The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of...
Transcript of The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of...
![Page 1: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/1.jpg)
LDAPThe promise of
Standards-based Internet Directories
The promise of
Standards-based Internet Directories
Paul A. CollinsOne Click Systems
one*click systems
LDAP
The Promise of LDAP (title)
![Page 2: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/2.jpg)
Contents
The Promise of LDAP (title)............1Session goal #1—Hear from you
....................................................3Session goal #2—Inform you...........4Your role...........................................5Your experience................................6
What LDAP isWhat LDAP is not ...........................7LDAP is… ........................................8A Directory is…...............................9An LDAP Directory is not…..........10But what is LDAP?.........................11Personal Data..................................12Service Data....................................13
What you can do with LDAPToday—Tomorrow.......................... 14What you can do today...................15What you can do today (cont.)........16Server Products...............................17
Tomorrow.......................................18Tomorrow (cont.)............................19LDAP on Macintosh.......................20
LDAP Case Study .......................... 21How it’s built ..................................23Information model..........................24Information model (cont.)...............25Naming model................................26Naming model (cont.).....................29Naming model (cont.).....................30Functional model............................31Security model................................34
Planning Requirements ........... 35What do you want to provide?........36What Data?.....................................37What Environment?........................38What Scale?....................................39How much Security?......................40How much Reliability?...................41Structure—Flat or tree?..................43Structure—What is stored?.............44Structure—Naming system?...........45Other databases and directories......46
Other directories—integration........47How is data created/updated?.........49LDIF: LDAP Data Interchange
Format.......................................50Who owns/maintains data?.............51Do users cache directory data?.......52Server and client software..............54Server software...............................55
More Information .........................56Final tips….....................................57Internet RFCs..................................58LDAP’s core definitions.................59Where to go next.............................60Summary.........................................61
![Page 3: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/3.jpg)
*3
Session goal #1—Hear from you
“Who am I?Why am I here?”—Adm. James Stockdale,presidential running mateand American hero
![Page 4: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/4.jpg)
*4
Session goal #2—Inform you
• What LDAP is
• What LDAP isn’t, compared to otherprotocols and databases
• What you can do with it today andtomorrow
• Putting LDAP to work for you
![Page 5: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/5.jpg)
*5
Your role
• System Administrators / IT
• Developers
• Management
• End users
![Page 6: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/6.jpg)
*6
Your experience
• Know something about LDAP
• Have used LDAP
• Have set up server
• Want a solution!
![Page 7: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/7.jpg)
*7
What LDAP is
What LDAP is not
![Page 8: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/8.jpg)
*8
LDAP is…
• Lightweight Directory Access Protocol
• Born as front-end for X.500, the “heavy-weight” OSI directory
• Endorsed by 40 software companies as theInternet directory of choice in 1996
• 1998: Commercial LDAPv3 software
![Page 9: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/9.jpg)
*9
A Directory is…
• Fast access
• Many reads, few writes
• Standards-based interoperability
• Benefits
![Page 10: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/10.jpg)
*10
An LDAP Directory is not…
• Transactional database
• Relational database
• File or web server
• DNS (but will be part of SLP)
![Page 11: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/11.jpg)
*11
But what is LDAP?
• Lightweight Directory Access Protocol(RFC 2251, others)
• Standard for email lookups in email clients
• Operations: Search, filters, updates, bind(security)
• Standard schemas
![Page 12: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/12.jpg)
*12
Personal Data
• Contact info: Name/title/address/phone,sound, picture
• System info: Preferences, login &password, IP address
![Page 13: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/13.jpg)
*13
Service Data
• Device info: servers, printers, etc.
• Permissions and capabilities, perhaps
![Page 14: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/14.jpg)
*14
What you cando with LDAP
Today—Tomorrow
![Page 15: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/15.jpg)
*15
What you can do today
• Master address book
• Location moving—Netscape
![Page 16: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/16.jpg)
*16
What you can do today (cont.)
• Self-updatingpersonal addressbooks
• Publicdirectories
• Organization directory
![Page 17: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/17.jpg)
*17
Server Products
• Active Directory (Microsoft)
• ClickMail Central Directory (OCS)
• Netscape Directory Server
• Oblix Corporate Service Center
• QuickMail Pro Directory System (CE)
• SLAPD (Univ. of Michigan)
![Page 18: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/18.jpg)
*18
Tomorrow
• Server authentication - single sign-on
• More application support
• Centralized application configuration(Mission Control)
• Resource allocation - implementing yourpolicies
• Mail server support - groups!
![Page 19: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/19.jpg)
*19
Tomorrow (cont.)
• Worldwide directory webs
• Info publishing = user lookups.Systems support = authentication,configuration.
• E-commerce
• Interoperability improvements
• Self-updating interest-groups
![Page 20: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/20.jpg)
*20
LDAP on Macintosh
• Servers
• Mail Clients
• Netscape Client API for Mac (v2)
• Plug-in for Network Services Location(NSL)?
• Future Apple support
![Page 21: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/21.jpg)
*21
LDAP Case Study
Jeff Hodges
Kings Mountain Systems
![Page 22: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/22.jpg)
*22
Putting LDAPto work for you
How it ’s built
Planning your LDAP service
![Page 23: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/23.jpg)
*23
How it’s built
• Information model
• Naming model
• Functional model
• Security model
![Page 24: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/24.jpg)
*24
Information model
• Object classes
• Person (name, phone, description)
• OrgPerson (+ title, telex, ISDN)
• InetOrgPerson (+ email, street, pager)
• customPerson (+ your own attributes)
• OrganizationalUnit = department…
• Device (name, labeledURI)
![Page 25: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/25.jpg)
*25
Information model (cont.)
• Entries of various classes
• Schemas—what must/may be stored ineach class
• Syntax and matching rules
![Page 26: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/26.jpg)
*26
Naming model
• Directory structure: flat
cn=Paul Revere, c=UScn=Betsy Ross, c=US cn=Patrick Henry, c=US
Top
![Page 27: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/27.jpg)
*27
• Directory structure: tree (heirarchical)
Top
o=Acme Co., c=US
ou=Western Division, o=Acme Co., c=US ou=Eastern Division, o=Acme Co., c=US
ou=Production, ou=Western Division,o=Acme Co., c=US
ou=Sales, ou=Western Division,o=Acme Co., c=US
cn=Grant Landes, ou=Sales,ou=Western Division, o=Acme Co., c=US
cn=Maria Dominguez, ou=Sales,ou=Western Division, o=Acme Co., c=US
![Page 28: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/28.jpg)
*28
Distinguished Name parts
Top
o=Acme Co., c=US
ou=Western Division, o=Acme Co., c=US ou=Eastern Division, o=Acme Co., c=US
ou=Production, ou=Western Division,o=Acme Co., c=US
ou=Sales, ou=Western Division,o=Acme Co., c=US
cn=Grant Landes, ou=Sales,ou=Western Division, o=Acme Co., c=US
cn=Maria Dominguez, ou=Sales,ou=Western Division, o=Acme Co., c=US
c=US
o=Acme Co.
ou=…
ou=…
cn=…
![Page 29: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/29.jpg)
*29
Naming model (cont.)
• Distinguished Names (DN)
• cn=Will Shakespeare, c=UK• uid=msmith, dc=netscape, dc=com• ssnhash=X8Sd9a8sd, o=Acme Co., c=US
• Geographic or domain naming
• Choose to fit your situation
![Page 30: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/30.jpg)
*30
Naming model (cont.)
• RDN and Naming Context
• cn=Will Shakespeare, c=UK• uid=msmith, dc=netscape, dc=com• ssnhash=X8Sd9a8sd, o=Acme Co., c=US
• Multiple-hierarchy
• Global directory namespace
![Page 31: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/31.jpg)
*31
Functional model
• Internet protocol
• Bind - Search• Others: Add, Delete, Modify, ModifyDN
(move), Compare
![Page 32: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/32.jpg)
*32
Server
Bind:(waiting for TCP/IP call)
Ok, Will, you’re authorized.Search:
Hello, I’m “cn=WillShakespeare, c=UK”, mypassword is “bard”.
Starting at “c=UK”, whatpeople have “beth” in theircommon names? Just tellme their names and emailaddresses.
Client(LDAP-aware)
![Page 33: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/33.jpg)
*33
Server Client
(next command or closeTCP)
“cn=Beth Smith, c=UK” hascommon names “Beth Smith” and“Bethie Smith,” email address“[email protected].”
“cn=Angus Macbeth, c=UK” hascommon names “Angus Macbeth,”“Angus J. Macbeth,” and “ScottyMacbeth,” email is“[email protected].”
That’s all, 2 entries.
![Page 34: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/34.jpg)
*34
Security model
• Client bind (login), Self, by IP
• Read, Write
• Directory-wide
• Attributes
• Entries and branches
Done Jeff
![Page 35: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/35.jpg)
*35
Planning
Requirements
![Page 36: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/36.jpg)
*36
What do you want to provide?
• Contact info (can stop right here)
• Authentication
• Application preferences (Roaming)
• Policy implementation
• Networked resources: information, devices,applications
![Page 37: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/37.jpg)
*37
What Data?
• People: users, external contacts
• Things: servers, printers, user prefs
• Organizations: companies, divisions,departments, roles
• What attributes for each: email, phone,address, beverage
• Where is the data?
![Page 38: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/38.jpg)
*38
What Environment?
• Corporate, Internet environments
• Existing directories and data (legacy)
• Other LDAP servers (referrals)
• Resources: people, budgets, hardware.
• User interests and abilities
• Political realities
![Page 39: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/39.jpg)
*39
What Scale?
