test

LDAP Setup and Configuration Guide

LDAP Model

LDAP is the emerging industry standard protocol for accessing directory servers. It is a lightweight protocol. It is efficient, straight forward, and easy to implement, while still being highly functional. It uses a simplified set of system-independent encoding methods and runs directly on top of TCP/IP.

LDAP directories provide a way to name, manage, and access collections of directory entries. A directory entry is composed of attributes that have a type and one or more values. The syntax for each attribute defines the values allowed (such as ASCII characters or a jpeg photograph) and how those values are interpreted during a directory operation (such as whether a search or compare is case sensitive) .

Directory entries are organized into a tree structure, based on geographic (country), organizational (company) boundaries, or domains (dc).

Entries are named according to their position in this tree structure by a distinguished name (DN). Each component of the distinguished name is called a relative distinguished name (RDN). An RDN is composed of one or more attributes from the entry. (See RFC 2253 for a formal definition of a distinguished name.)

The hierarchy of the directory tree structure is analogous to that of the UNIX file system. An RDN is analogous to the name of a file, and the DN is analogous to the absolute pathname to the file. As in the UNIX file system, sibling directory entries must have unique RDNs. However, in the directory tree, both leaf nodes and nonleaf nodes can contain content or attributes.

Like the DNS namespace, LDAP directory entries are accessed in a “little-endian” manner. This means that LDAP names start with the least significant component and proceed to the most significant, that just below root. The DN is constructed by concatenating the sequence of RDNs up to the root of the tree. For example, if the person named Joe Qwerty works for the company named Ultra Keyboards in the United States, the commonName (CN) attribute for the person Joe Qwerty contains the value “Joseph Qwerty”. The DN contains “cn=Joseph Qwerty, o=Ultra Keyboards, c=US”.