The Hierarchy

You know that LDAP is a hierarchical database, but you may not be aware of all of the benefits of this.

Imagine on your filesystem that you have a home directory for a user called Justin: /home/justin. Inside this directory, you have a subdirectory called Documents, with a further subdirectory of Finances. Another user, Roger, has a home directory of /home/roger. Roger also stores information about his finances in his Documents directory.

It just so happens that Roger and Justin both have a file called finances_2004.xml in their Finance directories. Even with the same filename, these two files do not affect each other because their location is different throughout the filesystem tree.

LDAP works the same way. If a person called John Doe joins Acme as an HR assistant and another John Doe (it is a popular name!) joins IT as an architect, their locations in the tree mean that their information is uniquely identified by the path to that data. Figure 25-7 shows another diagram of Acme with some LDAP thrown in to explain how LDAP uses the tree design.

We have replaced the organizational chart with an LDAP structure. Reading back from Jane Dadswell, much like you read back from the finances_2004.xml file, you can uniquely identify this person in the organization. In the case of Jane Dadswell, her unique entry is cn="Jane Dadswell", ou=Helpdesk, ou=IT, o=Acme, c=UK.

i; ../'^fYT Notice the quotes around Jane Dadswell in the previous entry. This is to make sure

. „■ •«1'^'. ,t .-.5 . the space is included in the cn for Jane.

From this information, you see that Jane Dadswell is in the organization Acme (in the UK), the department of IT, and the subdepartment of Helpdesk.

The person named Jane Dadswell is unique in the organization, working on the Helpdesk, and is unique in the LDAP directory. This unique identifier is called the Distinguished Name (dn), and we will refer to this throughout the rest of the chapter.

This is a quick introduction to how LDAP stores its data, and throughout the rest of the chapter, you will learn by example about using LDAP in the Acme organization, taking the organizational chart as a basis for its design.


Acme organization in LDAP


Acme organization in LDAP

Designing an LDAP directory is something that has to be done correctly. If you have an up-to-date organizational chart that effectively represents your organization, your life will be a lot easier.

Was this article helpful?

0 0

Post a comment