LDAP em VDM++

LDAP em VDM++

Pedro Pereira Ulisses Costa

M´todos Formais em Engenharia de Software
e

12 de Fevereiro de 2009

Pedro Pereira, Ulisses Costa LDAP em VDM++

Sum´rio
a

1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP

2 VDM
DIT - Tree? & Forest
Servidor

3 Opera¸˜es do Servidor
co


LDAP

LDAP vs DAP - Lightweight porque opera em TCP/IP
LDAP ´ pelo menos uma DIT
e
Uma directoria ´ uma maneira de organizar informa¸˜o
e ca
complexa, tornando f´cil a sua pesquisa.
a


Estrutura da DIT

Fun¸õ da DIT
ca
Guardar a hierarquia

Composta por entradas
Entradas sõ instˆncias de ObjectClass
a a
ObjectClass’s podem ter atributos
Atributos relacionam a informa¸õ
ca


Estrutura das entradas

Contˆm uma instˆncia de ObjectClass
e a
Atributos obrigat´rios da ObjectClass
o
Um DN (Distinguished Name))
´
Unico em toda a ´rvore
a
Um RDN (Relative Distinguished Name)
´
Unico entre irm˜os
a


Propriedades do LDAP

Floresta de DIT’s
DN’s s˜o unicos na DIT
a´
Um DN ´: O DN do antecessor e o seu RDN
e
Cada atributo tem pares de (identiﬁcador,valor)


DIT - Tree?

Grafo ac´
ıclico e ligado (uma ra´
ız)
The root of the DIT is a DSA-speciﬁc Entry (DSE) and not
part of any naming context


DIT - Forest

Grafo ac´
ıclico e n˜o ligado (m´ltiplas ra´
a u ızes)


Servidor Estrutura

class Server

types
public String = seq of char ;

public OName = String ;
public AName = String ;
public Value = String ;

public ObjClass :: must : set of AName
may : set of AName ;

instance variables
-- entradas existentes
private entries : map nat1 to Entry ;
-- hierarquia das entradas
private dit : map nat1 to set of nat1 ;
-- objectos definidos
private def_objs : map OName to ObjClass ;
-- atributos definidos
private def_attrs : set of AName ;

inv ServerINV () ;


Servidor Invariantes

The root of the DIT is a DSA-specific Entry (DSE) and not part of any naming
context;
Entries have names: one or more attribute values from the entry form its relative
distinguished name (RDN), which MUST be unique among all its siblings;
The concatenation of the relative distinguished names of the sequence of entries
from a particular entry to an immediate subordinate of the root of the tree
forms that entry’s Distinguished Name (DN), which is unique in the tree;
Each entry MUST have an objectClass attribute which specifies the object
classes of that entry ;
Servers MUST NOT permit clients to add attributes to an entry unless those
attributes are permitted by the object class definitions, the schema controlling
that entry ;
Entries consist of a set of attributes;
An attribute is a type with one or more associated values and is identified by a
short descriptive name (...);
Schema is the collection of attribute type definitions, object class definitions and
other information (...);


Servidor Invariantes
public ServerINV : () == > bool
ServerINV () ==
(
return (

-- dit aciclica
( not exists e in set dom dit & e in set Tra nsi tive Clo sur e ( e ) ) and

-- todos os elementos que existem estao na dit
( forall e in set ( dom dit union rng dit ) & e in set dom entries ) and

-- objectos apenas contem atributos definidos
( forall o in set rng def_objs & ( forall a in set ( o . must union o . may
) & a in set def_attrs ) ) and

-- dn unico entre todos os elementos da floresta
( forall e1 , e2 in set rng entries & e1 . GetDN () <> e2 . GetDN () ) and

-- dn do pai contido no do filho
( forall p in set dom dit & ( forall c in set Tr ans itiv eCl osu re ( p ) & (
elems entries ( c ) . GetDN () ) subset ( elems entries ( p ) . GetDN () ) ) )
and

-- rdn unico entre irmaos
( forall p in set dom dit & ( forall c1 , c2 in set dit ( p ) & entries ( c1 ) .
GetRDN () <> entries ( c2 ) . GetRDN () ) ) and

-- rdn faz parte do dn
( forall e in set rng entries & e . GetRDN () in set elems e . GetDN () ) and

-- rdn composto por um atributo
( forall e in set rng entries & e . GetRDN () in set dom e . GetAttrs () ) ) ) ;


Servidor Opera¸oes
c˜

CRUD
Create Read Update Delete

Add Entry
Del Entry
Modify DN
Search Entry
Search Attributes


Modify DN

public ModDN : seq of AName * AName == > ()
ModDN ( old_dn , new_rdn ) ==
(
dcl new_dn : seq of AName := [];
dcl pos : nat1 := len old_dn - 1;
dcl e : nat1 := GetID ( old_dn ) ;

for i = 1 to pos do
new_dn := new_dn ^ [ old_dn ( i ) ];

new_dn := new_dn ^ [ new_rdn ];
entries ( e ) . SetDN ( new_dn ) ;

for all c in set Tra nsi tiv eCl osur e ( e ) do
(
new_dn := [];

for i = 1 to ( len entries ( c ) . GetDN () ) do
if i = pos
then new_dn := new_dn ^ [ new_rdn ]
else new_dn := new_dn ^ entries ( c ) . GetDN () ( i ) ;

entries ( c ) . SetDN ( new_dn ) ;
);
)
pre ( exists i in set dom entries & entries ( i ) . GetDN () = old_dn )
post ( exists i in set dom entries & forall c in set Tran sit ive Clo sure ( i ) &
new_rdn in set elems entries ( i ) . GetDN () and new_rdn in set elems entries ( c )
. GetDN () ) ;


GetID

public GetID : seq of AName == > nat
GetID ( dn ) ==
(
for all i in set dom entries do
if entries ( i ) . GetDN () = dn
then return i ;

return 0;
)
post ( not exists i in set dom entries & entries ( i ) . GetDN () = dn = > RESULT = 0 )
or
( exists i in set dom entries & entries ( i ) . GetDN () = dn = > RESULT = i ) ;


Transitive Closure

public T r ans iti veCl osu re : nat1 == > set of nat1
T r a n s i t i v eCl osu re ( origem ) ==
(
dcl res : set of nat1 := {};
dcl childs : set of nat1 := dit ( origem ) ;

while childs <> {} do
(
for all c in set childs do
(
childs := childs union dit ( c ) ;
res := res union { c };
);

childs := childs res ;
);

return res ;
)
pre origem in set dom entries
post forall e in set RESULT & ( elems entries ( origem ) . GetDN () ) subset ( elems
entries ( e ) . GetDN () ) ;


LDAP em VDM++

Recommended

Recommended

More Related Content

What's hot

What's hot (8)

Viewers also liked

Viewers also liked (17)

Similar to LDAP em VDM++

Similar to LDAP em VDM++ (20)

Recently uploaded

Recently uploaded (20)

LDAP em VDM++