LISTSERV - HP3000-L Archives

HP3000-L Archives

December 1998, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L December 1998, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: LDAP for Dummies?
From:	Mark Bixby <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 7 Dec 1998 09:31:12 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (95 lines)

Lars Appel writes:
> Can anybody advise me some good (and short) tutorial on LDAP (Lightweight
> Directory Access Protocol)? Or even better... lend me a hand and give me
> a few tips or guidelines regarding setup and usage?

A directory in the LDAP sense is a hierarchical database.  The database schema
defines the attribute names (think TurboImage items) and object classes (think
TurboImage sets).  For each object class, the mandatory and optional attributes
are listed (think TurboImage fields).

An object in the directory is identified via its distinguished name (dn).  The
dn is a unique key which implies a hierarchical structure.  For example, the
root dn of my directory here is:

        o=Coast Community College District, st=California, c=US

Our campuses have the following dn-s:

        ou=Coastline Community College, o=Coast Community College District, st=California, c=US
        ou=Golden West College, o=Coast Community College District, st=California, c=US
        ou=Orange Coast College, o=Coast Community College District, st=California, c=US

We further subdivide by two more levels, division and department:

        ou=department, ou=division, ou=campus, o=Coast Community etc...

Every object in the database consists of one or more attributes.  An attribute
may occur one or more times (for example, a person object may have multiple
e-mail address attributes).

All objects must have one and only one dn attribute, and one *or more*
objectclass attributes.  If an object has multiple objectclasses, all mandatory
attributes from all object classes must be present.  Optional attributes from
all of the object classes may or may not be present in any combination.

LDAPv3 has a special referral object class.  When a referral object is returned
to a client program, it instructs the client to connect to some other LDAP
directory to complete the search of a subtree.  Here at CCCD, my LDAP server
directly hosts District site information, and contains referral objects pointing
to campus LDAP servers that hold the campus information.

LDIF (Logical Directory Interchange Format?) is a syntax used by many LDAP
programs to present an object and its attributes in "attribute: value" format.
For example, a hypothetical person object for me in LDIF format would be:

        dn: cn=Mark Bixby, o=Coast Community College District, st=California, c=US
        objectclass: person
        cn: Mark Bixby
        givenname: Mark
        surname: Bixby
        phone: +1 714 438-4647
        email: [log in to unmask]
        email: [log in to unmask]
        postaladdress: 1370 Adams Ave.

The ldapsearch utility displays objects in LDIF format.  The ldapmodify utility
reads LDIF and writes it to the directory.  I did most of my initial directory
loading by using Perl to generate LDIF which is passed to ldapmodify.

LDAP search filter syntax uses prefix notation.  For example, to search for
a person object *and* a surname of Bixby *or* Smith, the filter syntax would be:

        (&(objectclass=person)(|(surname=Bixby)(surname=Smith)))

> Picked up the sources from http://www.OpenLDAP.org (they now use the much
> more porting-friendly GNU autoconf approach) and it seems that I can get
> my prototype slapd up and running. It even seems to talk to client tools
> like ud or ldapsearch. I just don't have any idea how to setup and use the
> stuff to get some reasonable results without wading thru mountains of doc.

OpenLDAP is a descendant of the UMich distribution which gave you a choice of
a variety of back-end databases.  Which database did you choose for MPE?

For bulk loading of test data, generate a bunch of LDIF and feed it into
ldapmodify.

For simple reading of test data, use ldapsearch.  Ldapsearch can of course
search databases on remote servers such as MS Exchange 5.5 or Netscape
Directory Server.

For extra credit, define a bunch of people objects in your test directory and
use Netscape Communicator or MS Outlook to look them up.

For extra extra credit, download a 30-day test drive of Netscape Messaging
Server.  Tell it to use your test directory as its user repository.  This will
require extensive schema customization and is something I've never tried.  I
do use Netscape Message Server here, but only in combination with Netscape
Directory Server.
--
Mark Bixby                      E-mail: [log in to unmask]
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support               Voice: +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)

ATOM RSS1 RSS2

RAVEN.UTC.EDU