LDAP System Administration
LDAP System Administration#
1. LDAP Basics#
DNS - most successful dirctory services ever implemented on the internet
Five characteristics of directory services:
- Highly optimised for reads
- distributed model for storing information
- Can extend types of info it stores
- Advanced search capanbilities
- Loosely consistent replication
Lightweight Directory Access Protocol#
The potencial of LDAP to consolidate existing services into a single directory. Reducing data redundancy. Administrative saving on creating and deleting users.
- Lightweight - compared to X.5000 directory services. LDAP uses low overhead TCP over 389. X.500 had alot more baggage.
- Directory - different from a database as it is designed to be read more than written. Transaction and write locks are not necessary. LDAP is just a protocol it says nothing about where the data is stored. Made for general directories not specialised ones - filesystems and DNS.
- Access Protocol - LDAP is asynchronous.
Present the services provided by a server.
An entry is the basic unit of a directory.
An entry contains informaiton about one or more
How entries and data are uniquely referenced. Each entry has an attribute unique among all sibling called the RDN - Relative Distinguished Name.
The string created by combining RDN’s for a unique name is called the Distinguished Name (DN)
Eg. RDN (includes attribute name and value)
The DN (distinguished name) for the node would be
Protocol itself. Authentication operations (bindings), query operations (searches and reads) and update operations (writes)
Mechanism for clients to prive their identity (authnetication) and control authenticated clients access to data (authorization)