP directory are called trees, or just a tree. Its contents are referred to as entries, and each one has its own unique properties or values.
Every entry in an LDAP tree has a Distinguished Name (DN). This is made up of the RDN (Relative Distinguished Name) and the DN of the higher level entry. To make it easier to comprehend, one could visualize the DN as the name of a file and the RDN a filename in a folder.
At the top level of the hierarchy is a DNS name. Going into the lower levels there will be the various objects, which, in the case of computer and personnel can represent network elements, computers, end users, or various types of hardware.
How the LDAP Operates
The basic process involves the interaction of an LDAP server and LDAP client. It commences when the client issues a Message ID, to which the server responds with an identical message. The result would include in part a numeric code that indicates whether the query was successful, a failure etc. It should be noted that an LDAP server may return the client with other messages or information requested before the delivery of the response to the initial query.
Some Typical LDAP Functions
StartTLS: the purpose of this function is to set up a secure environment via the Transport Layer Security. It allows for the complete protection of data during transmission. This procedure, in fact, was the precursor to SSL, now used by several online sites.
Bind: this is also known as authenticate, and is used to verify the identity of the client. This can be straightforward (in the Simple Bind the user’s password and Designated Name are sent to the server). The Anonymous Bind on the other hand, works by setting to anonymous the connection. SASL (Simple Authentication and Security Layer) Bind allows for additional checks and verification processes.
Search and Compare: as the name connotes, this LDAP operation is for conducting searches. It has several parameters, and among them are: baseObject, which uses the DN to conduct the search; scope, how wide ranging it will be; filter, similar to the ones used in some spreadsheet and database programs; others are attribute, typesOnly, and sizeLimit and timeLimit.
Abandon: this allows the client to ask the server to abort performance of the requested task.
LDAP Variations
The growing popularity of the LDAP has led to other variants, and additions to its capabilities. Some software now gives it the power to sort through SQL files, and the Unix OS can now put files in LDAP and access it through NSS and PAM.