LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/LDAP-HOWTO/ldapbackends.html

362 lines
7.1 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>LDAP backends, objects and attributes</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="LDAP Linux HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Introduction"
HREF="introduction.html"><LINK
REL="PREVIOUS"
TITLE="How does LDAP work ?"
HREF="howitworks.html"><LINK
REL="NEXT"
TITLE="New versions of this document"
HREF="newversions.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>LDAP Linux HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="howitworks.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 1. Introduction</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="newversions.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="LdapBackends"
></A
>1.3. LDAP backends, objects and attributes</H1
><P
>The LDAP server daemon is called <EM
>Slapd</EM
>. <EM
>Slapd</EM
>
supports a variety of different <B
CLASS="command"
>database backends</B
> which you can use.</P
><P
>They include the <B
CLASS="command"
>primary choice BDB</B
>, a high-performance transactional database backend; LDBM, a lightweight DBM based backend; SHELL, a backend interface to arbitrary shell scripts and PASSWD, a simple backend interface to the passwd(5) file.</P
><P
>BDB utilizes <A
HREF="http://www.sleepycat.com/"
TARGET="_top"
>Sleepycat</A
> Berkeley DB 4. LDBM utilizes
either <A
HREF="http://www.sleepycat.com/"
TARGET="_top"
>Berkeley DB</A
> or <A
HREF="http://www.gnu.org/software/gdbm/"
TARGET="_top"
>GDBM</A
>.</P
><P
>BDB transactional backend is suited for multi-user read/write database access,
with any mix of read and write operations. BDB is used in applications that require:
<P
></P
><UL
><LI
><P
>Transactions, including making multiple changes to the
database atomically and rolling back uncommitted changes when necessary.</P
></LI
><LI
><P
>Ability to recover from systems crashes and hardware failures without
losing any committed transactions.</P
></LI
></UL
> </P
><P
>In this document I assume that you choose the <B
CLASS="command"
>BDB database.</B
></P
><P
>To import and export directory information between LDAP-based directory servers,
or to describe a set of changes which are to be applied to a directory, the
file format known as LDIF, for LDAP Data Interchange Format, is typically used.
A LDIF file stores information in object-oriented hierarchies of entries. The
LDAP software package you're going to get comes with an utility to convert LDIF
files to the BDB format</P
><P
>A common LDIF file looks like this:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;dn: o=TUDelft, c=NL
o: TUDelft
objectclass: organization
dn: cn=Luiz Malere, o=TUDelft, c=NL
cn: Luiz Malere
sn: Malere
mail: malere@yahoo.com
objectclass: person
</PRE
></FONT
></TD
></TR
></TABLE
><P
>As you can see each entry is uniquely identified by a distinguished name, or
DN. The DN consists of the name of the entry plus a path of names tracing the
entry back to the top of the directory hierarchy (just like a tree).</P
><P
>In LDAP, an <B
CLASS="command"
>object class</B
> defines the collection of <B
CLASS="command"
>attributes</B
> that can be used
to define an entry. The LDAP standard provides these basic types of object classes:</P
><P
></P
><UL
><LI
><P
>Groups in the directory, including unordered lists of individual objects
or groups of objects.</P
></LI
><LI
><P
>Locations, such as the country name and description.</P
></LI
><LI
><P
>Organizations in the directory.</P
></LI
><LI
><P
>People in the directory.</P
></LI
></UL
><P
>An entry can belong to more than one object class. For example, the entry for a
person is defined by the <EM
>person</EM
> object class, but may also be
defined by attributes in the inetOrgPerson, groupOfNames, and organization objectclasses.
The server's object class structure (it's schema) determines the total list of required and
allowed attributes for a particular entry.</P
><P
>Directory data is represented as attribute-value pairs. Any specific piece of
information is associated with a descriptive attribute.</P
><P
>For instance, the commonName, or cn, attribute is used to store a person's name
. A person named Jonas Salk can be represented in the directory as</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>cn: Jonas Salk</PRE
></FONT
></TD
></TR
></TABLE
><P
>Each person entered in the directory is defined by the collection of attributes
in the <EM
>person</EM
> object class. Other attributes used to define this
entry could include:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;givenname: Jonas
surname: Salk
mail: jonass@airius.com
</PRE
></FONT
></TD
></TR
></TABLE
><P
>Required attributes include the attributes that must be present in entries
using the object class. All entries require the objectClass attribute, which
lists the object classes to which an entry belongs.</P
><P
>Allowed attributes include the attributes that may be present in entries using
the object class. For example, in the person object class, the cn and sn
attributes are required. The description, telephoneNumber, seeAlso, and
userpassword attributes are allowed but are not required.</P
><P
>Each attribute has a corresponding syntax definition. The syntax definition
describes the type of information provided by the attribute, for instance:</P
><P
></P
><UL
><LI
><P
>bin binary.</P
></LI
><LI
><P
>ces case exact string (case must match during comparisons).</P
></LI
><LI
><P
>cis case ignore string (case is ignored during comparisons).</P
></LI
><LI
><P
>tel telephone number string (like cis but blanks and dashes `- ' are
ignored during comparisons).</P
></LI
><LI
><P
>dn distinguished name.</P
></LI
></UL
><P
><B
CLASS="command"
>Note: </B
>Usually objectclass and attribute definitions reside on schema files, on the
subdirectory <EM
>schema</EM
> under the OpenLDAP installation home.</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="howitworks.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="newversions.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>How does LDAP work ?</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="introduction.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>New versions of this document</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink