Published on

Basic info on Active Directory.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. 1.What is LDAP? LDAP is the Lighweight Directory Access Protocol. LDAP is designed to be a standard way of providing access to directory services. A directory service is just a database that has been designed to be read from more than it is designed to written to. LDAP was derived from X.500, the OSI Directory Access Protocol. Some existing directory services are Sun's NIS+ and Novell's NDS. 2. Why should I use LDAP? LDAP is now the standard for providing access to directory information like company phone/email directories. It is also being used to act as a gateway to other electronic information systems as a meta-directory by companies like Ford and Home Depot to deploy their intranet/extranet systems. It is poised to become the standard lightweight database for the Internet, much like the Berkeley database became for UNIX. Many companies store user information in an LDAP server for shared use by Web servers, mail servers, company phonebooks, and other applications. With some LDAP servers, you can use the default database or you can write your own functions to access directory data in any other existing legacy system like a SQL database. The Netscape Directory SDKs provide you with a fully functional code to either add LDAP support to your existing applications or to write your own LDAP clients from scratch. Since they are free and the source code is freely available, you can fix any bugs or add operations you need easily. 3.What is LDIF? LDIF is the LDAP Data Interchange Format. LDIF is an ASCII format that is used to exchange data between the server and the client or for export between servers. It can also be used to make changes to the LDAP server when using the command line utilities. Binary data can be referenced in an external file or included in-line BASE-64 encoded. 4. What is an entry? A LDAP entry is basically a record in the LDAP database. LDAP entries are composed of attributes and values. Each entry has a special
  2. 2. attribute called the distinguished name, which is the unique name of the entry. What is a dn/Distinguished Name? A Distinguished Name is a special attribute in a LDAP entry and is referenced with the mnemonic dn. The dn must be unique in the LDAP namespace. Its components must be parts of the LDAP entry. The components of the dn are referred to as Relative Distinguished Names (rdn). The dn is always indexed and will always be returned in any search. Every dn must be unique. To insure uniqueness in a global space, the uniqueness must start with the base of the dn (the far right hand side of the dn). Why do I get quot;Authorization Credentials Deniedquot; when I try to hook up my Netscape SuiteSpot Administration server to a LDAP server? Make sure that you have enabled the SuiteSpot settings and have the right userids and passwords in the Directory server. Also make sure that you have correct DNS entries (fully qualified domain names - FQDN) for all of your SuiteSpot servers. Can I use LDAP with NIS? You have several options with LDAP and NIS. You can use LDAP as your backend database for NIS or you can replace NIS outright with LDAP. More and more UNIXs are shipping with native LDAP capabilities How can I use LDAP while I have legacy systems that can't use LDAP yet? A first step is to make the LDAP server the quot;masterquot; for userids because this will encourage everyone to synchronize on a singular userid for each user in the organization, which will make the migration easier. First you add all existing users into the LDAP database. You then pregenerate a userid for each new user that is added to the organization. When a new account is created for any non-LDAP system, the first step in the account creation process is to query the LDAP server to retrieve the userid for the particular user. The best way to synchronize passwords in this systems is to make sure everyone has the same userid. The next step is to set up a secure Website using SSL. Then use a CGI program to take users userid and new
  3. 3. password to call different routines that can change the passwords to all viable systems. Why I need LDAP if I have a RDBMS Servers that are built to be LDAP servers are usually optimized for read access and will likely be much faster than a RDBMS in providing read access to information. If a system must be distributed, LDAP is really the only choice. How can I display Unicode characters in my LDAP applications? LDAP v3 supports Unicode via UTF-8 How can I get an OID? An Object Identifier (OID) is string of octet digits that are required to add an attribute or objectclass of your own to a LDAP server.