Wednesday, August 6, 2008

LDAP: In a nutshell

LDAP Lightweight Directory Access Protocol (Based on X 500 Standard)


LDAP --> Protocol to retrieve data stored in information directory, which is heavily optimized for read performance.

LDAP --> Allows you to securely delegate read and modification authority based on your specific needs using ACIs (collectively, an ACL, or Access Control List).

LDAP --> Tree Structure

Top level node called base DN (Distinguished Name)
Base DN in one of the 3 formats (for foobar company in US)

o="company name",c=Country
ex: o="foobar,Inc", c=US
(not preferred now a days,as no place to put website name)

o="website of the company"
ex: o=foobar.com (most common as straight forward)

dc=compnay, dc = com
ex: dc=foobar,dc=com
(used nowadays, Microsoft Acive Directory uses this format)

Here o=>organisation, c=>country,dc=>domain components


Under root base DN, Create nodes that logically seperate your data.
For Historic reasons (X500),These logical components are set up as OU,CN
OU=>Origanizational Unit
CN=>Common Name

All entires in LDAP have a unique DN and this DN is composed of 2 parts, RDN(Relative) and lcoation within the ldap direcotry where the record resides.
RDN is the portion of your DN that is not related to the directory tree structure.

Most entries stored in ldap will have a name, they are stored as CN

Most objects stored in LDAP will use CN value as RDN

So, If I want to store recipie for Oatmeal raisin

ex:
dc=foobar, dc=com
- ou=recipie
-- cn=oatmeal raisin

So, the full DN for the LDAP record is (Remeber it read it backwards) cn=oatmeal raisin,ou=recipie,dc=foobar,dc=com

Typically to store employee logins either CN is used store their name or UID is used to store the login

ex: dc=abclondon,dc=com
-ou=london
--cn="ramesh manni" or uid="rmanni" ----> name-based or login-based

LDAP stores all information for a given record as key-value pairs
ex:
dn: cn=Oatmeal Deluxe, ou=recipes, dc=foobar, dc=com
cn: Instant Oatmeal Deluxe
recipeCuisine: breakfast
recipeIngredient: 1 packet instant oatmeal
recipeIngredient: 1 cup water
recipeIngredient: 1 pinch salt
recipeIngredient: 1 tsp brown sugar
recipeIngredient: 1/4 apple, any type

Searches against these attribute/value pairs are case insensitive excpet for passwords
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)