List of Figures

Chapter 1: The LDAP Protocol

Exhibit 1: A Typical Directory Listing

Exhibit 2: Hierarchical Structure of DNS

Exhibit 3: The TCP/IP Protocol Stack

Exhibit 4: The OSI Protocol Stack

Exhibit 5: Gateway to Access an X.500 Server

Exhibit 6: LDAP Server in a Pure TCP/IP Environment

Exhibit 7: Protocol Operations

Exhibit 8: Conversation between LDAP Client and Server

Exhibit 9: Multiple Responses to One Client Request

Chapter 2: LDAP Basics

Exhibit 1: Example Directory Tree

Exhibit 2: Adding the "organization" Entry with Idapmodify

Exhibit 3: Adding the "organizationUnit" Entry with Idapmodify

Exhibit 4: Adding Three Other "organizationUnit" Entries with Idapmodify

Exhibit 5: Searching the Directory

Exhibit 6: Adding the "inetOrgPerson" Entry with ldapmodify

Exhibit 7: Searching for All Classes of Type "organizationalUnit"

Exhibit 8: Searching for All Classes of Type "person"

Exhibit 9: Input File for Idapmodify

Exhibit 10: Execution of Idapmodify with Input from a File

Exhibit 11: More Instructions for ldapmodify

Exhibit 12: Execution of Idapmodify Using the Instructions from the File in Exhibit 11 in the Idapmodify Command

Exhibit 13: Simple Perl Script to Modify the Enterprise Name

Exhibit 14: Limited Output with Idapsearch

Exhibit 15: A Simple Query Filter

Exhibit 16: A Somewhat More Complicated Query

Exhibit 17: Search with Query Filter

Exhibit 18: A More Complete Example of Search

Exhibit 19: A Search against a Remote Directory Server

Exhibit 20: Base URL via Web Browser

Exhibit 21: Human Resources DN via Web Browser

Exhibit 22: InetOrgPerson Entry via Web Browser

Chapter 3: LDAP Models

Exhibit 1: Example of Entries

Exhibit 2: Relationship between Entries and Attributes

Exhibit 3: Object-Class Definition for top and organizationalUnit

Exhibit 4: Object-Class Description from RFC 2252

Exhibit 5: Example of Object-Class Definition, objectClass Top

Exhibit 6: Example of Object-Class Definition, objectClass Person

Exhibit 7: Example of Object-Class Definition, Object Class "organizationalPerson"

Exhibit 8: Example of Object-Class Definition, objectClass InetOrgPerson

Exhibit 9: Examples of Attribute Definitions from RFC 2256

Exhibit 10: Attribute-Type Description from RFC 2252

Exhibit 11: Attribute Usage from RFC 2252

Exhibit 12: Examples of Most Frequently Used Attributes of Type "distributedOperations" and "dsaOperations"

Exhibit 13: Examples of Most Frequently Used Attributes Matching Rules

Exhibit 14: The Most Frequently Used Syntaxes with Their Shorthand Names

Exhibit 15: Example of Syntaxes from RFC 2252

Exhibit 16: Example of a Directory Information Tree

Exhibit 17: Example of a Flat Directory Information Tree

Exhibit 18: Example of a More-Complicated Directory Information Tree

Exhibit 19: Example of a Not-Allowed Directory Structure

Exhibit 20: Example of Directory Distributed on Two Servers

Exhibit 21: Example of Directory Distributed on Two Servers with a Referral from Server 1 to Server 2

Exhibit 22: How the Client Sees a Referral

Exhibit 23: How the Client Sees a Referral (Same as Exhibit 22) Using Chaining

Exhibit 24: Prohibited Characters and Associated Escape Sequence for Use in Distinguished Names

Exhibit 25: Distinguished-Name Syntax from RFC 2253, "Lightweight Directory Access Protocol (v3)- UTF-8 String Representation of Distinguished Names"

Exhibit 26: Search, scope = baseObject

Exhibit 27: Search, scope = singleLevel

Exhibit 28: Search, scope = wholeSubtree

Exhibit 29: ModifyDN Name, the Hierarchy Remains the Same

Exhibit 30: ModifyDN Name, the Hierarchy Is Modified

Exhibit 31: ModifyDN Name, as in Exhibit 30, but Keeping the Old RDN

Exhibit 32: ModifyDN Name, Modify Hierarchy, and Change RDN

Chapter 4: LDAP: Some Practical Details

Exhibit 1: Example of Search, Scope Set to SUBTREE

Exhibit 2: Example of Search, Scope Set to ONELEVEL

Exhibit 3: Example of Search, Scope Set to BASE

Exhibit 4: LDAP Search Filters

Exhibit 5: Characters with Their ASCII Values and Escape Sequences

Exhibit 6: Attribute Definitions Using the slapd.conf Schema Format

Exhibit 7: Attribute Definitions Using slapd.conf Schema Format; Excerpt from OpenLDAP Manual Page

