LDAP or Lightweight Directory Access Protocol
- a set of open protocols developed at University of Michigan in 1992
- it is a simple database of information on a network (not rdbms); microsoft active directory uses ldap concept.
- data is organized in a hierarchial client server structure (like dns) - called 'directory info tree'
-how ldap works?
- client connects to ldap server - this is called binding
- server authenticates
- client queries the server
-ldap can store a variety of data - like plain text, binary, images or public key certificates etc.
-it can serve as a authentication or id management system; it can completely replace nis.
-it can serve as dns, mail router etc.
-ldap terms:
. entry - unit of ldap data -like primary key
. attribute - addtional support data for entry -like columns depending on primary key
. objectclass - special attributes -like composite primary keys
. schema - a set of ldap rules -like data dictionary
. ldif - plaintext 'ldap data interchange format -like sql output or sqlldr
-ldap daemons:
. slapd - standalone ldap daemon - like a listener
. slurpd - standalone replication daemon - like db link for data exchange bet servers
-note: openldap - is opensource implementation of ldap
-To install openldap server and clients in one go:
# yum -y install openldap-servers openldap-clients [ multiple pkgs in one cmd ]
-To configure openldap server , edit the following file:
# vim /etc/openldap/slapd.conf
-To start / stop openldap server:
# service ldap start | stop | status
-To query ldap server, the foll cmd is used:
# ldapsearch <options>
-To configure ldap client:
# system-config-authentication
No comments:
Post a Comment