Developer Data Modeling Mistakes: From Postgres to NoSQL
LDAP
1. 1.What is LDAP?
LDAP is the Lighweight Directory Access Protocol. LDAP is designed to
be a standard way of providing access to directory services.
A directory service is just a database that has been designed to be read
from more than it is designed to written to. LDAP was derived from
X.500, the OSI Directory Access Protocol. Some existing directory
services are Sun's NIS+ and Novell's NDS.
2. Why should I use LDAP?
LDAP is now the standard for providing access to directory information
like company phone/email directories. It is also being used to act as
a gateway to other electronic information systems as a meta-directory
by companies like Ford and Home Depot to deploy their
intranet/extranet systems. It is poised to become the standard
lightweight database for the Internet, much like the Berkeley database
became for UNIX.
Many companies store user information in an LDAP server for shared use
by Web servers, mail servers, company phonebooks, and other
applications.
With some LDAP servers, you can use the default database or you
can write your own functions to access directory data in any other
existing legacy system like a SQL database. The Netscape Directory
SDKs provide you with a fully functional code to either add LDAP
support to your existing applications or to write your own LDAP
clients from scratch. Since they are free and the source code is
freely available, you can fix any bugs or add operations you need
easily.
3.What is LDIF?
LDIF is the LDAP Data Interchange Format. LDIF is an ASCII format that
is used to exchange data between the server and the client or for
export between servers. It can also be used to make changes to the
LDAP server when using the command line utilities. Binary data can be
referenced in an external file or included in-line BASE-64 encoded.
4. What is an entry?
A LDAP entry is basically a record in the LDAP database. LDAP entries
are composed of attributes and values. Each entry has a special
2. attribute called the distinguished name, which is the unique name of
the entry.
What is a dn/Distinguished Name?
A Distinguished Name is a special attribute in a LDAP entry and is
referenced with the mnemonic dn. The dn must be unique in the LDAP
namespace. Its components must be parts of the LDAP entry. The
components of the dn are referred to as Relative Distinguished Names
(rdn). The dn is always indexed and will always be returned in any
search.
Every dn must be unique. To insure uniqueness in a global space, the
uniqueness must start with the base of the dn (the far right hand side
of the dn).
Why do I get quot;Authorization Credentials Deniedquot; when I try to hook
up my Netscape SuiteSpot Administration server to a LDAP server?
Make sure that you have enabled the SuiteSpot settings and have the
right userids and passwords in the Directory server. Also make sure
that you have correct DNS entries (fully qualified domain names -
FQDN) for all of your SuiteSpot servers.
Can I use LDAP with NIS?
You have several options with LDAP and NIS. You can use LDAP as your
backend database for NIS or you can replace NIS outright with
LDAP. More and more UNIXs are shipping with native LDAP
capabilities
How can I use LDAP while I have legacy systems that can't use LDAP yet?
A first step is to make the LDAP server the quot;masterquot; for userids
because this will encourage everyone to synchronize on a singular
userid for each user in the organization, which will make the
migration easier. First you add all existing users into the LDAP
database. You then pregenerate a userid for each new user that is
added to the organization. When a new account is created for any
non-LDAP system, the first step in the account creation process is to
query the LDAP server to retrieve the userid for the particular user.
The best way to synchronize passwords in this systems is to make sure
everyone has the same userid. The next step is to set up a secure
Website using SSL. Then use a CGI program to take users userid and new
3. password to call different routines that can change the passwords to
all viable systems.
Why I need LDAP if I have a RDBMS
Servers that are built to be LDAP servers are
usually optimized for read access and will likely be much faster than
a RDBMS in providing read access to information. If a system must be
distributed, LDAP is really the only choice.
How can I display Unicode characters in my LDAP applications?
LDAP v3 supports Unicode via UTF-8
How can I get an OID?
An Object Identifier (OID) is string of octet digits that are required
to add an attribute or objectclass of your own to a LDAP server.