LDAP

From CSE330 Wiki

Jump to: navigation, search

[edit] LDAP

This information is based on Michael Yee's [excellent introduction] and IBM Redbook [Understanding LDAP - Design and Implementation ]

LDAP addresses needs of the organizations made up of organizational units. Lets assume a fictional company has two organization units and there are users in each organizational unit. The organizational chart of this company could be like the following: Image:ldap1.gif

In this case, the company example.com is the organization and it has two organizational units, IT and Sales. Furthermore, there are two employees associated with IT and three employees associated with Sales.

Each node in this tree is actually an entry for your LDAP service. Entries will have a unique identifier. This identifier is called distinguished name (dn) and usually contains hierarchical information for that node. Each node also has some attributes. Depending on the type of attribute, you may have one or more values. The attributes can be binary (bin), case exact string (ces), case ignore string (cis), telephone number (tel), distinguished name (dn), time, postal atddress etc. Common attributes are cn: common name, sn: surname, telephoneNumber,ou: organizational unit etc. You can put constraints on the objects (such as size). Furthermore, entries are represented as objects. The advantage of this approach is, you can derive new entry classes from other object definitions. 


Lets say the organization is represented by two domain component, (dc). Then, your node will have two attribute for dc, i.e., dc=example,dc=com. Then you can use these attributes as your  unique dn 

dn: dc=example,dc=com

Similarly dn of IT unit will be 


  dn: ou=IT, dc=example,dc=com

Finally, the nodes for each employee belonging to IT will have following dns 

  dn: cn=Michael Yee, ou=IT, dc=example,dc=com
  dn: cn=Rick Francis, ou=IT, dc=example,dc=com

Image:ldap2.gif

Remember that each entry is actually an object, and as an object, they have classes and some other attributes:

Image:ldap3.gif

For example, the leaf entry for Jennifer Jones belongs to the class on person and common name attribute have three different aliases for this person.

[edit] LDIF

LDAP information is stored in a text file called LDIF. It is basically the representation of the above chart: 

# File: ldif00.ldif

# Root node
dn: dc=example,dc=com
objectclass: organization
objectclass: dcObject
o: example.com
dc: example.com

# The IT branch node
dn: ou=IT, dc=example,dc=com
objectclass: organizationalUnit
ou: IT

# The Sales branch node
dn: ou=Sales, dc=example,dc=com
objectclass: organizationalUnit
ou: Sales

# The Super-User's node
dn: cn=Manager, dc=example,dc=com
objectclass: organizationalRole
cn: Manager

# A leaf node
dn: cn=Michael Yee, ou=IT, dc=example,dc=com
objectclass: person
cn: Michael Yee
sn: Yee

# Another leaf node
dn: cn=Rick Francis, ou=IT, dc=example,dc=com
objectclass: person
cn: Rick Francis
sn: Francis

# Yet another leaf node
dn: cn=Dhananjay Kulkarni, ou=Sales, dc=example,dc=com
objectclass: person
cn: Dhananjay Kulkarni
sn: Kulkarni

dn: cn=Wil Cooley, ou=Sales, dc=example,dc=com
objectclass: person
cn: Wil Cooley
sn: Cooley

# Finally, geez!
dn: cn=Jennifer Jones, ou=Sales, dc=example,dc=com
objectclass: person
cn: Jennifer Jones
cn: Jenny Jones
cn: Jenny Smith
sn: Jones
Retrieved from "http://www.cse330.org/notes/index.php/LDAP"
Personal tools