Chapter 1: The LDAP Protocol

 < Day Day Up > 


This chapter has two goals. The first goal is to introduce the basic concepts of the Lightweight Directory Access Protocol (LDAP). To do this, we will have to answer four questions:

  1. What is a directory?

  2. What is a protocol?

  3. What is a Directory Access Protocol (DAP)?

  4. Why is LDAP called a "lightweight" Directory Access Protocol?

The second goal of this first chapter is to introduce some of the terminology you will need to know to work with LDAP. This is important because these terms are used repeatedly throughout this book, and they are part of the everyday vocabulary for someone working in LDAP production. After reading this chapter, you will have a basic understanding of what a Directory Access Protocol is and what it is used for.

The remaining chapters should help you in exploring the details and enable you to begin working with LDAP. After finishing this book you will understand the basics of LDAP and be ready to explore the subject further on your own. Further research will be necessary because LDAP is a work in progress, and at the time of this writing, some aspects of the protocol have not yet been clearly defined. One of these points is replication between directories. We will hear more about replication in Chapter 5, which explains the use of distributed directories. For now, it is enough to know that LDAP is not yet a fully defined protocol. Other aspects of the protocol are still in development, and yet others are not even at the planning stage. For example, the question of transaction management is still open. A transaction is a number of actions that, together, build a single atomic operation. ("Atomic" means that a number of physical operations can he logically considered as one single operation. Or that all single physical operations are completed or none at all.) Transaction management guarantees that the system executes all these steps together or does nothing at all (more about this at the end of this chapter). A banking application example makes this clear. The transfer of money from account A to account B consists of subtracting an amount from account A and adding the same amount to account B. This should be an atomic operation. If one of these actions fails, the other one should not be performed. At the moment, the issue of transaction management is not even on the table, although there are user requirements. A future version of LDAP will likely include transaction management. The Lightweight Directory Access Protocol is a very interesting and dynamic topic, so you will have to stay tuned to keep up with the latest developments.

In this chapter, we first look at what LDAP can do for you. This section introduces the concepts of a "directory" and a "directory server," and it explains the function of each.

In the next section, we begin to develop a more technical understanding of LDAP, which involves a discussion of protocols. We learn what a protocol is and are introduced to protocols relevant to LDAP. As we will see, these protocols and, most importantly, LDAP itself are protocols in the networking environment. We learn how the concepts of networking and internetworking have evolved over time and how LDAP fits into this picture. We then encounter the TCP/IP (Transmission Control Protocol/Internet Protocol) and OSI (Open Systems Interconnection) protocol stacks, which are the foundation for all modern network implementations. The most commonly used directory access protocols are laid on top of one of these two protocol stacks, depending on the operating system. After reading this section, you will understand how a protocol stack works, where a Directory Access Protocol is located, and how the network protocols interact with the DAP. If you are not very interested in these concepts, you can skip this section about protocols entirely and continue at the point where we discuss the LDAP protocol. These protocols are presented here only as background to help you better understand the networking aspects of the LDAP protocol.

Another concept closely linked to LDAP is the "request for comments" (RFC). RFCs are used as a tool for proposing, discussing, and defining standards in the Internet community. Many readers may never have to deal with documents defining the LDAP standards, and they can safely ignore the RFCs and still work with LDAP. However, a basic-knowledge of RFCs is useful for those readers who need to dig more deeply into the details than this book will do.

After this, we finally address the main topic of this book: the Directory Access Protocol. First we look at X.500, also called DAP, which was developed together with the OSI protocol stack. The lightweight counterpart of DAP (LDAP) is a subset of DAP that was developed for use with TCP/IP. Again, it is helpful to understand the basics of OSI and TCP/IP because the concepts of DAP and LDAP are tightly connected to these two protocols. You will see that DAP requires the OSI protocol and that the lightweight version of DAP (LDAP) runs happily atop TCP/IP. The fact that a given protocol stack is required to run DAP or LDAP has a number of implications. A discussion of these will help you understand the need for the lightweight version of DAP.

In the next section we learn what kind of data travels over the network and see what a typical LDAP conversation between client and server looks like.

In the final section, we learn where the data is kept. Up to this point, the discussion has focused on protocols, i.e., how the communication between client and server occurs. Using the LDAP protocol, clients ask a server to perform certain actions. As you will see, the LDAP server performs its actions on data — data maintenance, data administration, and data delivery to the clients. This data clearly has to be stored somewhere, and this "somewhere" is a repository or database. At this point, you might wonder whether it might be better to use a database instead of implementing yet another new technology. The chapter concludes with a brief discussion about the differences between a relational database management system (RDBMS) and a directory accessed via the LDAP protocol.

 < Day Day Up > 

The ABCs of LDAP. How to Install, Run, and Administer LDAP Services
The ABCs of LDAP: How to Install, Run, and Administer LDAP Services
ISBN: 0849313465
EAN: 2147483647
Year: 2003
Pages: 149

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: