Message-Id: <199709101527.IAA07890@mailhost1.cac.washington.edu> From: "James W DeRoest" <deroest@cac.washington.edu> To: "AST Webpage" <astweb@u.washington.edu> Subject: urls, about ldap Date: Wed, 10 Sep 1997 08:27:34 -0700
-----Original Message----- From: Yonah Karp <yonah@u.washington.edu> To: Donn Cave <donn@u.washington.edu>; Ken Lowe <ken@u.washington.edu>; Jim Fox <fox@u.washington.edu>; Nathan Dors <dors@u.washington.edu>; R. Christ <rchrist@u.washington.edu>; Brad Greer <brad@u.washington.edu>; Eliot Lim <eliot@u.washington.edu>; Thomas W Remmers <remmers@u.washington.edu>; Jim DeRoest <deroest@u.washington.edu>; Lori Stevens <lrs@cac.washington.edu> Date: Wednesday, September 03, 1997 11:52 AM Subject: urls, about ldap
Main page:
http://www.umich.edu/~rsug/ldap/
Below is pretty useful; from
http://www.umich.edu/~rsug/ldap/doc/guides/slapd/1.html#RTFToC1
Yonah
===
1.1 What is a directory service?
A directory is like a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. As a consequence, directories don't usually implement the complicated transaction or roll-back schemes regular databases use for doing high-volume complex updates. Directory updates are typically simple all-or-nothing changes, if they are allowed at all. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be OK, as long as they get in sync eventually.
There are many different ways to provide a directory service. Different methods allow different kinds of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, how it is protected from unauthorized access, etc. Some directory services are local, providing service to a restricted context (e.g., the finger service on a single machine). Other services are global, providing service to a much broader context (e.g., the entire Internet). Global services are usually distributed, meaning that the data they contain is spread across many machines, all of which cooperate to provide the directory service. Typically a global service defines a uniform namespace which gives the same view of the data no matter where you are in relation to the data itself.
1.2 What is LDAP?
Slapd's model for directory service is based on a global directory model called LDAP, which stands for the Lightweight Directory Access Protocol. LDAP is a directory service protocol that runs over TCP/IP. The nitty-gritty details of LDAP are defined in RFC 1777 "The Lightweight Directory Access Protocol." This section gives an overview of LDAP from a user's perspective.
What kind of information can be stored in the directory? The LDAP directory service model is based on entries. An entry is a collection of attributes that has a name, called a distinguished name (DN). The DN is used to refer to the entry unambiguously. Each of the entry's attributes has a type and one or more values. The types are typically mnemonic strings, like "cn" for common name, or "mail" for email address. The values depend on what type of attribute it is. For example, a mail attribute might contain the value "babs@umich.edu". A jpegPhoto attribute would contain a photograph in binary JPEG/JFIF format.
How is the information arranged? In LDAP, directory entries are arranged in a hierarchical tree-like structure that reflects political, geographic and/or organizational boundaries. Entries representing countries appear at the top of the tree. Below them are entries representing states or national organizations. Below them might be entries representing people, organizational units, printers, documents, or just about anything else you can think of.