Not logged in | Login
Table of Contents
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to access information directories. A directory service is a distributed database application designed to manage the entries and attributes in a directory. LDAP allows clients to access different directory services based on entries. These LDAP entries are available to users and other applications based on access controls. LDAP runs over TCP/IP.
The Lightweight Directory Access Protocol (LDAP) Binding Component (BC) is a comprehensive solution for interacting with an LDAP Directory running on an LDAP server. The design time component of the LDAP BC is a NetBeans module that allows configuration of the Binding Component. The runtime is based on Java EE and JBI. It implements all the necessary interfaces available in the JBI specification.
The topics below provide information about LDAP and the directory structure.
An LDAP directory has entries that contain information pertaining to entities. Each attribute has a name and one or more values. The names of the attributes are mnemonic strings, such as cn for common name, or mail for email address.
For example, a company may have an employee directory. Each entry in the employee directory represents an employee. The employee entry contains such information as the name, email address, and phone number, as shown in the following example:
cn: John Doe mail: email@example.com mail: firstname.lastname@example.org telephoneNumber: 471-6000 x.1234
Each part of the descriptive information, such as an employee's name, is known as an attribute. In the example above, the Common Name (cn) attribute, represents the name of the employee. The other attributes are mail and telephoneNumber. Each attribute can have one or more values. For example, an employee entry might contain a mail attribute whose values are email@example.com and firstname.lastname@example.org. In the example above, the mail attribute contains two mail values.
The organization of a directory is a tree structure. The topmost entry in a directory is known as the root entry. This entry normally represents the organization that owns the directory. Entries at the higher level of hierarchy represent larger groupings or organizations. Entries under the larger organizations represent smaller organizations that make up the larger ones. The leaf nodes (or entries) of the tree structure represent the individuals or resources.
An entry is made up of a collection of attributes that have a unique identifier called a Distinguished Name (DN). A DN has a unique name that identifies the entry at the respective hierarchy. In the example above, John Doe and Jane Doe are different common names (cn) that identify different entries at that same level.
A DN is also a fully qualified path of names that trace the entry back to the root of the tree. For example, the distinguished name of the John Doe entry is:
A Relative Distinguished Name (RDN) is a component of the distinguished name. DNs describe the fully qualified path to an entry; RDNs describe the partial path to the entry relative to another entry in the tree.
For example, cn=John Doe,ou=People is a RDN relative to the root RDN dc=sun.com.
The following figure illustrates an example of an LDAP directory structure with distinguished names and relative distinguished names.
LDAP Directory Structure
A Directory Service is a distributed database application designed to manage the entries and attributes in a directory. A directory service also makes the entries and attributes available to users and other applications. OpenLDAP server is an example of a directory service. Other directory services include Sun Active Directory Service and Microsoft Active Directory.
A directory client uses the LDAP protocol to access a directory service. A directory client may use one of several client APIs available in order to access the directory service.
|Schema|| A set of rules that describes the nature of data is stored. Schemas helps maintain consistency and quality data, and reduces duplication of data. The object class attribute determines the schema rules an entry must follow. Schemas define the following:|
* Required attributes
* Allowed attributes
* The method to compare attributes
* Limits to what the attribute can store (for example, restricting the attribute to an integer)
* Restrictions on what information is stored (prevents duplication)
|Attribute Abbreviation|| The following are common attribute abbreviations used in LDAP:|
* User id : uid
* Common Name ; cn
* Surname : sn
* Location : l
* Organizational Unit : ou
* Organization : o
* Domain Component : dc
* State : st
* Country : c
* Street address : street
|Search Filters|| Criteria for attributes that must satisfy for an entry to be returned. Search filters typically use a base DN, which is the base object entry the search is relative to. They also use prefix notations. LDAP uses the following standards:|
* LDAP String Representation of Search Filters
* LDAPv3 Search Filters
The following search operators are supported:
Below are some examples of search filters: