Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

LDAP for Dummies?

0 views
Skip to first unread message

Lars Appel

unread,
Dec 6, 1998, 3:00:00 AM12/6/98
to HP30...@raven.utc.edu
Hello knowledgeable ones...

Can anybody advise me some good (and short) tutorial on LDAP (Lightweight
Directory Access Protocol)? Or even better... lend me a hand and give me
a few tips or guidelines regarding setup and usage?

Picked up the sources from http://www.OpenLDAP.org (they now use the much
more porting-friendly GNU autoconf approach) and it seems that I can get
my prototype slapd up and running. It even seems to talk to client tools
like ud or ldapsearch. I just don't have any idea how to setup and use the
stuff to get some reasonable results without wading thru mountains of doc.

TIA, Lars "impatient or lazy?" ;-)

(this ldap-alpha-based prototype is *far* from being called LDAP/iX so far)


Mark Bixby

unread,
Dec 7, 1998, 3:00:00 AM12/7/98
to HP30...@raven.utc.edu
Lars Appel writes:
> Can anybody advise me some good (and short) tutorial on LDAP (Lightweight
> Directory Access Protocol)? Or even better... lend me a hand and give me
> a few tips or guidelines regarding setup and usage?

A directory in the LDAP sense is a hierarchical database. The database schema
defines the attribute names (think TurboImage items) and object classes (think
TurboImage sets). For each object class, the mandatory and optional attributes
are listed (think TurboImage fields).

An object in the directory is identified via its distinguished name (dn). The
dn is a unique key which implies a hierarchical structure. For example, the
root dn of my directory here is:

o=Coast Community College District, st=California, c=US

Our campuses have the following dn-s:

ou=Coastline Community College, o=Coast Community College District, st=California, c=US
ou=Golden West College, o=Coast Community College District, st=California, c=US
ou=Orange Coast College, o=Coast Community College District, st=California, c=US

We further subdivide by two more levels, division and department:

ou=department, ou=division, ou=campus, o=Coast Community etc...

Every object in the database consists of one or more attributes. An attribute
may occur one or more times (for example, a person object may have multiple
e-mail address attributes).

All objects must have one and only one dn attribute, and one *or more*
objectclass attributes. If an object has multiple objectclasses, all mandatory
attributes from all object classes must be present. Optional attributes from
all of the object classes may or may not be present in any combination.

LDAPv3 has a special referral object class. When a referral object is returned
to a client program, it instructs the client to connect to some other LDAP
directory to complete the search of a subtree. Here at CCCD, my LDAP server
directly hosts District site information, and contains referral objects pointing
to campus LDAP servers that hold the campus information.

LDIF (Logical Directory Interchange Format?) is a syntax used by many LDAP
programs to present an object and its attributes in "attribute: value" format.
For example, a hypothetical person object for me in LDIF format would be:

dn: cn=Mark Bixby, o=Coast Community College District, st=California, c=US
objectclass: person
cn: Mark Bixby
givenname: Mark
surname: Bixby
phone: +1 714 438-4647
email: ma...@cccd.edu
email: ma...@spock.dis.cccd.edu
postaladdress: 1370 Adams Ave.

The ldapsearch utility displays objects in LDIF format. The ldapmodify utility
reads LDIF and writes it to the directory. I did most of my initial directory
loading by using Perl to generate LDIF which is passed to ldapmodify.

LDAP search filter syntax uses prefix notation. For example, to search for
a person object *and* a surname of Bixby *or* Smith, the filter syntax would be:

(&(objectclass=person)(|(surname=Bixby)(surname=Smith)))

> Picked up the sources from http://www.OpenLDAP.org (they now use the much
> more porting-friendly GNU autoconf approach) and it seems that I can get
> my prototype slapd up and running. It even seems to talk to client tools
> like ud or ldapsearch. I just don't have any idea how to setup and use the
> stuff to get some reasonable results without wading thru mountains of doc.

OpenLDAP is a descendant of the UMich distribution which gave you a choice of
a variety of back-end databases. Which database did you choose for MPE?

For bulk loading of test data, generate a bunch of LDIF and feed it into
ldapmodify.

For simple reading of test data, use ldapsearch. Ldapsearch can of course
search databases on remote servers such as MS Exchange 5.5 or Netscape
Directory Server.

For extra credit, define a bunch of people objects in your test directory and
use Netscape Communicator or MS Outlook to look them up.

For extra extra credit, download a 30-day test drive of Netscape Messaging
Server. Tell it to use your test directory as its user repository. This will
require extensive schema customization and is something I've never tried. I
do use Netscape Message Server here, but only in combination with Netscape
Directory Server.
--
Mark Bixby E-mail: ma...@cccd.edu
Coast Community College Dist. Web: http://www.cccd.edu/~markb/
District Information Services 1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support Voice: +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)


Lars Appel

unread,
Dec 7, 1998, 3:00:00 AM12/7/98
to HP30...@raven.utc.edu
Mark wrote...

[ snipping excellent in-a-nutshell quick start overview -- big THANKS ]

>OpenLDAP is a descendant of the UMich distribution which gave you a choice of
>a variety of back-end databases. Which database did you choose for MPE?

Currently using the GDBM that I noticed as part of ht://Dig for MPE/iX,
as the OpenLDAP configure script mentioned this as an explicit choice :)

[ more snip -- big thanks continued ]

Looks like this will get me started. I can probably locate some LDAP
server(s) on the HP Intranet to try the ported clients like ldapsearch
and ud. Then I'll go ahead and load an initial LDBM backend database
from LDIF format and start exercising the slapd server...

Also found some nice docs at the U of Michigan web sites :)

Lars.


0 new messages