- LDAP is actually a simple protocol that is used to access directory services. It is an open, vendor neutral information such as e-mail addresses and public keys for secure transmission of data. The information contained within an LDAP directory could be ASCII text files, JPEG photographs or sound files. One way to reduce the time taken to search for information is to replicate the directory information over different platforms so that the process of locating a specific data is streamlined and more resilient to failure of connections and computers. This is what is done with information in an LDAP structure.
LDAP, Lightweight Directory Access Protocol, is an Internet protocol runs over TCP/IP that e-mail programs use to lookup contact information from a server. A directory structure is a specialized database, which is optimized for browsing, searching, locating and reading information. Thus LDAP make it possible to obtain directory information such as e-mail addresses and public keys. LDAP can handle other information, but at present it is typically used to associate names with phone numbers and e-mail addresses.
LDAP is a directory structure and is completely based on entries for each piece of information. An entry is a collection of attributes that has a globally-unique Distinguished Name (DN). The information in LDAP is arranged in a hierarchical tree-like structure. LDAP services are implemented by using the client-server architecture. There are options for referencing and accessing information within the LDAP structure. An entry is referenced by the type of its uniquely distinguishable name. Unlike the other directory structure, which allows the user access to all the information available, LDAP allows information to be accessed only after authenticating the user. It also supports privacy and integrity security services. There are two daemons for LDAP which are slapd and slurpd.
THE LDAP DOMAIN THE COMPONENTS OF AN LDAP DOMAIN A small domain may have a single LDAP server, and a few clients. The server commonly runs slapd, which will serve LDAP requests and update data. The client software is comprised of system libraries translating normal lib calls into LDAP data requests and providing some form of update functionality .Larger domains may have several LDAP slaves (read-only replicas of a master read/write LDAP server). For large installations, the domain may be divided into sub domains, with referrals to �glue� the sub domains together. THE STRUCTURE OF AN LDAP DOMAIN A simple LDAP domain is structured on the surface in a manner similar to an NIS domain; there are masters, slaves, and clients. The clients may query masters or slaves for information, but all updates must go to the masters. The �domain name� under LDAP is slightly different than that under NIS. LDAP domains may use an organization name and country.
The clients may or may not authenticate themselves to the server when performing operations, depending on the configuration of the client and the type of information requested. Commonly access to no sensitive information (such as port to service mappings) will be unauthenticated requests, while password information requests or any updates are authenticated. Larger organizations may subdivide their LDAP domain into sub domains. LDAP allows for this type of scalability, and uses �referrals� to allow the passing off of clients from one server to the next (the same method is used by slave servers to pass modification requests to the master).
|