Index

A

Abandon

authentication

C language, 229

Perl language, 212

functional model of LDAP, 89, 90, 97–98

Abstract syntax notation one (ASN.l), 19, 85, 116–117

ABSTRACT values, 60, 6l, 62–64

Access, 188, 322

Access control, 50–51, 335–336, 378–379

Access control information (ACI), 51, 100, 106

Access control lists (ACL), 51, 106, 162

Access rights, 99

ACI, see Access control information

ACL, see Access control lists

Acronyms 347–348

Active directory service interface (ADSI), 254

Active Directory, 254

Adding

C language API, 234

JAVA language, 244–245

LDAP

data interchange format, 130, 131, 134, 135, 136

functional model, 89, 93

ldapmodify using API, 180

naming model, 76

using, 29, 30, 31, 32, 33, 34

Perl language, 214, 215

PHP scripting language, 204–205

Administration interface, 317

Administration server, 267, 269

Administrative tools, 294–295

Administrative utilities, 294–295

Administrator, 275–276

guide, 377

ADSI, see Active directory service interface

Agent, 318

Agreements, 165–166

Aliases, 78, 81–82, 90, 115

Analysis, 124

Ancestors, 75–76, 78, 148, 149

AND condition, 42, 92, 113–114

Anonymous access, 101

Anonymous bind, 101 see also Bind

Anonymous users, 191–192, 309

Apache Web server, 304, 312, 314

API, see Application programming interface

Application broker, 170–171, 311–312, 318–319

Application failures, 282

Application layer, 10, 11

Application locations, 327

Application support, 336

Application programming interface (API)

active directory and ADSI, 254

C language, 223–237

command-line tools, 177–190

Java, 237–253

LDAP

functional model, 50

how it works, 17

naming model, 83

search, 110–111

other languages, 254–255

Perl language, 209–223

PHP scripting language, 190–208

TCP/IP, 7

Application servers, 300–302

Approximate, 126

approxMatch, 113

Architecture

case study of LDAP and Web, 310, 311, 312, 317, 318–319

Java Naming and Directory Interfaces, 249, 250

ARPANet, 8

array attributes, 197 see also Attributes

array entry, 205, 207 see also Entries

array referrals, 201 see also Referrals

Arrays, 199

ASCII files, 38, 52, 127, 173

ASN.l, see Abstract syntax notation one

Associate arrays, 214

Asterisk, 92, 115

Asynchronous requests, 220 see also Request

Async 1, 212

Asynchronous bind, 228 see also Bind

Asynchronous calls, 236

Asynchronous version, 224

Atomic, 1–2, 90

Attribute definitions, 117, 119, 125

information model of LDAP, 65–69

Attribute name, 50, 54, 79

Attribute types

information model of LDAP, 51, 52, 54, 55, 64, 67–69

schema design and directory services design, 334

standards, 368–374

Attribute value assertion (ava), 93

Attribute values, LDAP

information model, 50

naming model, 79

search, 43, 112

LDAP data interchange format, 128, 129, 130

attributeList, 92, 93, 137

Attributes

entry object and Perl language, 219

Java Naming and Directory Interfaces, 251

LDAP

changing, 39

data interchange format standard, 37, 133

formal definition and information model, 66–67

how it works, 20

information model, 50, 51, 54, 55, 57, 60, 64

naming model, 79, 80

using, 27–28, 29, 30, 33, 34

updating, 246, 207

attrOnly, 91

attrsonly, 197

auth_ldap module, 304–306, 314–316

Authenticated user, 309

Authentication

auth_ldap module for Apache Web server, 305

C language API, 228–229

chaining and partitioning of directory data, 156

JAVA language, 238, 240

LDAP

case study and Web, 210, 314–316

functional model, 88, 89–90, 97–98

LDAP data interchange format, 130

security model, 50–51, 99–106

Web server, 303–307

mechanism and design of directory services, 322

Perl language, 212–213

PHP scripting language, 192–193

security design and directory services design, 343

user administration in directory-server administration, 291

Authentication server, security, 103

Authorization

auth_ldap module for Apache Web server, 305–306

security design and directory services design, 344

security model of LDAP, 50–51, 99–100, 106–107

AUXILARY values, 60, 62–64

ava, see Attribute value assertion

Availability, 158, 341

AWK utility, 180–182, 183

B

Back end

database holding information and LDAP, 21

OpenLDAP

configuration, 381–383

directory-server administration, 258

installation, 26l

proxy server, 391–392

Backslash character, 115, 116

Backup time, 339

Backups, 143, 144, 158, 282

methods, 283–285

Backus Naur form (BNF), 59, 60, 66, 114

Bandwidth, 158, 160

Base URL, 46 see also Uniform Resource Locator

base, search in LDAP, 90, 110

Base-64 encoding, 129, 130

baseDN, 20, 137

Basic authentication, 101–102 see also Authentication

Batch process, 34–35

Benefits, planning directory services, 326

BER encoding, 102

BerElement structure, 227

BerValue structure, 227, 231

Binary data, 129

Bind, see also Unbind

interrogation operations and C language, 232, 233

JAVA language, 238, 240

Java Naming and Directory Interfaces, 250

LDAP, 18, 89, 97, 99

LDAP server using PHP scripting language, 192

Perl language, 212

PHP preprocessor, 306–307

BNF, see Backus Naur form

bool deleteoldrdn, 208

Boolean operators, 113–114 see also AND condition; NOT condition; OR condition

Branching policy, 75, 335, 337–338

Broker, see Application broker Browser 46–48 see also Individual entries

Browsing, 300 see also Individual entries

C

C development system, 261

C language

first LDAP program, 225–227

LDAP functions, 227–236

LDAP SDK version 2 versus 3, 225

operating platforms of libraries, 224

structures, 227

CA, see Certificate authority

Callback option, 217–218

Cascading replication, 160–161 see also Replication

Case study, LDAP and Web, 308–319

Castor framework, 174–175

CCITT, see Consultative Committee in International Telephony and Telegraphy

Certificate authority (CA), 271

Certificates, 99, 156, 272

CGI scripts, 300–302, 306

Chaining, 83, 154–155, 157

Changetype command, 36, 37

Classical backup methods, 283–284 see also Backups

Client-server

access and partitioning, 146

accessing application servers via CGI scripts, 300–301

directories and directory servers, 6

LDAP

authentication and security model, 103, 104

communication, 14, 17

functional model, 50, 87

information model, 54

referrals and naming model, 82–83, 84

security model, 99

partitioning of directory data, 152–154, 157

Cloning, 240, 241

cn, see also Common name

Code inspection, 258

codeO method, 220

COLLECTIVE attribute, 67 see also Attributes

COM, see Component object model

Command-line tools

LDAP

application programming interface, 177–187

information model, 60

using, 29, 30, 34, 35

loading the data and directory-server administration, 277

programming language support, 187–190

Common name (cn)

LDAP, 33, 40, 41, 68, 80

Web environment authentication and PHP scripting language, 194

Communication, 7, 14, 17

Compare operations, 89, 92–93, 241–242

Compilation, 393–394

Compilers, 59, 261

Component object model (COM), 254

Comprehensive Perl Archive Network (CPAN), 209

Compressed archive file, 261

Configuration, 260, 262, 275–276, 314

files, 54, 281, 376–377

Configuration server, 267, 268

Configure, 273

Confirmation screen, 270

Conflicts, 171

Connect, 192, 238, 314

Conqueror Web browser, 300

Construction, Perl language, 211

Consultative Committee in International Telephony and Telegraphy (CCITT), 10, 116

Consumers, 158, 160, 162, 165, 166

Context, 250

Control

C language API, 228–229

JAVA language, 238, 240

LDAP, 88, 89–90, 130

Perl language, 212–213

PHP scripting language, 192–193

Conversations, 19, 103, 168

Cookies, 301, 306

core.schema, 376

cosine.schema, 376

Costs, 126

CountO, 218

CPAN, see Comprehensive Perl Archive Network

Credentials, 194, 306, 309, 313

Custom tools, 277

Customers, 315

D

DAP, see Directory Access Protocol

Data

access, 13, 106, 142, 146, 309

analysis, 328

design, 330, 332–334, 339, 343–344

encapsulation, 9

exporting, 127

flow, 171

how LDAP works, 18, 19

link layer, 10, 11

loading, 277

loading and directory-server administration, 277

organization, 335

protection, 106

storage and extending directory schema in LDAP, 123

Database

configuration of OpenLDAP, 381–383

centralized and Directory Access Protocol, 13

file, 283

holding information and LDAP, 21–22

Database interface (DBI), 210

Datagrams, 8, 9

DBD-LDAP, 209–210

DBI, see Database interface

dc, see Domain components

DCA, see Defense Communication Agency

DCE, see Distributed computing environment

Decompressed files, 263, 264

Defense Communication Agency (DCA), 8

delEntry, 134, 135, 136

Delete

LDAP

data interchange format, 130, 131–132

functional model, 89, 93

using, 37

ldapmodify in LDAP API, 180

updating

C language API, 234

JAVA language, 245–246

Perl language, 214, 215

PHP scripting language, 206

deleteOldRDN, 96

Demilitarized zone (DMZ), 310, 311, 312

Dependencies, 262

deref, 197

derefAliases, 90

Design, 124

Design pattern, 252

Directory

access and Web services, 297

information, 160

LDAP

case study and Web, 312–314

changing and use, 39

concept, 3–7

information model, 54

management and functional model, 50

manager, 267, 269

partitioning, 82

root, 28

search and use, 32

structure and naming model, 50, 73

updating

batch process, 34–35

files, 129–134

Directory Access Protocols (DAP), 2, 13–14

Directory information tree (DIT)

LDAP

aliases and naming model, 81

case study and Web, 313

functional model, 89

information model, 64

naming model, 73, 74–78

using, 29

version 2 and 3 comparison, 139

root and directory-server software installation, 260

tree design and directory services design, 335–338

Directory schema, LDAP

checking, 118–120

descriptions, 116–118

configuration of server, 276

exploring, 120–123

extending, 123–125

information model, 50

Directory server, LDAP

communication with remote computers, 45

configuration and use, 28

data verification and details, 118–119

database holding information, 21

information retrieval, 6

referrals and naming model, 82

Directory-server

administration administrative utilities, 294–295

backup and recovery, 282

backup methods, 283–285

getting the directory server up and running, 258–270

LDAP users, groups, and UNIX, 291–294

load the data, 277

log files, 278–279

open-source software, 257–258

securing, 270–275

server configuration, 275–276

service-level agreement, 282–283

starting and stopping the server, 279–281

system monitoring, 285–290

user administration, 291

Directory server agent (DSA), 67, 85–87

Directory server entries (DSE), 138–138

Directory-server software, 259–270

Directory services

data design, 332–334

design, 330–332

distributed computing environment, 142

life cycle, 323–324

partitioning, 338–340

planning, 324–330

replication, 340–342

schema design, 334–335

security design, 342–344

tree design, 335–338

Directory suffix, 64, 74, 80–81

Directory tree, 26, 27 see also Directory information tree

directoryOperations, 68

Discussion group members, 315

Disk space, 126, 143

Dispatcher, 319

Distinguished name (DN)

compare operation in JAVA language, 241–242

LDAP

data interchange format, 36, 128

error messages, 30

information model, 53, 54, 57, 64

ldapsearch and API, 184, 186

naming model, 50, 78–80

using, 27–28, 29

Perl language

authentication, 212, 213

updating, 214, 216

replication in OpenLDAP, 385

updating directory with batch process, 35

Distinguished-name syntax, 80, 84–85

Distributed architectures

data distribution between LDAP and non-LDAP systems, 145–146, 170–172

DSML, 172–175

partitioning

chaining, 154–156

chaining versus referrals, 157

clients point of view, 152–154

examples, 150–152

gluing the directories together, 149

referrals, 150

security aspects using chaining, 156

what is, 146–149

replication

agreements, 165–166

load sharing, 166–168

scenarios, 160–162

schema information and access control lists, 162

security aspects, 168

single master versus multimaster, 163–164

work in progress, 169

Distributed computing environment (DCE), 13, 142

distributedOperations, 68–69

DIT, see Directory information tree

DMZ, see Demilitarized zone

dnO method, 220 see also Distinguished name

DN, see Distinguished name

DNS, see Domain name system

DNS style, 81

Domain component object, 64

Domain component style, 81

Domain components (dc), 79

Domain name system (DNS)

