Understanding LDAP

Previous page
Table of content
Next page

Lightweight Directory Access Protocol (LDAP) was conceived as a simplified interface to X.500 directories. Today, LDAP is an interface to all sorts of proprietary directory services, including Microsoft Exchange and Novell, and is a directory server protocol in its own right.

LDAP is a protocol that allows organizations to store and access directory-style information. For example, developers can build a central store of contact lists, user authentication, and security policies. This repository might form the basis of a single login for a myriad of different services, such as Novell's NDS, Lotus Notes, Windows Active Directory, and more. Because LDAP is an Internet standard, client programs and applications can be built to common specifications to hook into the directory's information repository. <cfldap> is the tag in ColdFusion that lets developers communicate with any LDAP interface.

A directory is similar to a database but contains more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. As a result, directories don't normally implement the complicated transaction schemes that regular databases use for high-volume, complex updates. LDAP updates typically are simple all-or-nothing changes. Directories are tuned to give quick response to high-volume lookup and search operations.

The LDAP directory data model is based on collections of attributes called entries. The unique reference to an entry is called a distinguished name (DN). Each of the entry's attributes has a type and one or more values. The types are typically mnemonic strings, such as "cn" for common name and "mail" for email address. The values depend on the type of attribute it is. For example, a mail attribute might contain the value "ben@forta.com".

LDAP directory entries are arranged in a treelike structure. Entries representing countries appear at the top of the tree. Below them are entries representing organizations. Further down the branch, you might find entries representing people, organizational units, printers, documents, and just about anything else you can think of.

Through the use of a special LDAP attribute called an objectclass, you can control which attributes are required and allowed in an entry. The values of the objectclass attribute determine the directory schema rules to which the entry must adhere.

An entry is referenced by its distinguished name, which is constructed by concatenating the name of the entry itself (called the relative distinguished name, or RDN) and the names of its ancestor entries.


Previous page
Table of content
Next page
Macromedia ColdFusion MX 7 Certified Developer Study Guide
Macromedia ColdFusion MX 7 Certified Developer Study Guide
ISBN: 0321330110
EAN: 2147483647
Year: 2004
Pages: 389
Authors: Ben Forta
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Lotus Notes and Domino 6 Development (2nd Edition)
Programming Microsoft ASP.NET 3.5
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy