LDAP Primer for Developers
What is LDAP?
The P in LDAP stands for Protocol, the same as the P in HTTP and FTP. So right off the bat you see that LDAP is a protocol that is at the application level (same as FTP and HTTP) that rides on top of TCP/IP (a transport level protocol). Like HTTP and FTP, LDAP is based on a client sever model. You have an LDAP client that connects to an LDAP server and sends LDAP requests and receives LDAP responses. LDAP services typicallly run on port 389. Unlike HTTP which is a stateless protocol (no connection is kept alive between requests by a client), LDAP is more like FTP in that you have to connect with credentials (called binding), perform operations (typically to lookup data in the directory) and then disconnect (aka unbinding). An interesting thing is that LDAP is supported by browsers (just like FTP is also supported by browsers) and you can enter an address like ldap://UrlAddress/ and the browser will switch to the LDAP protocol and pop up a small window to let you do directory searches. Try it in IE and see what happens!
What is X.500?
The next thing to understand is that that an LDAP directory is based on an open standard called X.500 that basically describes the LDAP database structure. It is a tree-like hierarchial data structure of nodes that contain information (similar to the way operating systems organize hard disk files into folders hierarchies that contain files instead of nodes). Like a relational database, an LDAP server has a schema that describes the fields of data each node in the database can contain. Because LDAPs are universally used, a standard 'user schema' has been adopted (RFC 2256) that is used by most everybody (the o=aaaa,ou=bbbb,cn=cccc gobletygoop). More on that later. The other thing about an LDAP directory is that it is optimized for fast read and lookup operations. It is not meant to be used for application where data updates occur frequently. That is still the domain of relational databases.
Tell me more about a Directory's Schema
Just like a relational database that has metadata describing the tables and columns in a database, a directory has a schema definition file that describes
- the attributes a directory entry might have, for example an attribute called 'sn' that is defined as a string where surname information is stored. An attribute can be multivalue, meaning it might store several values
- the object classes that describe directory entries and what attributes it has, for example an entry might be of type 'person' and it might contain an attribute called 'sn'. ObjectClasses define which attributes are mandatory and which are optional.
Unlike relational databases where you must define the columns within the context of a table, x.500 allows you to define attributes separate from the object classes that use the attributes. And as mentioned earlier, there is a standard user schema that is commonly used to describe the object classes and attributes found in directories. Lets take a look now at this standard user schema which I am sure you will recognize.
Attributes in the standard user schema used in X.500 Lets start with the attributes in the standard user schema. Attributes have names and an alias. The alias is a 'shortname' of sorts that can be used in place of the name.
Name Alias Description Example commonName cn first, last name John Smith telephoneNumber tel self explanatory 123-222-3333 organizationalUnit ou self explanatory Treasury Objects in the standard user schema used in X.500 Now lets take a look at some of the objects classes in the standard user schema (remember, object classes list the attirbutes found in that object class - think of them as table definitions) Name Description Required Attributes InetOrgPerson person cn sn objectclass organizationalUnit a department ou objectclass organization a company o objectclass Here are some notes about object classes- an object class can inherit from another object class. By doing so it inherits all the attributes of the parent object class and can add its own
- all object classes must inherit from the top object class. 'top' is a special object class that defines the objectclass attribute that all object classes must have. Think of 'top' and the 'Object' class that all .NET classes inherit from.
Comments