distributed computing environment and distributed architectures, 142

directories, 4

hierarchical structure, 5

load sharing in replication of directory data, 166, 167

naming service on Internet, 249

domainComponent attribute, 336

Draft status, 12

DSA, see Directory server agent

DSA specific entry, 149

dsaOperations, 68–69

DSE, see Directory server entries

DSML

architecture, 172–175

tools, 173

Dump method

directory schema, 121

LDAP data interchange format, 127–128

Perl language, 221, 222, 210

E

Eiffel language, 255

e-mail address, 33, 80

Encoding, 19–20, 248

rules, 130

Encrypted messages, 101

Encryption, 102, 168, 272, 309

End users, 327

Enterprise, 26–27

Enterprise JavaBeans, 252–253 see also Java

Entries

adding, deleting, modifying, 180, 204–207

LDAP

checking and directory schema, 118–119

dump and data interchange format, 128

functional model, 93, 95, 96

information model, 49, 50, 51, 52–53, 55, 56, 64

naming model, 74

partitioning of directory data, 153

Web environment authentication, 196

Entry object, 5, 210, 214, 219–220

Equality, 125

EQUALITY rule, 67, 70

equalityMatch, 112

Error checking, 8, 238, 239

Error messages

C language API, 227, 333

LDAP

authentication and security model, 101

naming model, 79

using, 30, 33

Web environment authentication, 194

errorO method, 220

Errors, 17–18, 185, 210, 211, 282

Escape sequence, 84, 85, 138

Escaping characters, 115

Event-processing system, 251

Existing schema, 334

Experimental status, 12

Export, data, see Data

Extended markup language (XML), 172

Extended operations, 88

extensibleMatch, 114

Extensions, 334, 335

F

FALSE, 192

File as input, 34

File format, 127–134

File service, 142

File Transfer Protocol (FTP), 10

Filter, 111

filterString, 137

Firewall, 142, 260, 310, 311

Flat directory information tree, 75 see also Directory information tree

Flat schema, 337 see also Schema

Folded-attribute value, 129

Formal definitions, 59–60

Frequency, 165

FTP, see File Transfer Protocol

Functional model, 50

G

Gateway, 14, 166, 167, 302–303

GenUid, 183, 184

Get method, 220

get_valueO method, 219

getAttributes, 251

getAttributeSet, 242, 243

getDirectoryEntries, 136

getDN, 238

getopt function all, 231

Global referral, 150

Global section, 378–380

Goals, 325–326, 334, 338, 341

Graphical tools, 252, 253

Graphical user interface (GUI), 29, 97–98

greaterOrEqual, lessOrEqual, 112

Group generation script, 185, 186, 187

Group information, 292

groupOfUniqueNames, 313

GUI, see Graphical user interface

H

Hardware failure, 282

Hash, 183

Hash table, 250

Header, 8–9

Hierarchical scheme, 337

Hierarchical structure, 5, 26

Hierarchical tree, 34 see also Directory information tree

Historic status, 13

Home-grown solutions, 286–287

Host name, 20, 137, 260

HTML, seeHypertext markup language

HTTP, seeHypertext transfer protocol

HTTP-LDAP gateway, 303, 316–318

HTTPD process, 300

HTTPS protocol, 310, 311, 314

Hypertext documents, 190

Hypertext markup language (HTML), 190, 299

Hypertext transfer protocol (HTTP), 20, 297, 310, 311

I

IANA, see Internet Assigned Numbers Authority

idap_count_entries, 200

idap_get_attributes, 201

idap_sort, 200

IETF, see Internet Engineering Task Force

Illegal partitions, 148, 149 see also Partitioning

Import tools, 277

Importing data, 173

Imposter, 156

Include clause, 307

Inconsistency, 172

Index files, naming, 50

Indexes, 125–126, 276

mechanism, 50

inetOrgPerson

change and PHP scripting language, 198, 199

LDAP

adding entries, 33–34

case study and Web, 312

changing, 39

information model, 54, 56, 61, 62

using, 29

schema object and Perl language, 221

inerorgperson.schema, 376

Information islands, 142

Information model, 49–50

Information retrieval, 6, 125

Information technology (IT), 3, 4

Informational status, 12

Inheritance, 57, 58, 60–61, 62, 65

Install

directory-server software, 259–270

security software for OpenLDAP server, 274

int ber_identifier, 203

int errcode, 201

Interfaces, 8 see also Individual entries

International Standardization Organization (ISO), 10, 16

Internet

case study of LDAP and Web, 310–312

security, 156, 168

standards, 12

Transmission Control Protocol/Internet Protocol, 9

Internet Assigned Numbers Authority (IANA), 50, 65

Internet Engineering Task Force (IETF), 12, 223, 334

Internet protocol (IP), 4, 9, 163, 260

Interpreter, 120–121, 190, 191

Interrogation

C language, 229–232

LDAP

data interchange format, 130

functional model, 88, 89, 90–93

Perl language, 213–214

Intranet, 101–102, 142, 168, 317

Invalid partitions, 148, 149 see also Partitioning

IP, see Internet protocol

iPlanet console, 265, 266

iPlanet directory, 336

ISO, see International Standardization Organization

IT, see Information technology

Iteration commands, 232–234

J

Java

accessing an LDAP server, 302

case study of LDAP and Web, 317

entry search and partitioning of directory data, 154, 155

language

authentication and control operations, 238, 240

first class, 237–238, 239

search and compare operations, 240–243

updating, 243–247

Java Naming and Directory Interfaces (JNDI), 248–251

Java objects, 252

Java server pages (JSP), 318

JavaBeans, see Java

java.schema 377

JavaScript, 301

javax.naming.Context interface, 250

JNDI, see Java Naming and Directory Interfaces

JSP, see Java server pages

K

Kerberos, 102–103, 271–272, 274

Keywords, 60, 66

Knowledge information, 149, 155

Konquerer browser, 46, 137 see also Individual entries

L

LAN, see Local area networks

Layers, 8, 9, 10–11

LBER, see Lightweight basic encoding rules

LDAP, see Lightweight Directory Access Protocol

ldap_abandonO, 229

ldap_add, 235–236

ldap_bind, 193, 228

LDAP client update, 169

ldap_close, 193

ldap_compare, 198, 199, 229

ldap_connect, 192

LDAP data interchange format (LDIF)

directory entries, 128–129

LDAP, 126–137

application programming interface, 179, 180, 181

information model, 52, 60

standard, 36–40

loading the data and directory-server administration, 277

ldap_delete, 206

LDAP duplication/replication/update protocols (LDUP), 139–140

LDAP extensions (LDAPext), 140

ldap_first_attribute, 203

ldap_first_entry, 202

LDAP gateway, 312

ldap_get_dn, 203

ldap_get_entries, 199–200, 201

ldap_get_values, 204

ldap_get_values_len, 204

ldap_list, 198

LDAP mandatory replica management, 169

LDAP message structure, 227

ldap object, 210, 211–212

ldap_mod_add, 207

ldap_mod_del, 208

ldap_mod_replace, 207

ldap_modify, 206, 234, 236

ldap_next_attribute, 203

ldap_next_entry, 202

ldap_open call, 228

ldap_parse_result, 201

LDAP profiles, 169

LDAP proxy server, 166–167, 168

ldap_read, 198

ldap_rename, 208

LDAP replication architecture, 169

LDAP replication information model, 169

LDAP replication information transport protocol, 169

ldap_search, 196, 229, 230–231

LDAP server, 302

ldap_set_option, 225

LDAP structure, 227

LDAP update reconciliation procedure, 169

ldap_unbind, 193

ldap_unbindO, 229

LDAP URLs, 299

LDAPAttributeSet, 242, 243

LDAPbis, see LADP (v3) revision

LDAPConnection object, 238, 243, 244, 245

LDAPEntry, 242, 243, 244

LDAPext, see LDAP extensions

ldapmodify

adding entries, 29, 30, 31, 32, 33–34

LDAP data interchange format, 36, 128

updating directory using batch process, 34–35, 37

use and LDAP API, 178–182

LDAP (v3) revision (LDAPbis), 140

ldapsearch

search filter, 40–45

use, 32, 33

LDAP application programming interface, 182–187

LDAPSearchResults, 242

LDAPUrl constructor, 249

LDBM, 21

LDIF LDAP data interchange format LDUP, see LDAP duplication/replication/update protocols

Leading spaces, 84

lessOrEqual, see greaterOrEqual, lessOrEqual

Level of access, 106

Libraries, 190, 209, 237, 273, 274–275

License agreement, 264, 265

License fees, 258

Life cycle, directory services, 323–324

Lightweight basic encoding rules (LBER), 19

Lightweight Directory Access Protocol (LDAP), see also LDAP

basics

example: enterprise with a few departments, 26–27

favorite browser speaks LDAP, 46–48

first steps, 29–34

is this a protocol, 45–46

LDAPsearch, 40–45

LDIF standard, 36–40

object classes, attributes, and schema, 27–28

server configuration, 28–29

updating a directory with batch process, 34–35

data distribution

non-LDAP systems, 170–172

versus non-LDAP systems, 145–146

details

differences between version 2 and 3, 138–140

directory schema revisited, 116–125

indexes, 125–126

LDIF, 126–137

search revisited, 110–116

URLs, 137–138

functional model, 87–98

information model

attribute-type definitions, 65–69

characterization, 51–56

matching rules, 69–71

object classes, 56–64

object identifiers, 64–65

syntaxes, 71–73

naming model

aliases, 81–82

directory information tree, 74–78

directory suffix, 80–81

distinguished name, 78–79

distinguished-name syntax, 84–85

examples of distinguished names, 79–80

information about the server, 85–87

referrals, 82–84

protocol

application layer and Transmission Control Protocol/Internet Protocol, 10

characterization, 14–16

DAP: X.500 standard, 13–14

database holding information, 21–22

development, 14

directories and directory server, 3–7

how it works, 16–20

Internet standards: RFCs, 12–13

network protocols, 7–12

security model

authentication, 99–106

authorization, 99–100, 106–107

Line segments, 339–340, 342

Links, useful

general, 361

LDAP API, 363

LDAP clients, 362

LDAP server implementation, 363–364

OIDs and standards, 362

security, 362–363

SNMP, 363

tutorials and how-tos, 362

Load balancing, 141, 338, 341

Load sharing, 166–167

Loading data, 277

Local agents, 318

Local area networks (LAN), 141, 147

Local management, 339, 341

Location, 259–260, 265, 266, 274–275 see also Directory-server administration

Log file rotation, 278, 279

Log-file analysis, 287–290

Log files, 125, 278–279, 318

Log information, 379–380

Log policy, 278

Logical backup method, 284 see also Backups

Logical operation, 115

Logical operators, 42, 43

M

Mailing lists, 258

Maintenance, 158, 336

Make, 273

Management information base (MIB), 285

Managements, objectives, 327

Man-in-the-middle attack, 168

Map directive, 395

Mapping, 333

Master servers, 158, 159, 163–164 see also Replication

Master-slave replication model, 21

Master-slave server

distribution of directory data, 144

replication

backup and directory-server administration, 284

OpenLDAP, 385–389

Matching rules, LDAP

exploring directory schema, 122

information model, 50, 51, 67, 69–71, 72, 73

matchingRule, 115

Matrix, 332, 333

MAY attribute, 57, 60, 62

mayO method, 221

Memory, 126

Message envelope, 17

Message identifier, 17, 19

Message model, 17–18

Message object, 211, 220

Message-oriented protocol, 17

Message structure, 233

Messages, 17, 20

Meta backend, 258, 395–397 see also Backend

MIB, see Management information base

Metadirectories, 172

Microsoft servers, 279

MILNet, 8

misc.schema, 377

ModdnO method, 214

modEntry, 134, 135, 136

Modifications, 78, 158, l60

Modify

entry, updating

C language API, 234

JAVA language, 246, 247

Perl language, 214, 215, 216

PHP scripting language, 206–207

LDAP

functional model, 89, 93

LDAP data interchange format, 133–134

Modify DN operation, 93, 132–133

Monitoring, 285–290

MRTG, see Multiroute traffic grapher

Multimaster model, 21

Multimaster replication, 158 see also Replication

Multiple inheritance, 61

Multiroute traffic grapher (MRTG), 287

MUST attribute, 57, 60

mustO method, 221

N

name, 97

name2oid, 221

Named referral, 69 see also Referrals

Namespace, 26, 65, 337, 340, 343

Naming convention, 124, 336

Naming manager, 250

Naming model, 50

Naming policy, 335, 336

Naming style, 81

Net:: LDAP

LDAP data interchange format, 137

library and exploring directory schema, 121

Perl language

module, 209, 210, 211, 212

object, 216

Netscape, 21, 102, 106, 117

Network card, 260

Network connection, 259

Network Information Service (NIS), 4–5, 142

Network interface layer, 9

Network layer, 10–11

Network performance, 157

Network protocols, 7–12

Network traffic, 143, 339, 341–342

Networking, evolution, 7–8

New entries, 77, 79

NewEntries hash, 136

newRDN, 96

newSuperior, 96

NIS, see Network Information Service

nis.schema, 376

Noidlen term, 67

Non-Lightweight Directory Access Protocol systems, 145–146, 170–172

NOT condition, 43, 92, 113–114

Notice of disconnection, 88

