Scribd
Upload
68 views2 pages

Ubuntu LDAP

LDAP is a protocol for querying and modifying directory services running over TCP/IP. A directory contains a hierarchical tree of data entries called the Directory Information Tree. Each entry consists of attributes with a key and value, and must belong to at least one object class. Entries are uniquely identified by their Distinguished Name. A common use of LDAP directories is for company directories and address books where there are many read requests to retrieve attribute-based information in a hierarchical structure.

Uploaded by

Ari Susanto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
68 views2 pages

Ubuntu LDAP

LDAP is a protocol for querying and modifying directory services running over TCP/IP. A directory contains a hierarchical tree of data entries called the Directory Information Tree. Each entry consists of attributes with a key and value, and must belong to at least one object class. Entries are uniquely identified by their Distinguished Name. A common use of LDAP directories is for company directories and address books where there are many read requests to retrieve attribute-based information in a hierarchical structure.

Uploaded by

Ari Susanto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Ubuntu LDAP

Introduction
The Lightweight Directory Access Protocol, or LDAP, is a protocol for querying and
modifying a X.500-based directory service running over TCP/IP. The current LDAP version
is LDAPv3, as defined in RFC4510, and the implementation used in Ubuntu is OpenLDAP.

The LDAP protocol accesses directories. A common mistake is to call a directory an LDAP
directory, or LDAP database, but it’s really so common, and we all know what we are talking
about, that it’s ok. Here are some key concepts and terms:

 A directory is a tree of data entries that is hierarchical in nature and is called the


Directory Information Tree (DIT).
 An entry consists of a set of attributes.
 An attribute has a key (a name/description) and one or more values.
 Every attribute must be defined in at least one objectClass.
 Attributes and objectclasses are defined in schemas (an objectclass is actually
considered as a special kind of attribute).
 Each entry has a unique identifier: its Distinguished Name (DN or dn). This, in turn,
consists of a Relative Distinguished Name (RDN) followed by the parent entry’s DN.
 The entry’s DN is not an attribute. It is not considered part of the entry itself.

Note

The terms object, container, and node have certain connotations but they all essentially mean
the same thing as entry, the technically correct term.

For example, below we have a single entry consisting of 11 attributes where the following is
true:

 DN is “cn=John Doe,dc=example,dc=com”
 RDN is “cn=John Doe”
 parent DN is “dc=example,dc=com”

dn: cn=John Doe,dc=example,dc=com


cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: [email protected]
manager: cn=Larry Smith,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
The above entry is in LDIF format (LDAP Data Interchange Format). Any information that
you feed into your DIT must also be in such a format. It is defined in RFC2849.

Such a directory accessed via LDAP is good for anything that involves a large number of
access requests to a mostly-read, attribute-based (name:value) backend, and that can benefit
from a hierarchical structure. Examples include an address book, company directory, a list of
email addresses, and a mail server’s configuration.

References
 The OpenLDAP administrators guide
 RFC 4515: LDAP string representation of search filters
 Zytrax’s LDAP for Rocket Scientists; a less pedantic but comprehensive treatment of
LDAP

Older references that might still be useful:

 O’Reilly’s LDAP System Administration (textbook; 2003)


 Packt’s Mastering OpenLDAP (textbook; 2007)

You might also like