• How much data—number of entries
• How much speed—simultaneous users
• Replication can help
![Page 40: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/40.jpg)
*40
How much Security?
• Personal and organizational privacy
• Protection from attacks and failures
• How much do users see, create, andmaintain?
• Who gets access to what? Public,In-house, Personal (self)
![Page 41: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/41.jpg)
*41
How much Reliability?
• Authoritative source(s)
• Can LDAP become the authoritativesource?
• How is everything backed up?
• Replication can help, again.
![Page 42: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/42.jpg)
*42
Planning
Structure
![Page 43: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/43.jpg)
*43
Structure—Flat or tree?
• Flat: Easy, few hundred entries
• Tree: Flexible, browseable, applicationsupport
• Tree species: Organization chart,geography, domain/network.
![Page 44: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/44.jpg)
*44
Structure—What is stored?
• Schema - entries (objects) that haveattributes
• Data types - text, binary, certificates,passwords
![Page 45: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/45.jpg)
*45
Structure—Naming system?
• Common names (“John Smith”)
• User IDs or serials
• Email addresses
• Combinations
![Page 46: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/46.jpg)
*46
Other databases and directories
• How is data shared/sync’ed?
• Will LDAP replace or coexist?
• Changes from outside the system?
• LDAP replication with other LDAP servers
![Page 47: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/47.jpg)
*47
Other directories—integration
• LDAP front-ends
• Proprietary servers’ LDAP modules
• WebStar LDAP module
• QuickMail Office LDAP module
• AppleShare IP Users & Groups
• ClickMail mirror of AppleShare IP
![Page 48: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/48.jpg)
*48
Planning
Methods
![Page 49: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/49.jpg)
*49
How is data created/updated?
• Import LDIF
• Import tab-delimited
• Local edit, in server application
• Mirror AppleShare IP Users
• Enter in LDAP write client
• Web CGI entry
![Page 50: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/50.jpg)
*50
LDIF: LDAP Data Interchange Format
dn: cn=Wilma Flintstone, c=USobjectclass: emailPersonobjectclass: personobjectclass: topcn: Wilma Flintstonegivenname: Wilmahomephone: +1 999 888 7111mail: [email protected]: cn=Fred Flintstone, c=USsn: Flintstonetelephonenumber: +1 999 787 9000createTimestamp: 19980410132537ZmodifiersName: cn=Directory Manager, c=US
![Page 51: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/51.jpg)
*51
Who owns/maintains data?
• Administrator
• Managers
• Users/self
![Page 52: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/52.jpg)
*52
Do users cache directory data?
• Search server each time
• Download/cache all or some data
• Replication-aware client software?
![Page 53: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/53.jpg)
*53
Planning
Software
![Page 54: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/54.jpg)
*54
Server and client software
• LDAP versions, extensions supported?
• Security features: SSL, IP address, ACL orequivalents
• Support for your planned requirements
• Interoperability
![Page 55: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/55.jpg)
*55
Server software
• Import/export formats, updating
• Replication through LDAP orAppleShare Registry, AppleEvents, etc.
• Local, remote administration
![Page 56: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/56.jpg)
*56
More Information
![Page 57: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/57.jpg)
*57
Final tips…
• Attribute syntaxes are not enforced
• Outlook search base—check client’sInternet Config
• FileMaker template helps create schema-correct data
![Page 58: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/58.jpg)
*58
Internet RFCs
• LDAPv3, plus extensions - RFC 2251
• Attribute Syntax - RFC 2252
• String Representation of DistinguishedNames—RFC 2253
• String Representation of Search Filters—RFC 2254
• Extensions
![Page 59: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/59.jpg)
*59
LDAP’s core definitions
• ITU’s X.500
• ObjectClasses, attributes
• http://www.itu.ch/publications/index.html
![Page 60: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/60.jpg)
*60
Where to go next
• Book: Understanding and DeployingLDAP Directory Services
• LDAP Roadmap & FAQ—http://www.kingsmountain.com/ldapRoadmap.shtml
• This talk & more—http://www.oneclick.com/info/macworld/
![Page 61: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/61.jpg)
*61
Summary
• What LDAP is and isn’t
• What you can do with LDAP
• Putting LDAP to work for you:
• Requirements
• Structures • Methods
• Security • Software
![Page 62: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/62.jpg)
*62
Q & A
(Evaluation Forms)
![Page 63: The Promise Of LDAP - GracionLDAP The promise of Standards-based Internet Directories The promise of Standards-based Internet Directories Paul A. Collins One Click Systems one*click](https://reader036.fdocuments.net/reader036/viewer/2022070217/6121adf09f19f642d14d33a5/html5/thumbnails/63.jpg)
one*click systems
The promise of
Thank you!
L D A PThe promise of
L D A PStandards-based Internet DirectoriesStandards-based Internet Directories
Paul A. Collins [email protected] Click Systems http://www.oneclick.com