1

O

Object

LDAP, 26, 27, 56

-oriented repository and directories, 5–6

Perl language, 210–222

Object class

LDAP

extending directory schema, 125

information model, 52, 53, 54, 55, 56–64

LDAP data interchange format, 128

using, 27–28, 29–30, 33, 39

schema design and directory services design, 334

standards, 365–368

Object class definitions, 61–62

Object definitions, 117, 119, 120

Object identifier (OID), LDAP

authentication and security model, 102

directory schema, 122, 124–125

functional model, 87

information model, 50, 59, 60, 62,64–65, 70

Object superclass, 60

objectClass, 125, 198, 199

objectClass declaration, 57

objectClass value, 57

Objectives, planning directory services, 326–327

Obsoletes, 12

Octothorp character, 84

Offline, 277

OID, see Object identifier

OID tree, 65

onelevel, 110

Open Systems Interconnection (OSI), 2

OpenLDAP

choosing open-source software and directory-server administration, 258

configuration, 375–384

replication of directory data, 159

database holding information, 21

directory schema, 117, 118

installation on various platforms, 260–263

LDAP API, 178, 179, 182

libraries and case study of LDAP and Web, 314

load sharing in replication of directory data, 167

operating platforms, 25

proxy server, 391–397

schema design and directory services design, 334

security model, 106

server configuration, 28

openldap.schema, 376

OpenLDAP server

configuration file, 377–378

log-file analysis and directory-server administration, 288

securing, 271, 273–275

Open-source software, 257–258, 312

OpenSSL, 271, 314 see also Secure Sockets Layer

Operating system failure, 282

Operation code, 18

Operational attributes, 67–68 see also Attributes

operationID, 98

operationsError, 105

Operator, 275–276, 282

OR condition, 43, 92, 113–114

Ordering, 112

ORDERING rule, 67, 70

Organigrams, 338

Organization, 53, 54, 56

Organization object, 64

Organizational unit

LDAP

adding entries, 34, 35

changing entries, 39

information model, 53, 56, 57–58

naming model, 74

using, 27, 31

partitioning of directory data, 148

replication in OpenLDAP, 385

organizationalPerson, 62

OSI, see Open Systems Interconnection

Output, limited, 40, 41

Overhead, 10

P

Package, 209

PAM, see Pluggable authentication modules

Partitioning

design, 331, 338–340

distribution of directory data, 143

tree design and directory services design, 335–336

what is, 146–149

Partners, 270–271

Password

authentication, 194, 212, 213

directory manager and Sun One installation, 267, 269

LDAP, 28–29, 30, 33

Pattern-matching functions, 209

PDC, see Primary domain controller

PDU, see Protocol data unit

Performance

directory data, 157, 158, 162, 165

naming model of LDAP, 50

replication design and directory services design, 341

Perl backend, 21 see also Backend

Perl interpreter, 120

Perl language

CPAN and scripts, 223

LDAP

data interchange format, 40, 134–135

exploring directory schema, 120–121, 122

first program, 210

libraries, 223

log-file analysis and directory-server administration, 289–290

objects, 210–222

Sun One installation, 265

Person, LDAP

adding entries, 33, 36

deleting entries, 39

information model, 53, 54

using, 27, 33

PHP preprocessor, 306–307

PHP scripting language

authentication and control operations, 192–193

Web environment, 194–196

first steps, 191–192

functions not covered, 208

search and assisted commands, 196–198

updating functions, 204–208

working with the result identifiers, 198–204

Physical layer, 10, 11

Placeholder, 81

Planning, directory services, 324–330

Pluggable authentication modules (PAM), 292, 293 see also Authentication

Polish notation, 42

Port, 20, 267, 270

portNumber, 137

Posix regex libraries, 261

Prefix notation, 113–114

Presence, 125

Present, 113

Presentation layer, 11

Primary domain controller (PDC), 304

Printers, 4

Program flow, typical, 188, 189

Programming language, 50

Programming method, 298

Project plan, planning directory services, 329–330

Proposed status, 12

Protocol data unit (PDU), 17

Protocol

LDAP, 2

Open Systems Interconnection, 10–12

TCP/IP, 8–10

protocolError, 105

Proxy, distributed architectures, 142

Proxy server

OpenLDAP, 391–397

directory-server administration, 258

partitioning of directory data, 150

Public-key cryptography, 102

Put method, 250

putDirectory entries, 136

Python language, 255

Q

Queries

directories, 5

LDAP

how it works, 19

information model, 55, 69–70

ldapsearch, 41, 183

using, 28, 33

parameters and CGI scripts, 301, 306

search object and Perl language, 218

typical program flow, 188

Query filter, LDAP search, 42, 43, 44, 111–116

R

RDBMS, see Relational database management system

RDN, see Relative distinguished name

