LDAP

It is a Protocol For accessing the Directories. A directory is similar to a database, The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be OK, as long as they get in sync eventually.

Q. ) What kind of data can a directory hold ???
Ans ) You can put just about anything you want into the directory… Text Photos URLs Pointers to whatever Binary data Public Key Certificates Though, there may be implementation-dependent limitations on the amount of data of a given type you can store.

LDAP is a vendor-independent, open, network PROTOCOL standard and thus is as platform-independent as you can get Another Key Point… Because LDAP is an open standard protocol, writing gateways between it and other protocols or systems is relatively straightforward. These gateways currently exist… LDAP to X.500 and X.500 to LDAP HTTP to LDAP WHOIS++ to LDAP FINGER to LDAP Email to LDAP People are working on… ODBC to LDAP I.e. it supports multi-vendor interoperability — in the same fashion as TCP/IP, SMTP, DNS, and others So, those examples on the previous page could all be being done transparently across a highly heterogeneous network (i.e. the Internet)

Q.) What is the structure of the Directory
Ans) IT is a Hierarchical.

How does LDAP work?
The LDAP client/server protocol is a message-oriented protocol. The client constructs an LDAP message containing a request and sends it to the server. The server processes the request and sends the result(s) back to the client as a series of LDAP messages. Because the LDAP protocol is message-based, it also allows the client to issue multiple requests at once. LDAP has nine basic protocol operations, which can be categorized into operations for interrogation (search, compare), update (add, delete, modify, rename), and authentication and control (bind, unbind, abandon). Version 3 of LDAP is extensible via LDAP extended operations, LDAP controls, and Simple Authentication and Security Layer (SASL) support.

LDAP is basically a specialized database. Some of the characteristics are:

    It consists of entries organized in a hierarchy.
    It favors reading over writing.
    Every entry has a primary key called the Distinguished Name (DN).
    It’s notion of schema is much more flexible than that of a RDBMS.


LDAP lang
LDAP CORE 1. SCHEMA
Schema is a term used to described the type, or kind, of data that you can include in a directory. When you perform your site survey, you generate a lot of information on the data that you want to keep in your directory. Once you have an understanding of what you want to put in your directory, you must decide how to represent it there.

2.ATTRIBUTE
Attributes hold information about a specific descriptive aspect of the entry. Each attribute consists of an attribute type and one or more attribute values. The attribute type identifies the class of information given by that attribute (for example, telephone number). The attribute value is the particular instance of information appearing in that entry (for example, 555-1999). Attributes generally have short, mnemonic names. For example, cn is the abbreviation for commonName. Directory data is represented as attribute-value pairs.

3.OBJECT CLASS
Defines the collection of attributes that can be used to define an entry into the LDAP

4.SYNTAX.(Attribute Syntax )
Each attribute has a corresponding syntax definition.The syntax definition describes the type of information provided by the attribute. Attribute syntax is used by the directory to perform sorting and pattern matching. 5 OID ( Object Identifiers ) An OID is a sequence of integers typically written as a dot separated string. Are assigned to all attributes and object class to confirm to the LDAP and X.500 stnadards. The Netscape base OID is 2.16.840.1.113730 6.Schema Checking Schema checking causes the server to check new enteris to check the following 1.object class and attributes are defined in directory schema 2.attributes required for an object class are contained in the entry 3.only attributes allowed by the object class are contained in the entry

 
LDIF
LDIF, stands for LDAP Data Interchange Format, is a human readable version of the information stored in the directory. LDIF is a standard text-based format for describing directory entries. LDIF allows you to export your directory data and import it into another directory server. There are two different types of LDIF files.
The first form describes a set of directory entries, like your corporate directory. The other type is a series of LDIF update statements that describe changes to be applied to directory entries.

An individual entry expressed in LDIF format consists of two parts
1) distinguished name and
2) a list of attribute values.
The DN must be the first line of the entry while attribute entries can appear in any order. If an LDIF file contains an attribute value or DN that is not ASCII, that value or DN must be encoded in a special format called Base 64 and the attribute type and value are separated by two colons. An individual LDIF update statement consists of a DN, a change type, and possibly a set of modifications.

Leave a response






Your response: