A Little Road Map

This section provides an overview of the book so that you can, if you wish, go directly to the chapter of your major interest. I have tried to isolate each chapter as a stand-alone discussion of a particular topic. However, there is inevitably some overlap. For example, if you would like to understand the LDAP API, it is good to have some knowledge of the operations that the LDAP protocol knows about and how the LDAP protocol itself behaves when executing these operations on the server. Wherever possible, I briefly repeat the important information from the relevant chapter. However, this cannot substitute for a deeper discussion of the argument, and in many cases the reader will be referred to another section of the book.

Chapter 1, The LDAP Protocol

This chapter introduces the concept of a directory and a directory server. Because LDAP is a communication protocol, the chapter also provides a brief introduction to protocols, focusing on the TCP/IP protocol stack and how the LDAP protocol fits in the picture. Finally, the chapter explains the LDAP protocol itself.

Chapter 2, LDAP Basics

Here we begin to "play around" using the LDAP command line tools. To try out the examples in this chapter, you need a working LDAP implementation. You can download and use the Sun One LDAP server or the open-source OpenLDAP server, both available for Win32 and UNIX. A good workbench would be Linux with OpenLDAP. Most Linux implementations arrive with a ready-to-use LDAP implementation. In any case, this chapter gives you a number of examples so that you can become somewhat fluent with LDAP.

Chapter 3, LDAP Models

Theory. This chapter gives you the basics to better understand LDAP. LDAP can be described better with the help of four models: the information model, the naming model, the functional model, and the security model. The information model describes how LDAP holds the information. The naming model shows how LDAP organizes this information using a naming convention. The functional model defines the operations the LDAP protocol knows about. And the security model shows how to control access to the information held in the directory.

Chapter 4, LDAP: Some Practical Details

The previous chapter described the underlying theory and standards of LDAP. This chapter addresses the practical details of implementation. It helps you explore by yourself the points previously shown. It goes into details of the search process in a directory, explaining what a search filter is and what it should look like. It speaks in greater detail about the schema of the directory, how to explore it, and how to extend the standard schemas. It also shows how to speed up your directory server with indices and shows more details about the import/export format of LDAP directories.

Chapter 5, Distributed Architectures

This chapter addresses the issues of replication and partitioning. Replication mirrors all or one part of the directory on another directory server. Partitioning allows you to distribute your directory over several servers. Both methods can be combined to facilitate load balancing while ensuring the availability of directory services.

Chapter 6, LDAP APIs

This is another chapter focusing on practical issues. We speak about APIs. For nearly every programming language, there is an API implementing the operations defined by the LDAP protocol. In this chapter, we have a look at the most prominent APIs. We speak in this context also about the command-line tools as an LDAP client distributed with nearly every LDAP implementation. You can write your own. Because the OpenLDAP implementation is shipped with the command-line tools in source code, you can have a look at how these are implemented and change them to fit your personal taste and needs.

Chapter 7, LDAP Directory-Server Administration

This chapter discusses the fundamentals of LDAP administration. Here you will see the activities involved in maintaining an LDAP implementation.

Chapter 8, LDAP and Web Services

Here we see how LDAP fits into your existing environment. It shows you how to integrate it into your UNIX environment, i.e., how you can define users, groups, and other system information in LDAP instead of traditional UNIX files. It also shows you how the Microsoft world can be integrated and how you can Web-enable your LDAP server.

Chapter 9, The Design of Directory Services

The concluding chapter briefly reviews how to design a directory. This chapter provides only an introduction into the design of a directory, which is a very complex activity and requires a certain level of experience. The design hints suggested here should reduce the probability of making a catastrophic design error. A project can recover from smaller design errors, which happen even to experienced specialists.