Exhibit 8: A Few Object Definitions Using the slapd.conf Schema Format

Exhibit 9: Attribute Definitions Using slapd.conf Schema Format; Excerpt from OpenLDAP Manual Page

Exhibit 10: Typical Attribute-Type Definitions Using LDAP (v3) Schema Format

Exhibit 11: Typical Object-Class Definitions Using LDAP (v3) Schema Format

Exhibit 12: Perl Script Dumping out the Schema

Exhibit 13: Perl Script Printing the Object Classes

Exhibit 14: Perl Script Printing the Matching Rules

Exhibit 15: Example of Matching Rules

Exhibit 16: Perl Script Printing the Syntaxes

Exhibit 17: Example of Syntaxes

Exhibit 18: A Piece of the Example Directory in LDIF Format

Exhibit 19: Example of LDIF File with Change Description

Exhibit 20: Formal Definition of LDIF File- Description of Entries

Exhibit 21: LDIF File with a Record Containing a Folded-Attribute Value (Example Copied from RFC 2849)

Exhibit 22: LDIF File with a Record Containing a Base-64-Encoded Attribute Value

Exhibit 23: LDIF File with a Record Including a File Containing the Attribute Value

Exhibit 24: Perl Function that Produces LDIF Output to Add an Entry into the Directory

Exhibit 25: Main Perl Function to Produce LDIF Output

Exhibit 26: Prohibited Characters in LDAP URLs and Their Escape Sequences

Chapter 5: Distributed Architectures

Exhibit 1: Partitioning of a Directory

Exhibit 2: Directory Divided into Three Partitions

Exhibit 3: A Main Server with Three Organizational Units on Different Partitions

Exhibit 4: Example of an Illegal Partition

Exhibit 5: Example of Illegal Partition, Ancestor Missing

Exhibit 6: New Location in United States Will Need a New Directory Server

Exhibit 7: Search Command to Find Entry on Server A- Its Output

Exhibit 8: Output from Search Command against Host B

Exhibit 9: Java Program following Referrals

Exhibit 10: Chaining Client Requests

Exhibit 11: Simple Master-Slave Replication

Exhibit 12: Simple Master-Slave Replication between Subnets

Exhibit 13: Cascading Replication

Exhibit 14: Supplier Server with Several Consumer Servers in Different Subnets

Exhibit 15: Two Servers Sharing One Directory

Exhibit 16: LDAP Load Balancing Using DNS

Exhibit 17: LDAP Gateway

Exhibit 18: LDAP Proxy

Exhibit 19: Connecting Different Repositories

Exhibit 20: Example of Search Request in DSML

Exhibit 21: Example of Search Result in DSML

Exhibit 22: Example of Adding an Entry in DSML- Request

Exhibit 23: Example of Adding an Entry in DSML- Response

Chapter 6: LDAP APIs

Exhibit 1: Syntax of ldapmodify with Frequently Used Parameters

Exhibit 2: Example of ldapmodify- Add an Entry

Exhibit 3: Example of ldapmodify- Delete an Entry

Exhibit 4: Example of Script Preparing the Input File for ldapmodify

Exhibit 5: Syntax of "ldapsearch" Function

Exhibit 6: Example Shell that Looks Up in the Directory and Generates Unique Distinguished Names

Exhibit 7: Group Generation Script- Part One, Searching

Exhibit 8: Group Generation Script- Part Two, Creating Groups

Exhibit 9: Group Generation Script- Part Two, PrintGroup Function

Exhibit 10: Group Generation Script- Part Two, PrintUserList Function

Exhibit 11: Typical LDAP Program Flow

Exhibit 12: Typical Query Program Flow

Exhibit 13: Example of php Script

Exhibit 14: Call of LDAP Interpreter Inside a php Script on UNIX

Exhibit 15: Simple Example of Connect, Bind, Search, and Unbind

Exhibit 16: Bind with Distinct Name and Password

Exhibit 17: Example of Authentication

Exhibit 18: Entry for a Person

Exhibit 19: Code Example for Two Binds

Exhibit 20: Entry of objectclass inetOrgPerson to be Changed

Exhibit 21: Little Example with ldap_compare

Exhibit 22: Use of Result Set After Query

Exhibit 23: Example of Iteration through the Result Set

Exhibit 24: Example for ldap_add Function

Exhibit 25: Example of ldap_delete Function

Exhibit 26: Example of ldap_mod_add- Add an Attribute

Exhibit 27: Example of ldap_mod_replace- Modify an Attribute

Exhibit 28: Example of ldap_mod_del- Delete an Attribute

Exhibit 29: Our First Perl LDAP Program

Exhibit 30: Example of Authentication Using DN and Password

Exhibit 31: Example of Search Method

Exhibit 32: New Entry Creating a New Entry Object

Exhibit 33: New Entry Using the Add Method

Exhibit 34: Delete an Entry

Exhibit 35: Example Modifying Entries

Exhibit 36: Further Possibility to Modify an Entry

Exhibit 37: Modify the Distinguished Name

Exhibit 38: Exploring the Schema

Exhibit 39: Using Callbacks

Exhibit 40: Callback for Exhibit 39

Exhibit 41: Example Using the Entry Object

Exhibit 42: Example Using the Entry Object and the Get Method

Exhibit 43: Schema Exploring

Exhibit 44: Dump Method

Exhibit 45: Dumping a Single Entry

Exhibit 46: Example Makefile Using LDAP and C

Exhibit 47: Our First LDAP Program in C

Exhibit 48: LDAP Search Tool in C- Get the Switches

Exhibit 49: LDAP Search Tool in C- Get the Filter

Exhibit 50: LDAP Search Tool in C- Binding to the Server

Exhibit 51: LDAP Search Tool in C- Alternate Bind Function Call

Exhibit 52: LDAP Search Tool in C- Executing the Search

Exhibit 53: LDAP-C Iterating through the Result Set

Exhibit 54: LDAP-C Iterating through the Result Set - Version2

Exhibit 55: Your First LDAP Program in Java

Exhibit 56: Cloning a Connection

Exhibit 57: Search Method

Exhibit 58: Compare Method

Exhibit 59: Playing Around with the Result Set

Exhibit 60: Using Constraints with the LDAP Java SDK

Exhibit 61: Adding an Entry to the Directory with Java

Exhibit 62: Deleting an Entry to the Directory with Java

Exhibit 63: Modifying Entries in the Directory with Java

Exhibit 64: Renaming an Entry Leaving Its Ancestor Unvaried

Exhibit 65: Renaming an Entry Moving It in the Hierarchy

Exhibit 66: Java, LDAPUrl Constructor Using URL

Exhibit 67: Java, LDAPUrl Constructor Using Single URL Components

Exhibit 68: JNDI Architecture

Exhibit 69: First JNDI Program

Chapter 7: LDAP Directory-Server Administration

Exhibit 1: Example of OpenLDAP Configure Script-

Exhibit 2: Welcome Mask to SUN ONE

Exhibit 3: License Agreement for SUN ONE Directory Server

Exhibit 4: Choosing the Type of Installation

Exhibit 5: Choosing the Software Location

Exhibit 6: Choosing the Software to Install

Exhibit 7: Choosing the Configuration Server

Exhibit 8: Directory Server Settings

Exhibit 9: UserId and Password of the "Directory Manager"

Exhibit 10: Choose the Administration Port

Exhibit 11: Last Confirmation before Software Installation

Exhibit 12: SSL/TLS Layer between the TCP/IP Stack and the Application Layer

Exhibit 13: Log-File Rotation Script for UNIX

Exhibit 14: Example of a Start/Stop Script for UNIX

Exhibit 15: Configuration File for Start/Stop Script

Exhibit 16: Example of LDAP Server Log File

Exhibit 17: Example Perl Script of Log File Analysis

Exhibit 18: Examples of Function to Prepare and Produce Statistics

Exhibit 19: User Management in a Standard UNIX Operating System

Exhibit 20: User Management Using LDAP

Exhibit 21: Pluggable Authentication Module

Chapter 8: LDAP and Web Services

Exhibit 1: HTML Page Produced by Simple LDAP URL

Exhibit 2: Client-Server Implementation Using CGI Scripts

Exhibit 3: HTTP 2 LDAP Gateway

Exhibit 4: php Script for LDAP Authentication

Exhibit 5: Architecture of LDAP-Handled Web Site

Exhibit 6: DIT of Web Site Directory

Exhibit 7: Web Server Speaking with an LDAP Server

Exhibit 8: Architecture of HttpLdap Gateway (Developed by Jon Roberts, Mentata Systems.)

Exhibit 9: Architecture of the LDAP Application Broker

Chapter 9: The Design of Directory Services

Exhibit 1: Directory Life Cycle

Exhibit 2: Activities in the Planning Phase

Exhibit 3: Overview of the Directory-Design Process

Exhibit 4: Matrix for Data-Design Process

Exhibit 5: Mapping between Applications and Application Owner

Exhibit 6: Organization of ldap_abc with Two Partitions, One for Human Resources and One for Accounting

Exhibit 7: Example of an Invalid Partition