Web Developer's Virtual Library: Encyclopedia of Web Design Tutorials, Articles and Discussions

WDVL Newsletter
Active Server Pages
JSP/Java Servlets
Microsoft SQL Server
Daily Backup
Dedicated Servers
Streaming Audio/Video
24-hour Support    
jobs.webdeveloper.com

Hiermenus

e-commerce
Partner With Us

Developer Channel
FlashKit.com
JavaScript.com
JavaScriptSource
Developer Jobs
ScriptSearch
StreamingMediaWorld
Web Developer's Journal
Web Developer's Virtual Library
WebDeveloper.com
Webreference
Web Hosts
XMLfiles.com

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers


Components of LDAP - Page 2

Wrox Press

February 8, 2002

LDAP as a directory system involves the following components:

  • LDAP server is the server that LDAP clients interact with to obtain directory information. The actual data is stored in a datastore (usually a database). The datastore is hidden from the clients since the server knows how to retrieve information from the datatore and present it to the clients in a common format.
  • LDAP data organization, indicated by Back-end Database in the above diagram, defines how the data is formatted while in storage and exchange with respect to the communicating LDAP entities, that is, client-server and server- server (a special case which we shall see soon).
  • LDAP protocol, indicated by X.500 Server in the above diagram, is the common language spoken by clients and servers when the clients access the directory. The protocol itself is message-oriented, that is, no states about the clients are maintained on the server. The client sends one or more LDAP messages or LDAP requests to the server that processes the requests and sends the results back to the client as LDAP messages or responses. The LDAP protocol also provides for certain server to server communication.
  • LDAP clients implemented using different vendor APIs and tools on different platforms are able to connect to the LDAP server, as long as they speak the LDAP protocol and handle data in the particular format required by LDAP.

Characteristics of LDAP

Let's take a look at some of the distinguishing features of LDAP that has made it the directory solution of choice.

Global Directory Service

A well-designed LDAP directory allows users to access data that is uniquely identifiable on a global scale. To clarify this further, entities stored in an LDAP directory are unique in the sense that no two?directory entities anywhere in the world will have the same identifier to access it.

Taking the domain name analogy on the Internet, the owner of yourdomain.com may have a machine with the name foomachine. Now, the owner of mydomain.com can still have a machine with the name foomachine, because the machine can be uniquely identified as foomachine.mydomain.com as opposed to foomachine in the domain yourdomain.com, which can be uniquely identified as foomachine.yourdomain.com. LDAP uses a similar strategy for maintaining uniqueness of its entities, which we shall soon see.

Open Standard Interconnectivity

LDAP is an open standard and can be adopted by any vendor or individual freely with no licensing involved. The fact that LDAP can run on top of TCP/IP gives it the unique advantage of interconnectivity with machines similarly enabled. Further, the clients and servers are vendor-independent as long as they can speak LDAP.

Customizability and Extensibility

The query and update mechanism of LDAP is standardized between clients and servers. The users are insulated from it, since each application can have its own interface or a GUI that translates the user interaction into this query and update standard. Further, it is flexible enough to be extended to suit different application scenarios and locales; in fact LDAPv3 applications can support multiple languages using the Unicode UTF-8 character set for all attribute values and values of identifiers.

Heterogeneous Data Store

The LDAP server uses a back-end datastore to store its data, but is not tied down to any particular database. In fact LDAP can at the same time use more than one back-end database to store and retrieve its data. So it is not uncommon for one LDAP server to use a commercial database as its datastore while another server might just as well use a flat file datastore.

Secure and Access Controlled Protocol

LDAP is a secure protocol in that it makes use of authentication to ensure that transactions are secure. Authentication is used by the server to establish that the interacting client is who it claims to be. In LDAP version 2, this was done by sending a password along with the identifier for the interacting entity. This was, however, not a very secure mechanism since it was exposed to eavesdropping on the wire.

LDAP v3 uses the Simple Authentication and Security Layer (SASL) that, by making very little assumptions about the actual mechanisms that implement security, allow a lot of flexibility in choosing the right authentication scheme. The Secure Socket Layer (SSL) protocol, is the most popular one to be implemented for this purpose and provides protection against network eavesdropping.

Apart from just authenticating transactions, LDAP provides a very rich set of access control features, which can be used to control who accesses what and in the manner which this can be done (such as update or query). Password policy control as part of version 3 allows for fine-grained password expiration. The proxied authorization control allows users to perform certain operations assuming a different role or set of privileges.

LDAP
Professional PHP4 Programming
LDAP Applications - Page 3

Up to => Home / Authoring / Languages / PHP / Pro



Jupiter Online Media: internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and Jupiter Online Media

Jupitermedia Corporate Info


Legal Notices, Licensing, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers