What Is LDAP

LDAP is not a specific server. Much as Domain Name System (DNS) and Simple Mail Transport Protocol (SMTP) are conceptual protocols, LDAP describes the organization of data, access to the data, and the protocol used to talk to an LDAP server.

The Linux LDAP implementation is the extremely popular OpenLDAP server. It has been around for a very long time and uses the LDAP specification as a base to implement new features.

LDAP is a part of many organizations although many people in those organizations aren't even aware of its use. Microsoft's Active Directory, Novell's eDirectory, and OpenLDAP are related directory services, all of which have their historical roots in the X.500 protocol.

The main distinguishing factor of LDAP is in the way it stores its information. All data in an LDAP database is stored in a tree. LDAP is an inverse tree in the same way that your filesystem is. At the top of the LDAP tree, you have the base object, usually the organization. Below this, you then have objects that are part of the LDAP tree, or you can also have a further split using subtrees.

Figure 25-6 puts this structure into a diagram.

When thinking about LDAP, try to think not on a technology level, but on an organizational level. LDAP design should follow the organization of what you are storing data about. For our example, we will take the organization of a fictional company called Acme Technology. Acme, like many organizations, has departments that deal with certain parts of the business (Sales, Marketing, HR, IT, the Board, and so on), and we will model this in our LDAP server.

FIGURE 25-6

Conceptual overview of LDAP

FIGURE 25-6

Conceptual overview of LDAP

We have taken the IT department and expanded it slightly to include job title and also some people in the organization. You may be thinking that this looks a lot like a standard organizational chart that you see when you start a company, and this is how you should view it.

All the people in the organization belong to a department, which belongs to the organization, and this methodology is how you should see LDAP. You can see that the tree structure lends itself very well to organizational data, whether it is just for an address book or user accounts.

Was this article helpful?

0 0

Post a comment