LDAP: Is This a Protocol?

In Chapter 1, we learned that LDAP is the abbreviation for Lightweight Directory Access Protocol. Until now, however, it did not matter that it is a network protocol. You should not need to pay attention to that fact unless you are using a directory server installed on a remote machine. If you are using a directory server such as this, you will need to jump from the beginning of this chapter to here. I will explain to you how you have to proceed in order to try out the examples. You have to specify on which computer the directory server is running. You do so using the -h <computername> switch. Exhibit 19 shows you how to do this. In this example, you need to assume that the directory server is running on a computer named "1dap2.co.uk." With this knowledge, you can execute all exercises that we have had up until now as if they were running on the local computer. Now let us discuss the LDAP protocol.

 ldapsearch -h ldap2.co.uk -p 389 -LLL -b "LdapAbc.org" "(sn=Vogl*)" cn sn mail dn: uid=RVoglmaier, ou=IT, o=LdapAbc.org cn: Reinhard E. Voglmaier cn: Reinhard Erich Voglmaier cn: Reinhard Voglmaier givenname: Reinhard Erich sn: Voglmaier mail: RVoglmaier@LdapAbc.org dn: uid=KVogl, ou=Research, o=LdapAbc.org cn: Kurt Vogl sn: Vogl mail: KVogl@LdapAbc.org 

The LDAP protocol runs over TCP/IP (Transmission Control Protocol/Internet Protocol), and the command-line tools are no more than small client applications. Of course, the client application has to be installed on your system, and it is the client application that imposes the syntax of the commands entered by the user. The client application then speaks with the directory server using the standard LDAP protocol.

To speak with a directory server located on the remote machine http://ldap2.co.uk, you simply have to specify the host in the command-line tool. On my implementation (OpenLDAP), the -h switch specifies the host where LDAP is running. Exhibit 19 shows the transaction.

In this example, I have also specified the port number for the directory server. This is not necessary unless the server runs on a nonstandard port, such as might occur if you have an administration server and a data server. The administration server might run on a different port than the data server, improving the performance of the data server by freeing it from administration traffic. The administration server also could be shut down when not in use and restarted only when it had work to do.