Products » Json2Ldap »

LDAP explained

Central store for user accounts

An LDAP directory is a hierarchical database. It is typically employed to store user information and passwords in one location, simplifying account administration and centralising credentials authentication.

LDAP directories fall under the category of NoSQL databases and have existed long before the term became popular :-)

The filesystem analogy

A good way to explain the essence of LDAP is by drawing a comparison to a computer file system.

Directory tree

LDAP directories share many similarities with a file system

Organisation

  • A file system consists of files in a tree-like structure.

  • An LDAP directory consists of entries in a tree-like structure.

Data types

  • A file in a file system is an arbitrary blob of text or binary data.
  • A directory entry is a collection of attributes, or name / value pairs. Attributes may be text or binary. They may be mandatory or optional, single or multi-valued.

Naming

  • A file in a file system has a name, e.g. tax-report-2010.xml. The file name must be unique within the containing folder.

  • An entry in a directory branch has a relative distinguished name (RDN), e.g. cn=Alice Wonderland. The RDN comes from an existing name/value pair in the entry that was chosen to become the entry’s name (or title). RDNs must also be unique within the containing directory branch.

Global naming

  • A file in a file system is uniquely identified by its path, e.g. /home/alice/taxes/tax-report-2010.xml.

  • An entry in a directory is identified by its distinguished name (DN), which is formed by the chain of RDNs leading all the way to the directory root, e.g. cn=Alice Wonderland, ou=people, dc=wonderland, dc=net.

Here is a truncated example directory entry of a user, in LDIF (LDIF stands for LDAP data interchange format).

The distinguished name (DN) is on the first line, the name/value pair serving as RDN on the second.

dn: uid=alice,ou=people,dc=wonderland,dc=net
uid: alice
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: person
objectClass: top
cn: Alice Wonderland
sn: Wonderland
employeeNumber: 18001
givenName: Alice
initials: AA
mail: [email protected]
mobile: +1 010 154 3228
userPassword:: c2VjcmV0

If you want to learn more about LDAP in here is a good resource to start with:

http://www.zytrax.com/books/ldap/ch2/