Ans:
Ø To address the complexity problems involved with full X.500
DAP, a consortium of companies came up with a subset of X.500, called LDAP.
Ø LDAP Provides 90 percent of the power of X.500, but at only
10 percent of the processing cost.
Ø LDAP runs over TCP/IP and uses a client/server model.
Ø Its organization is much the same as that of X.500, but with
fewer fields and fewer functions.
Ø The LDAP standard describes not only the layout and fields
within an LDAP directory, but also the methods to be used when a person logs in
to a server that uses LDAP.
Ø An LDAP tree starts with a root, which then contains entries.
Ø Each entry can have one or more attributes.
Ø Each of these attributes has both a type and values
associated with it.
Ø One example is the CN ("common name"), which
contains at least two attributes: FirstName and Surname.
Ø All attributes in LDAP use the text string data type.
The
following four basic models describe the LDAP protocol:
1. Information model This model defines the structure of the data stored in the
directory. It describes a number of aspects of the directory, including the
schema, classes, attributes, attribute syntax, and entries. The directory’s
schema is the template for the directory and its entries. Classes
are categories to which all entries are attached. Attributes are items
of data that describe the classes, such as CN and OU. The syntax for the
attributes specifies exactly how attributes are named and stored, and what sort
of data they are allowed to contain. Finally, entries are distinct
pieces of data; like objects, that can be either a container or a leaf.
2. Naming model This model describes how to reference and organize the data.
It defines the names that serve as primary keys for entries in the directory: distinguished
names (DNs), which are full names of entries, as well as relative
distinguished names (RDNs), which are components of DNs. Each component of
the DN—such as the CD, OU, or O entries—is an RDN. The following is an example
of an LDAP DN:
CN=Bruce Hallberg,
OU=Networking Books, OU=Computer Books, O=McGraw-Hill, C=USA.
3. Functional model This model describes how to work with the data. It defines
how LDAP accomplishes three types of operations: authentication, interrogation,
and updates. Authentication is the process by which users prove their identity
to the directory. Interrogation is the process by which the information in the
directory is queried. Updates are operations that post changes to the
directory.
4. Security model
This model defines how to keep the data
in the directory secure. For most implementations of LDAP, a security protocol
called Simple Authentication and Security Layer (SASL) is used. One nice
feature of LDAP is that an organization can build a global directory structure
using a feature called referral, where LDAP directory queries that are managed
by a different LDAP server are transparently routed to that server. Because
each LDAP server knows its parent LDAP server and its child servers, any user
anywhere in the network can access the entire LDAP tree.
Sign up here with your email
ConversionConversion EmoticonEmoticon