You are previewing LDAP Directories Explained: An Introduction and Analysis.
O'Reilly logo
LDAP Directories Explained: An Introduction and Analysis

Book Description

Directory technology promises to solve the problem of decentralized information that has arisen with the explosion of distributed computing. Lightweight Directory Access Protocol (LDAP) is a set of protocols that has become the Internet standard for accessing information directories. Until now, however, those curious about LDAP had no introductory source to learn how the technology can help them centrally manage information and reduce the cost of computing services.

LDAP Directories Explained provides technical managers and those new to directory services with a fundamental introduction to LDAP. This concise guide examines how the technology works and gives an overview of the most successful directory products in an easy-to-reference format.

Key topics include:

  • An overview of LDAP, including how directories differ from databases

  • The LDAP namespace, with an overview of DNS, LDAP object structure, and LDAP object naming

  • Client LDAP operations, including directory-enabled services and applications, searches, and the LDAP protocol

  • LDAP schema, including object classes, attributes, syntaxes, matching rules, and more

  • Directory management, including directory integration strategies, metadirectories, security, and more

  • LDAP vendors OpenLDAP, Microsoft Active Directory, and Directory Server

  • A case study of Stanford University's directory architecture, which illustrates how integral an LDAP directory can become to a business

  • If you are an information technology manager, LDAP Directories Explained will provide the technical foundation you need to make sound business decisions about LDAP. If you're a developer, this straightforward reference will bring you quickly up to speed on LDAP and directories.



    020178792XB01292003

    Table of Contents

    1. Copyright
      1. Dedication
    2. Independent Technology Guides
    3. Foreword
    4. Preface
      1. Audience
      2. About the Book
      3. Appendixes
    5. Acknowledgments
    6. I. How LDAP Works
      1. 1. Overview of LDAP
        1. Introducing Directories
          1. Structure
          2. Content and Usefulness
            1. Directories Versus Databases
            2. Typical Directory Use
          3. Benefits of a Directory
        2. Introducing LDAP
          1. Mycompany.com
          2. Namespace
          3. Protocol
            1. Client-Server Model
            2. Clients
            3. Operations
          4. Schema
            1. Schema Checking
            2. Default Schema
            3. Extending the Schema
          5. Management
            1. Distributed Directory
            2. Integration and Data Manipulation
            3. Security
        3. Vendor LDAP Products
        4. Why Choose LDAP?
      2. 2. LDAP Namespace
        1. DNS
          1. DNS Hierarchy
          2. DNS Resolution
          3. Basic DNS Record Types
          4. How LDAP Uses DNS
        2. LDAP Object Structure
          1. Allowed Structures
          2. LDAP Containers
          3. Structure Rules
          4. Naming Contexts
        3. LDAP Object Naming
          1. Relative Distinguished Name (RDN)
          2. Naming Attributes
          3. Distinguished Name (DN)
          4. Naming Special Characters
          5. URL Naming
          6. LDAP v2 Naming Conventions
        4. Special LDAP Structural Concepts
        5. Summary
      3. 3. Client LDAP Operations
        1. Directory-Enabled Services and Applications
        2. Search
          1. Mandatory Search Parameters
          2. Optional Search Parameters
          3. Search Filters
            1. Extended Match Filters
            2. Special Characters in Search Filters
        3. LDAP Protocol
          1. LDAP Operations
            1. Bind
            2. Search
            3. Compare
            4. Add
            5. Delete
            6. Modify
            7. ModifyRDN or Rename
            8. Unbind
            9. Abandon
            10. Extended
          2. LDAP Controls
          3. LDAP Client Options
        4. APIs
        5. Summary
        6. Appendix Material
      4. 4. LDAP Schema
        1. Object Classes
          1. Elements of an Object Class
          2. Creating the Entry You Want
            1. Option 1: Use Inheritance and Object Class Relationships
            2. Option 2: Use an Auxiliary Class
        2. Attributes
          1. Elements of an Attribute Type
          2. Attribute Subtypes
          3. Attribute Options
            1. Language Support
          4. Operational Attributes
            1. Subschema and directoryOperation Attributes
            2. rootDSE Entry and dSAOperation Attributes
        3. Syntaxes
        4. Matching Rules
        5. OIDs
        6. Schema Checking
        7. Extended Schema Definitions
          1. DNS Extensions
          2. extensibleObject Object Class
          3. dynamicObject Object Class
          4. Java
          5. inetOrgPerson Object Class
          6. Still in Development
        8. Summary
        9. Appendix Material
      5. 5. Directory Management
        1. Replication
          1. Partitions
          2. Replicas
        2. Referrals
          1. Referral Resolution
          2. Referral Syntax
          3. Referral Examples
          4. Chaining
        3. Aliases
        4. Distributed Directory
          1. Reliability
          2. Replication Topology
          3. Maintenance
        5. Integrating Independent Directories
          1. Data Architecture Management
            1. Sources and Owners
            2. Subscribers and Consumers
            3. Privacy Concerns
          2. Metadirectories: Glue Together Your Directories
          3. Master Directory
          4. Directory Synchronization
          5. Loose Directory Interconnection
          6. Harvesting Data (Connectors)
        6. Moving Data Between Directories
          1. LDIF
            1. LDIF Examples
          2. DSML
        7. Directory Security
          1. Authentication
          2. Authorization
          3. Encryption
            1. How Encryption Relates to LDAP Management
            2. Shared Secret Key Encryption
            3. Public Key Encryption
            4. Digital Signatures
            5. Certificates and Certificate Authority
            6. SSL and TLS
        8. Administrative Server Parameters
        9. Other Directory Management Tasks
        10. Summary
    7. II. How Vendors Have Implemented LDAP
      1. 6. OpenLDAP
        1. Namespace
          1. Naming Contexts and Partitions
          2. Distributed Directory Functionality
          3. Database Functionality
          4. Indexing
        2. Operations and Clients
          1. Clients
            1. Directory-Enabled Applications
            2. Programming Support
          2. Controls
        3. Schema
          1. Classes
          2. Attributes
        4. Management
          1. Special Configuration Parameters
        5. Security
          1. Authentication
          2. Authorization
          3. Privacy
        6. Why OpenLDAP?
      2. 7. Microsoft Active Directory
        1. Namespace
          1. DNS
          2. Directory Namespace
          3. Sites
          4. Naming Contexts and Partitions
            1. Configuration Partition
            2. Domain Partition
            3. Schema Partition
          5. Global Catalog
        2. Operations and Clients
          1. Clients
            1. Integrated Clients
            2. Programming Support
          2. Controls
          3. Directory-Enabled Services
        3. Schema
          1. Classes
          2. Attributes
        4. Management
          1. Replication
          2. Indexing
          3. Data Architecture
          4. Special Configuration Parameters
        5. Security
          1. Authentication
          2. Authorization
          3. Privacy
        6. Why Active Directory?
      3. 8. Directory Server
        1. Namespace
          1. Naming Contexts
          2. Database Functionality
          3. Indexing
          4. Referrals
          5. Chaining
        2. Operations and Clients
          1. Clients
            1. Directory-Enabled Applications
            2. Programming Support
          2. Controls
          3. Plug-ins
        3. Schema
          1. Groups
          2. Roles
          3. Class of Service (CoS)
            1. Pointer CoS
            2. Classic CoS
            3. Indirect CoS
        4. Management
          1. Replication
          2. Special Configuration Parameters
        5. Security
          1. Authentication
          2. Authorization
          3. Privacy
        6. Why Directory Server?
    8. Appendixes
      1. A. Client LDAP Operations Appendix
        1. Draft Controls
          1. PSEARCH
          2. TSEARCH
          3. DIRSYNC
          4. LCUP
          5. Chaining
          6. Virtual List View
        2. C language API
      2. B. Schema Appendix
        1. Schema Formats
          1. ASN.1 Object Class Syntax
            1. Example
          2. ASN.1 Attribute Syntax
            1. Example
          3. BNF Object Class Syntax
            1. Example
          4. BNF Attribute Syntax
            1. Example
          5. Slapd.conf Object Class Syntax
            1. Example
          6. Slapd.conf Attribute Syntax
            1. Example
        2. Common Syntaxes
        3. Common Matching Rules
      3. C. Stanford University Directory Architecture
        1. Environment
        2. Source Systems
        3. Stanford Registry
          1. Privacy Controls
        4. Directory Harvester
          1. Event Database
        5. Stanford Directory
          1. E-mail Service Integration
          2. Web UI Integration
          3. Updating Your Personal Information
        6. Active Directory Harvester
          1. Privacy Control in AD
        7. Summary
      4. D. OpenLDAP Access Control
        1. <What> Element
        2. <Who> Element
        3. <Access> Element
        4. Evaluation of Access
        5. Comprehensive Example
      5. E. Active Directory Controls Appendix
      6. F. Directory Server Appendix
        1. Default Indexes
        2. Access Control Instructions (ACIs)
          1. ACI Targets
          2. ACI Heading
          3. ACI Permissions
          4. ACI Bind Rules
          5. Putting an ACI Together
          6. Macro ACIs
        3. Plug-ins
      7. G. Online Reference Material
        1. Chapter 1 Topics
          1. Articles
          2. LDAP Supersites
        2. Chapter 2 Topics
          1. DNS
          2. Referrals
          3. Escaping Special Characters
        3. Chapter 3 Topics
          1. Programming Resources
          2. Encoding Resources
          3. Base64 Encode and Decode Base64 Files
          4. Directory Integration
        4. Chapter 4 Topics
          1. X.500
          2. ASN.1
          3. Schema Resources
        5. Chapter 5 Topics
          1. Metadirectories
          2. DSML
          3. Security
          4. Stanford University
        6. Chapter 6 Topics
          1. Building OpenLDAP
        7. Chapter 7 Topics
        8. Chapter 8 Topics
          1. Server Documentation
          2. Programming Resources