Readme files, 261 264

Read-only mode, 158, 163 see also Slave servers

Realm, 103

Real-world objects, 54, 56, 62

Receive operation, 17

Records, 128

Recovery, 282

Recycling, 103

Redundancy, 141

Reference object, 211, 220

Referral object, 82

Referrals

configuration of OpenLDAP, 380

LDAP

authentication and security model, 105

naming model, 74, 81, 82–84

partitioning of directory data, 147, 150

chaining comparison, 157

Reflection, 252

Relational database management system (RDBMS), 21–22, 45, 55, 318

Relative distinguished name (RDN

JAVA language, 246–247

LDAP

data interchange format, 132

functional model, 93–94, 95, 96

naming model, 76–77

using, 31

partitioning of directory data, 148

tree design and directory services design, 337

updating directory with batch process, 35

Reliability, 9, 13

Remote agents, 318

Remote procedure call (RPC), 142

Renaming

JAVA language, 246–247, 248

LDAP, 39, 76–77, 97

Replication

account, 166

backup and directory-server administration, 284–285

design, 331–332, 340–342

directory data

agreements, 165–166

load sharing, 166–167

scenarios, 160–162

schema information and access control list, 162

security aspects, 168

single versus multimaster, 163–164

work in progress, 169

distribution of directory data, 144

log, 159

OpenLDAP, 258, 261, 385–389

tree design and directory services design, 335–336

Replication server, 159

Report-building utilities, 21

Request for comments (RFC)

C-language API, 223

directory-server administration, 286, 291–292

LDAP, 15, 16

characterization, 2

data interchange format, 38, 126

duplication/ replication/ update protocols, 358–359

functional model, 88

group, 169

information model, 52, 66, 70, 72

protocol, 349–356

search, 112

security model, 51, 100, 102, 103, 104

using, 28

version 3 revision, 357–358

UTF-8 encoding, 129

URLs, 137, 247, 299

mechanism, 12–13

schema design and directory services design, 334

Request

callback option and Perl language, 217

DSML and distributed architecture, 173, 175

LDAP, 18, 19, 50, 311–312

log-file analysis and directory-server administration, 287

require dn, 305

require group, 305

require user, 305

require valid-user, 305

Requirements

case study of LDAP and Web, 308–310

system and installation of directory server software, 259, 261

Resource identifier, 193

Resource limitations, 380

resource link_identifier, PHP scripting language

directory updating, 204, 206, 207, 208

search, 197, 198

working with, 199, 200, 201, 202, 203, 204

resource result_entry_identifier, 202, 203, 204

resource result_identifier, 199, 200, 201, 202

Response, 18, 19, 173, 175, 217

Result identifiers, 198–204

Result set, 232–234

Results array, 199–200

Reverse Polish notation (RPN), 42

Rewrite directive, 395

RFC, see Request for comments

RPC, see Remote procedure call

RPN, see Reverse Polish notation

Root distinguished name (DN), 275, 335, 336–337

Root DSE, 85–87

root_DSE() method, 216

Root object class, 57

Ruby scripting language, 254–255

Rules, 7, 12, 54, 252

S

SAPI, see Server application programming interface

SASL, see Simple authentication and security layer

Scalability, 338

Scenarios, replication, 160–162

Schema

directory-server administration, 277

design of directory services, 331, 334–335

directory and configuration of LDAP server, 276

exploring and Perl language, 216–217

file, 33

LDAP

checking, 118–119

definition, 27–28

information model, 54, 55

server configuration, 29

OpenLDAP, 376, 379

replication of directory data, 162

Schema object, 211, 220–222

Scope, 20, 90, 110, 137

SDK, see Software development kit

Search

C language, 229–232, 233

distributed architectures, 142

DSML, 173, 174

JAVA language, 240–241, 242–243, 244

LDAP, 110–116

base, 110

filter, 20, 92

functional model, 89, 90–92

partitioning of directory data, 154

Perl language, 214

PHP scripting language, 192, 196–198

Search object, 210, 218

Search request, 18

Secure Sockets Layer (SSL), 102, 271, 272, 314 see also Authentication

Security

data distribution between LDAP/non-LDAP systems, 171

design of directory services, 332, 342–344

directory data, 156, 168

LDAP server, 270–275

OpenLDAP and directory-server administration, 258

Security model, 50–51

Security server, 271

sed, see Stream editor

Sequencing 9

Serialization, 252–253

Server application programming interface (SAPI), 190

Server configuration, 28–29

Service interruptions, 285

Service-level agreement (SLA), 282–283

Service provider interface (SPI), 249

Service providers, 249

Servlet container, 318

Session key, 103

Session layer, 11

Session variables, 307

set_valueO method, 220

sharedReferral, 69

Shell script, 178, 179

Simple authentication and security layer (SASL)

installation of OpenLDAP, 262

LDAP, 15, 103–105

securing the LDAP server, 271, 272, 274

Simple Mail Transfer Protocol (SMTP), 10, 285–286, 287

SINGLE-VALUE attribute, 67 see also Attributes

sizeLimit, 91, 197

SLA, see Service-level agreement

slapd daemon, 377

slapd.conf, 276, 376

slapd.conf Schema format, 117–118

Slave servers, 158, 159

slurpd daemon, 377

Smart referrals, 150 see also Referrals

SMTP, see Simple Mail Transfer Protocol

SNMP, see Simple Network Management Protocol

Socket interface, 8

Software development kit (SDK), 123, 187, 224, 237, 240

Sortfilter, 200

Source code, 182

sn, see Surnames

Special characters, 84

Speed, 141

SPI, see Service provider interface

Sponsorship, planning directory services, 326

SQL back end, 21 see also Back end

SSL, see Secure Sockets Layer

Standardization, 169

Standardization layer, 252

Standards

attribute types, 368–374

Internet, 7, 12

object classes, 365–368

Start/stop scripts, 280–281

startTLS, 88, 102, 104

Storage, 5–6, 17, 21, 49, 123

Strategy module, 171, 172

strcmp function, 200

Stream editor (sed), 183

string attribute, 198, 204

string base_dn, 197

string dn, 198, 205, 206, 207, 208

string errmsg, 201

string filter, 197

string matcheddn, 201

string newparent, 208

string newrdn, 208

string sortfilter, 200

string value, 198

STRUCTURAL values, 60, 62–64

Subnets, 160, 161 see also Replication

Subordinate knowledge information, 149, 153

Subschema object, 64

Subscriptions, 310, 311

SUBSTR rule, 67, 70

Substring, 112, 126

subtree, 110

Success/failure, 104, 224

Suffix, 275, 335

Sun One, installation, 263–270

Sun One server, 271, 272–273

Superior knowledge information, 149, 153

Supplier, 158, 160, 165, 166

Support, 187–190, 238

Surname (sn)

LDAP

application programming interface, 183

information model, 68

ldapsearch, 40, 41, 44

using, 33

Web environment authentication, 194

Switches

configure and installation of OpenLDAP, 262

interrogation operations and C language, 231

ldapmodify and LDAP API, 179

using LDAP, 33, 36, 37

Synchronous bind, 228

Synchronous calls, 236

Synchronous version, 224

Syntax definitions, 51, 55

System calls, 8

System monitoring, 285–290

T

Tape, 283 see also Backup

TCL, see Tool command language

TCP, see Transmission Control Protocol

TCP/IP, see Transmission Control

Protocol/Internet Protocol

Tests, 262, 273

Ticket, 103

Tie-LDAP, 209

Time service, 142

timelimit, 91, 197

Timeval structure, 227

TLS Handshake protocol, 102

TLS Record protocol, 102

TLS, see Transport Layer Security

Tomcat 302, 303, 317–318

Tool command language (TCL), 255

Trailing white spaces, 84

Transaction management, 1–2

Transmission Control Protocol (TCP), 10

Transmission Control Protocol/Internet Protocol (TCP/IP), 2, 7, 8–10, 141

Transport layer, 9–10, 11

Transport Layer Security (TLS), 102, 104, 262, 271

Tree design, 331, 335–338

Tree structure, 26, 27, 50

TSL, see Transport Layer Security protocol

U

UDP, see User Datagram Protocol

uid, see User identifier

unavailable, 105

Unbind, see also Bind

authentication, 212, 240

LDAP, 89–90, 97, 99

LDAP server using PHP scripting language, 192

Unbind method call, 121

Unbind request, 19

Unicode Transformation Format-8 (UTF-8) encoding, 129

Uniform Resource Locators (URLs), 20, 137–138, 153–154, 247–248

UNIX servers, 279

UNIX systems

command-line tools, 178

documentation/installation of directoryserver software, 259

installation of OpenLDAP, 262

Sun One installation, 263

user authentication and directory-server administration, 291–294

Unrestricted information, 309

Unsolicited notification, 88

Updating

C language API, 234–236

directory data, 158, 161, 163, 165

JAVA language, 243–247

LDAP

case study and Web, 316

directory files and LDIF, 129–134

directory schema, 119

functional model, 88, 89, 93–97

Perl language, 214–216

URLs, see Uniform Resource Locators

USAGE attribute, 67, 68 see also Attributes

User

credentials, 99, 101, 103

directory-server administration, 291, 292

case study of LDAP and Web, 315, 316

requirements and transaction management, 2

User attributes, 67

User Datagram Protocol (UDP), 10

User identifier (uid), 33, 74, 80, 193

Sun One installation, 267, 269

User request, 6

userApplications, 68

UserlD/password combination, 312, 313, 304, 305, 307 see also Password

userPassword, 101

UTF-8, see Unicode Transformation Format-8

V

Values, 28

Version 3 (LDAP)

access control lists in replication of directory data, 162

LDAP

directory schema, 118, 120

exploring directory schema, 123

exploring schema using Perl language, 216–217

functional model, 97

LDAP version 2 comparison and C language API, 236

Visibility, client and installation of directoryserver software, 260

Visual C++, 262

W

WAN, see Wide-area network

Web environment, 194–196

Web server, 303–307, 314–316

Web services

accessing LDAP server, 302

application servers, 300–302

case study of LDAP and Web, 308–319

gateways, 302–303

LDAP URLs, 299–300

Web server authentication, 303–307

Welcome page, 310

White pages, 4, 5, 84

Wide-area network (WAN), 141

Win32 platform, 261, 262–263

Winzip, 261 264

Woid, 67

Workload, 159

X

X.500 DAP, 51

X.500 naming style, 81

X.500 Standard, 12, 13

XML, see Extended markup language

Y

Yellow pages, 4