BobBreedlove.com HomePage     LDAP
Ideas about life organize perception; names of emotions organize sensations; rules of syntax organize thought. But pain comes on its own.
-- Mason Cooley (b. 1927), U.S. aphorist.
About this section . . .

This is a page to record findings about LDAP as I work through it in my professional life.

Wiki
Related Wiki

Links

Some links that I have found on the web.

OpenLDAP
A community-based open-source LDAP server.
Perl-LDAP
a collection of perl modules which provide an object orientated interface to LDAP servers
LDAPGuru
a non-vendor specific site for the discussion of LDAP servers and products that use LDAP as a core technology.
pam_ldap
a pluggable module which allows Solaris, Linux, and other Unix systems to validate and change passwords against an LDAP server.
Practices in Directory Groups
a paper written in 2002 discussing work on the use of groups

 

Inclusion of these links on this page does not constitute endorsement of these views by Bob Breedlove. The views expressed on these web pages are soley those of the authors.

Introduction

My "real job" has thrust me into the world of Light Directory Access Protocol (LDAP). Althought I use it daily, I'm no expert, but I am learning more about it. This page is a place to track my thoughts and findings.

I am going to have to delve into the setup and administration of an LDAP server as part of our enterprise software effort. This has caused me to look deeper into the workings of LDAP.

 

Authentication and Authorization

We are exploring the use of LDAP based on our need to authenticate users and then authorize them to perform specific actions in our systems. The information for authentication will be carried on the corporate LDAP in the form of user certificates. The authorization will be in terms of roles (a way of identifying a set of entitlements) which can be mirrored from LDAP groups (any means of representing a collection of objects).

LDAP Overview

LDAP v3 is defined by a set of published Internet standards, commonly referenced by their Request For Comment (RFC) number at the IETF Web site:

  • 2251-2256 (core)
  • 2829-2830
  • 3377
  • 2849 (LDIF)

A directory is made up of of entries. The entry is the basic unit which usually contains a similar kind of information. Synonyms for entry include "record" and "directory object". An entry is composed of a set of attributes (properties).
Updated: 21-Jun-2004 © Bob Breedlove all rights reserved 2003