Understanding LDAP

Previous page
Table of content
Next page

LDAP lets people create directories of information that can be shared among client applications over a network. It is particularly geared toward applications that are used to look up information that is fairly stable over and over again (in other words, information that's being looked at more than it's being changed). That's why LDAP is popular for uses like storing information about people, addresses, and other kinds of data that may require high access with relatively few changes.

Because of LDAP's extraordinarily flexible design, as an LDAP developer or administrator you have a lot of control over:

  • How the information in the directories is organized.

  • How and by whom information can be accessed.

  • The scale, local to global, by which information is distributed. (Information can be replicated to other servers at any scale you choose and synced up automatically.)

Despite its flexibility, however, you don't have to begin designing each directory you create from scratch. LDAP has many predefined structures of information you can rely on to build your LDAP directories. Those data structures are defined in several different standards documents referred to as RFCs (Request for Comments). There are RFCs for almost every aspect of the Internet protocols and related application services. Important RFCs for LDAP definitions include:

  • RFC 2252 - Defines the framework for LDAP.

  • RFC 2256 - Defines the X.500 user schema for LDAPv3.

  • RFCs 1274, 2079, 2247, 2307, 2587, 2589 - Define specifications for including user attributes, Uniform Resource Identifiers, domain names , NIS data, public key infrastructure (PKI), and dynamic directory services in LDAP directories.

The documents on which these RFCs are based include the CCITT X.500 standard and the related ISO IS9594 directory services standards. In particular, X.521 and X.520 define some of the most basic object classes and attribute types.

Keep in mind, however, that these standards provide guidelines. When you put together your own LDAP directory, your OpenLDAP server will have to deal directly with the schemas that implement those standards on the OpenLDAP server.

Tip 

Microsoft's Active Directory (AD) is often touted as an "LDAP-based" entity, giving some users high hopes of integrating OpenLDAP and AD. While it is possible to exchange information between AD and OpenLDAP, setting this up requires a lot of patience and skill. Unless you must interoperate with AD, a better path for supporting Windows clients is through the use of OpenLDAP and Samba. Check out the Samba-OpenLDAP How-to at www. idealx .com/downloads/samba3-ldap-howto.pdf for more information about this kind of configuration.



Previous page
Table of content
Next page
Fedora 6 and Red Hat Enterprise Linux Bible
Fedora 6 and Red Hat Enterprise Linux Bible
ISBN: 047008278X
EAN: 2147483647
Year: 2007
Pages: 279
Authors: Christopher Negus
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
High-Speed Signal Propagation[c] Advanced Black Magic
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
The CISSP and CAP Prep Guide: Platinum Edition
Mastering Delphi 7
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy