A
Abandon
authentication
C language, 229
Perl language, 212
functional model of LDAP, 89, 90, 97–98
Abstract syntax notation one (ASN.l), 19, 85, 116–117
ABSTRACT values, 60, 6l, 62–64
Access control, 50–51, 335–336, 378–379
Access control information (ACI), 51, 100, 106
Access control lists (ACL), 51, 106, 162
Access rights, 99
ACI, see Access control information
ACL, see Access control lists
Active directory service interface (ADSI), 254
Active Directory, 254
Adding
C language API, 234
data interchange format, 130, 131, 134, 135, 136
ldapmodify using API, 180
naming model, 76
PHP scripting language, 204–205
Administration interface, 317
Administration server, 267, 269
Administrative utilities, 294–295
guide, 377
ADSI, see Active directory service interface
Agent, 318
Analysis, 124
Ancestors, 75–76, 78, 148, 149
AND condition, 42, 92, 113–114
Anonymous access, 101
Anonymous bind, 101 see also Bind
Apache Web server, 304, 312, 314
API, see Application programming interface
Application broker, 170–171, 311–312, 318–319
Application failures, 282
Application locations, 327
Application support, 336
Application programming interface (API)
active directory and ADSI, 254
LDAP
functional model, 50
how it works, 17
naming model, 83
PHP scripting language, 190–208
TCP/IP, 7
Approximate, 126
approxMatch, 113
Architecture
case study of LDAP and Web, 310, 311, 312, 317, 318–319
Java Naming and Directory Interfaces, 249, 250
ARPANet, 8
array attributes, 197 see also Attributes
array entry, 205, 207 see also Entries
array referrals, 201 see also Referrals
Arrays, 199
ASN.l, see Abstract syntax notation one
Associate arrays, 214
Asynchronous requests, 220 see also Request
Asynchronous bind, 228 see also Bind
Asynchronous calls, 236
Asynchronous version, 224
Attribute definitions, 117, 119, 125
information model of LDAP, 65–69
Attribute types
information model of LDAP, 51, 52, 54, 55, 64, 67–69
schema design and directory services design, 334
Attribute value assertion (ava), 93
Attribute values, LDAP
information model, 50
naming model, 79
LDAP data interchange format, 128, 129, 130
entry object and Perl language, 219
Java Naming and Directory Interfaces, 251
LDAP
changing, 39
data interchange format standard, 37, 133
formal definition and information model, 66–67
how it works, 20
information model, 50, 51, 54, 55, 57, 60, 64
attrOnly, 91
attrsonly, 197
auth_ldap module, 304–306, 314–316
Authenticated user, 309
auth_ldap module for Apache Web server, 305
chaining and partitioning of directory data, 156
LDAP
case study and Web, 210, 314–316
functional model, 88, 89–90, 97–98
LDAP data interchange format, 130
mechanism and design of directory services, 322
PHP scripting language, 192–193
security design and directory services design, 343
user administration in directory-server administration, 291
Authentication server, security, 103
Authorization
auth_ldap module for Apache Web server, 305–306
security design and directory services design, 344
security model of LDAP, 50–51, 99–100, 106–107
ava, see Attribute value assertion
B
database holding information and LDAP, 21
OpenLDAP
directory-server administration, 258
installation, 26l
Backup time, 339
Backus Naur form (BNF), 59, 60, 66, 114
Base URL, 46 see also Uniform Resource Locator
Basic authentication, 101–102 see also Authentication
Benefits, planning directory services, 326
BER encoding, 102
BerElement structure, 227
Binary data, 129
Bind, see also Unbind
interrogation operations and C language, 232, 233
Java Naming and Directory Interfaces, 250
LDAP server using PHP scripting language, 192
Perl language, 212
BNF, see Backus Naur form
bool deleteoldrdn, 208
Boolean operators, 113–114 see also AND condition; NOT condition; OR condition
Branching policy, 75, 335, 337–338
Broker, see Application broker Browser 46–48 see also Individual entries
Browsing, 300 see also Individual entries
C
C development system, 261
C language
LDAP SDK version 2 versus 3, 225
operating platforms of libraries, 224
structures, 227
CA, see Certificate authority
Cascading replication, 160–161 see also Replication
Case study, LDAP and Web, 308–319
CCITT, see Consultative Committee in International Telephony and Telegraphy
Certificate authority (CA), 271
Classical backup methods, 283–284 see also Backups
Client-server
access and partitioning, 146
accessing application servers via CGI scripts, 300–301
directories and directory servers, 6
LDAP
authentication and security model, 103, 104
information model, 54
referrals and naming model, 82–83, 84
security model, 99
partitioning of directory data, 152–154, 157
cn, see also Common name
Code inspection, 258
codeO method, 220
COLLECTIVE attribute, 67 see also Attributes
COM, see Component object model
Command-line tools
LDAP
application programming interface, 177–187
information model, 60
loading the data and directory-server administration, 277
programming language support, 187–190
Web environment authentication and PHP scripting language, 194
Compare operations, 89, 92–93, 241–242
Component object model (COM), 254
Comprehensive Perl Archive Network (CPAN), 209
Compressed archive file, 261
Configuration, 260, 262, 275–276, 314
Configuration server, 267, 268
Configure, 273
Confirmation screen, 270
Conflicts, 171
Conqueror Web browser, 300
Construction, Perl language, 211
Consultative Committee in International Telephony and Telegraphy (CCITT), 10, 116
Consumers, 158, 160, 162, 165, 166
Context, 250
Control
PHP scripting language, 192–193
core.schema, 376
cosine.schema, 376
Costs, 126
CountO, 218
CPAN, see Comprehensive Perl Archive Network
Credentials, 194, 306, 309, 313
Custom tools, 277
Customers, 315
D
DAP, see Directory Access Protocol
access, 13, 106, 142, 146, 309
analysis, 328
design, 330, 332–334, 339, 343–344
encapsulation, 9
exporting, 127
flow, 171
loading, 277
loading and directory-server administration, 277
organization, 335
protection, 106
storage and extending directory schema in LDAP, 123
Database
configuration of OpenLDAP, 381–383
centralized and Directory Access Protocol, 13
file, 283
holding information and LDAP, 21–22
Database interface (DBI), 210
DBI, see Database interface
dc, see Domain components
DCA, see Defense Communication Agency
DCE, see Distributed computing environment
Defense Communication Agency (DCA), 8
Delete
LDAP
data interchange format, 130, 131–132
using, 37
ldapmodify in LDAP API, 180
updating
C language API, 234
PHP scripting language, 206
deleteOldRDN, 96
Demilitarized zone (DMZ), 310, 311, 312
Dependencies, 262
deref, 197
derefAliases, 90
Design, 124
Design pattern, 252
Directory
access and Web services, 297
information, 160
LDAP
changing and use, 39
information model, 54
management and functional model, 50
partitioning, 82
root, 28
search and use, 32
structure and naming model, 50, 73
updating
Directory Access Protocols (DAP), 2, 13–14
Directory information tree (DIT)
LDAP
aliases and naming model, 81
case study and Web, 313
functional model, 89
information model, 64
using, 29
version 2 and 3 comparison, 139
root and directory-server software installation, 260
tree design and directory services design, 335–338
Directory schema, LDAP
configuration of server, 276
information model, 50
Directory server, LDAP
communication with remote computers, 45
configuration and use, 28
data verification and details, 118–119
database holding information, 21
information retrieval, 6
referrals and naming model, 82
Directory-server
administration administrative utilities, 294–295
backup and recovery, 282
getting the directory server up and running, 258–270
LDAP users, groups, and UNIX, 291–294
load the data, 277
service-level agreement, 282–283
starting and stopping the server, 279–281
user administration, 291
Directory server agent (DSA), 67, 85–87
Directory server entries (DSE), 138–138
Directory-server software, 259–270
Directory services
distributed computing environment, 142
Directory suffix, 64, 74, 80–81
Directory tree, 26, 27 see also Directory information tree
directoryOperations, 68
Discussion group members, 315
Dispatcher, 319
compare operation in JAVA language, 241–242
LDAP
data interchange format, 36, 128
error messages, 30
information model, 53, 54, 57, 64
Perl language
replication in OpenLDAP, 385
updating directory with batch process, 35
Distinguished-name syntax, 80, 84–85
Distributed architectures
data distribution between LDAP and non-LDAP systems, 145–146, 170–172
partitioning
chaining versus referrals, 157
clients point of view, 152–154
gluing the directories together, 149
referrals, 150
security aspects using chaining, 156
replication
schema information and access control lists, 162
security aspects, 168
single master versus multimaster, 163–164
work in progress, 169
Distributed computing environment (DCE), 13, 142
DIT, see Directory information tree
DMZ, see Demilitarized zone
dnO method, 220 see also Distinguished name
DN, see Distinguished name
DNS, see Domain name system
DNS style, 81
Domain component object, 64
Domain component style, 81
Domain components (dc), 79
distributed computing environment and distributed architectures, 142
directories, 4
hierarchical structure, 5
load sharing in replication of directory data, 166, 167
naming service on Internet, 249
domainComponent attribute, 336
Draft status, 12
DSA, see Directory server agent
DSA specific entry, 149
DSE, see Directory server entries
DSML
tools, 173
Dump method
directory schema, 121
LDAP data interchange format, 127–128
E
Eiffel language, 255
rules, 130
Encrypted messages, 101
Encryption, 102, 168, 272, 309
End users, 327
Enterprise JavaBeans, 252–253 see also Java
adding, deleting, modifying, 180, 204–207
LDAP
checking and directory schema, 118–119
dump and data interchange format, 128
information model, 49, 50, 51, 52–53, 55, 56, 64
naming model, 74
partitioning of directory data, 153
Web environment authentication, 196
Entry object, 5, 210, 214, 219–220
Equality, 125
equalityMatch, 112
Error messages
LDAP
authentication and security model, 101
naming model, 79
Web environment authentication, 194
errorO method, 220
Errors, 17–18, 185, 210, 211, 282
Escaping characters, 115
Event-processing system, 251
Existing schema, 334
Experimental status, 12
Export, data, see Data
Extended markup language (XML), 172
Extended operations, 88
extensibleMatch, 114
F
FALSE, 192
File as input, 34
File service, 142
File Transfer Protocol (FTP), 10
Filter, 111
filterString, 137
Flat directory information tree, 75 see also Directory information tree
Flat schema, 337 see also Schema
Folded-attribute value, 129
Frequency, 165
FTP, see File Transfer Protocol
Functional model, 50
G
Gateway, 14, 166, 167, 302–303
Get method, 220
get_valueO method, 219
getAttributes, 251
getDirectoryEntries, 136
getDN, 238
getopt function all, 231
Global referral, 150
Graphical user interface (GUI), 29, 97–98
greaterOrEqual, lessOrEqual, 112
Group generation script, 185, 186, 187
Group information, 292
groupOfUniqueNames, 313
GUI, see Graphical user interface
H
Hardware failure, 282
Hash, 183
Hash table, 250
Hierarchical scheme, 337
Hierarchical tree, 34 see also Directory information tree
Historic status, 13
HTML, seeHypertext markup language
HTTP, seeHypertext transfer protocol
HTTP-LDAP gateway, 303, 316–318
HTTPD process, 300
Hypertext documents, 190
Hypertext markup language (HTML), 190, 299
Hypertext transfer protocol (HTTP), 20, 297, 310, 311
I
IANA, see Internet Assigned Numbers Authority
idap_count_entries, 200
idap_get_attributes, 201
idap_sort, 200
IETF, see Internet Engineering Task Force
Illegal partitions, 148, 149 see also Partitioning
Import tools, 277
Importing data, 173
Imposter, 156
Include clause, 307
Inconsistency, 172
Index files, naming, 50
mechanism, 50
inetOrgPerson
change and PHP scripting language, 198, 199
LDAP
case study and Web, 312
changing, 39
information model, 54, 56, 61, 62
using, 29
schema object and Perl language, 221
inerorgperson.schema, 376
Information islands, 142
Information technology (IT), 3, 4
Informational status, 12
Inheritance, 57, 58, 60–61, 62, 65
Install
directory-server software, 259–270
security software for OpenLDAP server, 274
int ber_identifier, 203
int errcode, 201
Interfaces, 8 see also Individual entries
International Standardization Organization (ISO), 10, 16
Internet
case study of LDAP and Web, 310–312
standards, 12
Transmission Control Protocol/Internet Protocol, 9
Internet Assigned Numbers Authority (IANA), 50, 65
Internet Engineering Task Force (IETF), 12, 223, 334
Internet protocol (IP), 4, 9, 163, 260
Interpreter, 120–121, 190, 191
Interrogation
LDAP
data interchange format, 130
functional model, 88, 89, 90–93
Intranet, 101–102, 142, 168, 317
Invalid partitions, 148, 149 see also Partitioning
IP, see Internet protocol
iPlanet directory, 336
ISO, see International Standardization Organization
IT, see Information technology
J
Java
accessing an LDAP server, 302
case study of LDAP and Web, 317
entry search and partitioning of directory data, 154, 155
language
authentication and control operations, 238, 240
search and compare operations, 240–243
Java Naming and Directory Interfaces (JNDI), 248–251
Java objects, 252
Java server pages (JSP), 318
JavaBeans, see Java
java.schema 377
JavaScript, 301
javax.naming.Context interface, 250
JNDI, see Java Naming and Directory Interfaces
JSP, see Java server pages
K
Kerberos, 102–103, 271–272, 274
Knowledge information, 149, 155
Konquerer browser, 46, 137 see also Individual entries
L
LAN, see Local area networks
LBER, see Lightweight basic encoding rules
LDAP, see Lightweight Directory Access Protocol
ldap_abandonO, 229
LDAP client update, 169
ldap_close, 193
ldap_connect, 192
LDAP data interchange format (LDIF)
application programming interface, 179, 180, 181
loading the data and directory-server administration, 277
ldap_delete, 206
LDAP duplication/replication/update protocols (LDUP), 139–140
LDAP extensions (LDAPext), 140
ldap_first_attribute, 203
ldap_first_entry, 202
LDAP gateway, 312
ldap_get_dn, 203
ldap_get_entries, 199–200, 201
ldap_get_values, 204
ldap_get_values_len, 204
ldap_list, 198
LDAP mandatory replica management, 169
LDAP message structure, 227
ldap_mod_add, 207
ldap_mod_del, 208
ldap_mod_replace, 207
ldap_next_attribute, 203
ldap_next_entry, 202
ldap_open call, 228
ldap_parse_result, 201
LDAP profiles, 169
LDAP proxy server, 166–167, 168
ldap_read, 198
ldap_rename, 208
LDAP replication architecture, 169
LDAP replication information model, 169
LDAP replication information transport protocol, 169
ldap_search, 196, 229, 230–231
LDAP server, 302
ldap_set_option, 225
LDAP structure, 227
LDAP update reconciliation procedure, 169
ldap_unbind, 193
ldap_unbindO, 229
LDAP URLs, 299
LDAPbis, see LADP (v3) revision
LDAPConnection object, 238, 243, 244, 245
LDAPext, see LDAP extensions
ldapmodify
adding entries, 29, 30, 31, 32, 33–34
LDAP data interchange format, 36, 128
updating directory using batch process, 34–35, 37
LDAP (v3) revision (LDAPbis), 140
ldapsearch
LDAP application programming interface, 182–187
LDAPSearchResults, 242
LDAPUrl constructor, 249
LDBM, 21
LDIF LDAP data interchange format LDUP, see LDAP duplication/replication/update protocols
Leading spaces, 84
lessOrEqual, see greaterOrEqual, lessOrEqual
Level of access, 106
Libraries, 190, 209, 237, 273, 274–275
License fees, 258
Life cycle, directory services, 323–324
Lightweight basic encoding rules (LBER), 19
Lightweight Directory Access Protocol (LDAP), see also LDAP
basics
example: enterprise with a few departments, 26–27
favorite browser speaks LDAP, 46–48
object classes, attributes, and schema, 27–28
updating a directory with batch process, 34–35
data distribution
versus non-LDAP systems, 145–146
details
differences between version 2 and 3, 138–140
directory schema revisited, 116–125
information model
attribute-type definitions, 65–69
naming model
directory information tree, 74–78
distinguished-name syntax, 84–85
examples of distinguished names, 79–80
information about the server, 85–87
protocol
application layer and Transmission Control Protocol/Internet Protocol, 10
database holding information, 21–22
development, 14
directories and directory server, 3–7
Internet standards: RFCs, 12–13
security model
authorization, 99–100, 106–107
Links, useful
general, 361
LDAP API, 363
LDAP clients, 362
LDAP server implementation, 363–364
OIDs and standards, 362
SNMP, 363
tutorials and how-tos, 362
Loading data, 277
Local agents, 318
Local area networks (LAN), 141, 147
Location, 259–260, 265, 266, 274–275 see also Directory-server administration
Log policy, 278
Logical backup method, 284 see also Backups
Logical operation, 115
M
Mailing lists, 258
Make, 273
Management information base (MIB), 285
Managements, objectives, 327
Man-in-the-middle attack, 168
Map directive, 395
Mapping, 333
Master servers, 158, 159, 163–164 see also Replication
Master-slave replication model, 21
Master-slave server
distribution of directory data, 144
replication
backup and directory-server administration, 284
Matching rules, LDAP
exploring directory schema, 122
information model, 50, 51, 67, 69–71, 72, 73
matchingRule, 115
mayO method, 221
Memory, 126
Message envelope, 17
Message-oriented protocol, 17
Message structure, 233
Meta backend, 258, 395–397 see also Backend
MIB, see Management information base
Metadirectories, 172
Microsoft servers, 279
MILNet, 8
misc.schema, 377
ModdnO method, 214
Modify
entry, updating
C language API, 234
PHP scripting language, 206–207
LDAP
LDAP data interchange format, 133–134
Modify DN operation, 93, 132–133
MRTG, see Multiroute traffic grapher
Multimaster model, 21
Multimaster replication, 158 see also Replication
Multiple inheritance, 61
Multiroute traffic grapher (MRTG), 287
mustO method, 221
N
name, 97
name2oid, 221
Named referral, 69 see also Referrals
Namespace, 26, 65, 337, 340, 343
Naming manager, 250
Naming model, 50
Naming style, 81
Net:: LDAP
LDAP data interchange format, 137
library and exploring directory schema, 121
Perl language
object, 216
Network card, 260
Network connection, 259
Network Information Service (NIS), 4–5, 142
Network interface layer, 9
Network performance, 157
Network traffic, 143, 339, 341–342
NewEntries hash, 136
newRDN, 96
newSuperior, 96
NIS, see Network Information Service
nis.schema, 376
Noidlen term, 67
Non-Lightweight Directory Access Protocol systems, 145–146, 170–172
NOT condition, 43, 92, 113–114
Notice of disconnection, 88
O
Object
-oriented repository and directories, 5–6
Object class
LDAP
extending directory schema, 125
information model, 52, 53, 54, 55, 56–64
LDAP data interchange format, 128
schema design and directory services design, 334
Object class definitions, 61–62
Object definitions, 117, 119, 120
authentication and security model, 102
directory schema, 122, 124–125
functional model, 87
information model, 50, 59, 60, 62,64–65, 70
Object superclass, 60
objectClass declaration, 57
objectClass value, 57
Objectives, planning directory services, 326–327
Obsoletes, 12
Octothorp character, 84
Offline, 277
OID, see Object identifier
OID tree, 65
onelevel, 110
Open Systems Interconnection (OSI), 2
OpenLDAP
choosing open-source software and directory-server administration, 258
replication of directory data, 159
database holding information, 21
installation on various platforms, 260–263
libraries and case study of LDAP and Web, 314
load sharing in replication of directory data, 167
operating platforms, 25
schema design and directory services design, 334
security model, 106
server configuration, 28
openldap.schema, 376
OpenLDAP server
log-file analysis and directory-server administration, 288
Open-source software, 257–258, 312
OpenSSL, 271, 314 see also Secure Sockets Layer
Operating system failure, 282
Operation code, 18
Operational attributes, 67–68 see also Attributes
operationID, 98
operationsError, 105
Ordering, 112
Organigrams, 338
Organization object, 64
Organizational unit
LDAP
changing entries, 39
information model, 53, 56, 57–58
naming model, 74
partitioning of directory data, 148
replication in OpenLDAP, 385
organizationalPerson, 62
OSI, see Open Systems Interconnection
Overhead, 10
P
Package, 209
PAM, see Pluggable authentication modules
distribution of directory data, 143
tree design and directory services design, 335–336
directory manager and Sun One installation, 267, 269
Pattern-matching functions, 209
PDC, see Primary domain controller
PDU, see Protocol data unit
Performance
directory data, 157, 158, 162, 165
naming model of LDAP, 50
replication design and directory services design, 341
Perl backend, 21 see also Backend
Perl interpreter, 120
Perl language
CPAN and scripts, 223
LDAP
data interchange format, 40, 134–135
exploring directory schema, 120–121, 122
first program, 210
libraries, 223
log-file analysis and directory-server administration, 289–290
Sun One installation, 265
Person, LDAP
deleting entries, 39
PHP scripting language
authentication and control operations, 192–193
functions not covered, 208
search and assisted commands, 196–198
working with the result identifiers, 198–204
Placeholder, 81
Planning, directory services, 324–330
Pluggable authentication modules (PAM), 292, 293 see also Authentication
Polish notation, 42
portNumber, 137
Posix regex libraries, 261
Presence, 125
Present, 113
Presentation layer, 11
Primary domain controller (PDC), 304
Printers, 4
Program flow, typical, 188, 189
Programming language, 50
Programming method, 298
Project plan, planning directory services, 329–330
Proposed status, 12
Protocol data unit (PDU), 17
Protocol
LDAP, 2
Open Systems Interconnection, 10–12
protocolError, 105
Proxy, distributed architectures, 142
Proxy server
directory-server administration, 258
partitioning of directory data, 150
Public-key cryptography, 102
Put method, 250
putDirectory entries, 136
Python language, 255
Q
Queries
directories, 5
LDAP
how it works, 19
parameters and CGI scripts, 301, 306
search object and Perl language, 218
typical program flow, 188
Query filter, LDAP search, 42, 43, 44, 111–116
R
RDBMS, see Relational database management system
RDN, see Relative distinguished name
Read-only mode, 158, 163 see also Slave servers
Realm, 103
Real-world objects, 54, 56, 62
Receive operation, 17
Records, 128
Recovery, 282
Recycling, 103
Redundancy, 141
Referral object, 82
configuration of OpenLDAP, 380
LDAP
authentication and security model, 105
partitioning of directory data, 147, 150
chaining comparison, 157
Reflection, 252
Relational database management system (RDBMS), 21–22, 45, 55, 318
Relative distinguished name (RDN
LDAP
data interchange format, 132
functional model, 93–94, 95, 96
using, 31
partitioning of directory data, 148
tree design and directory services design, 337
updating directory with batch process, 35
Remote agents, 318
Remote procedure call (RPC), 142
Renaming
account, 166
backup and directory-server administration, 284–285
directory data
schema information and access control list, 162
security aspects, 168
single versus multimaster, 163–164
work in progress, 169
distribution of directory data, 144
log, 159
tree design and directory services design, 335–336
Replication server, 159
Report-building utilities, 21
C-language API, 223
directory-server administration, 286, 291–292
characterization, 2
data interchange format, 38, 126
duplication/ replication/ update protocols, 358–359
functional model, 88
group, 169
information model, 52, 66, 70, 72
search, 112
security model, 51, 100, 102, 103, 104
using, 28
UTF-8 encoding, 129
schema design and directory services design, 334
Request
callback option and Perl language, 217
DSML and distributed architecture, 173, 175
log-file analysis and directory-server administration, 287
require dn, 305
require group, 305
require user, 305
require valid-user, 305
Requirements
case study of LDAP and Web, 308–310
system and installation of directory server software, 259, 261
Resource identifier, 193
Resource limitations, 380
resource link_identifier, PHP scripting language
directory updating, 204, 206, 207, 208
working with, 199, 200, 201, 202, 203, 204
resource result_entry_identifier, 202, 203, 204
resource result_identifier, 199, 200, 201, 202
Response, 18, 19, 173, 175, 217
Reverse Polish notation (RPN), 42
Rewrite directive, 395
RFC, see Request for comments
RPC, see Remote procedure call
RPN, see Reverse Polish notation
Root distinguished name (DN), 275, 335, 336–337
root_DSE() method, 216
Root object class, 57
Ruby scripting language, 254–255
S
SAPI, see Server application programming interface
SASL, see Simple authentication and security layer
Scalability, 338
Scenarios, replication, 160–162
directory-server administration, 277
design of directory services, 331, 334–335
directory and configuration of LDAP server, 276
exploring and Perl language, 216–217
file, 33
LDAP
server configuration, 29
replication of directory data, 162
SDK, see Software development kit
Search
distributed architectures, 142
JAVA language, 240–241, 242–243, 244
base, 110
partitioning of directory data, 154
Perl language, 214
PHP scripting language, 192, 196–198
Search request, 18
Secure Sockets Layer (SSL), 102, 271, 272, 314 see also Authentication
Security
data distribution between LDAP/non-LDAP systems, 171
design of directory services, 332, 342–344
OpenLDAP and directory-server administration, 258
Security server, 271
sed, see Stream editor
Sequencing 9
Server application programming interface (SAPI), 190
Service interruptions, 285
Service-level agreement (SLA), 282–283
Service provider interface (SPI), 249
Service providers, 249
Servlet container, 318
Session key, 103
Session layer, 11
Session variables, 307
set_valueO method, 220
sharedReferral, 69
Simple authentication and security layer (SASL)
installation of OpenLDAP, 262
securing the LDAP server, 271, 272, 274
Simple Mail Transfer Protocol (SMTP), 10, 285–286, 287
SINGLE-VALUE attribute, 67 see also Attributes
SLA, see Service-level agreement
slapd daemon, 377
slapd.conf Schema format, 117–118
slurpd daemon, 377
Smart referrals, 150 see also Referrals
SMTP, see Simple Mail Transfer Protocol
SNMP, see Simple Network Management Protocol
Socket interface, 8
Software development kit (SDK), 123, 187, 224, 237, 240
Sortfilter, 200
Source code, 182
sn, see Surnames
Special characters, 84
Speed, 141
SPI, see Service provider interface
Sponsorship, planning directory services, 326
SQL back end, 21 see also Back end
SSL, see Secure Sockets Layer
Standardization, 169
Standardization layer, 252
Standards
strcmp function, 200
Stream editor (sed), 183
string base_dn, 197
string dn, 198, 205, 206, 207, 208
string errmsg, 201
string filter, 197
string matcheddn, 201
string newparent, 208
string newrdn, 208
string sortfilter, 200
string value, 198
Subnets, 160, 161 see also Replication
Subordinate knowledge information, 149, 153
Subschema object, 64
subtree, 110
Sun One, installation, 263–270
Superior knowledge information, 149, 153
Surname (sn)
LDAP
application programming interface, 183
information model, 68
using, 33
Web environment authentication, 194
Switches
configure and installation of OpenLDAP, 262
interrogation operations and C language, 231
ldapmodify and LDAP API, 179
Synchronous bind, 228
Synchronous calls, 236
Synchronous version, 224
System calls, 8
T
TCL, see Tool command language
TCP, see Transmission Control Protocol
TCP/IP, see Transmission Control
Protocol/Internet Protocol
Ticket, 103
Tie-LDAP, 209
Time service, 142
Timeval structure, 227
TLS Handshake protocol, 102
TLS Record protocol, 102
TLS, see Transport Layer Security
Tool command language (TCL), 255
Trailing white spaces, 84
Transmission Control Protocol (TCP), 10
Transmission Control Protocol/Internet Protocol (TCP/IP), 2, 7, 8–10, 141
Transport Layer Security (TLS), 102, 104, 262, 271
TSL, see Transport Layer Security protocol
U
UDP, see User Datagram Protocol
uid, see User identifier
unavailable, 105
Unbind, see also Bind
LDAP server using PHP scripting language, 192
Unbind method call, 121
Unbind request, 19
Unicode Transformation Format-8 (UTF-8) encoding, 129
Uniform Resource Locators (URLs), 20, 137–138, 153–154, 247–248
UNIX servers, 279
UNIX systems
command-line tools, 178
documentation/installation of directoryserver software, 259
installation of OpenLDAP, 262
Sun One installation, 263
user authentication and directory-server administration, 291–294
Unrestricted information, 309
Unsolicited notification, 88
Updating
directory data, 158, 161, 163, 165
LDAP
case study and Web, 316
directory files and LDIF, 129–134
directory schema, 119
functional model, 88, 89, 93–97
URLs, see Uniform Resource Locators
USAGE attribute, 67, 68 see also Attributes
User
directory-server administration, 291, 292
case study of LDAP and Web, 315, 316
requirements and transaction management, 2
User attributes, 67
User Datagram Protocol (UDP), 10
User identifier (uid), 33, 74, 80, 193
Sun One installation, 267, 269
User request, 6
userApplications, 68
UserlD/password combination, 312, 313, 304, 305, 307 see also Password
userPassword, 101
UTF-8, see Unicode Transformation Format-8
V
Values, 28
Version 3 (LDAP)
access control lists in replication of directory data, 162
LDAP
exploring directory schema, 123
exploring schema using Perl language, 216–217
functional model, 97
LDAP version 2 comparison and C language API, 236
Visibility, client and installation of directoryserver software, 260
Visual C++, 262
W
WAN, see Wide-area network
Web services
accessing LDAP server, 302
case study of LDAP and Web, 308–319
Web server authentication, 303–307
Welcome page, 310
Wide-area network (WAN), 141
Woid, 67
Workload, 159
X
X.500 DAP, 51
X.500 naming style, 81
XML, see Extended markup language
Y
Yellow pages, 4
3.143.4.181