Linux Journal: You Can Get There from Here, Part 3 [LDAP Intro]
Sep 29, 2001, 11:29 (0 Talkback[s])
(Other stories by Marcel Gagné)
"Welcome back, one and all, to the "SysAdmin's Corner".
This series is about getting to that all important data on your
system, even when you are far away. Part of the data we take for
granted at home is our e-mail, hence the first part of this series.
Closely related to that very topic are those ever growing lists of
people with whom we communicate. Sure, you could carry your own
list of contacts, but what about the corporate address book and its
wealth of information? How can we get to that?
So glad you asked since it's a nice intro to today's discussion
on LDAP. LDAP is an acronym for Lightweight Directory Access
Protocol. I like to think of it as directory assistance for your
network, a kind of net-enabled 411 service. With an LDAP server
running on your, er, server, directory assistance will never be far
away. Sound good? Strap in because this is a big topic. I'll get
into some of the nittier and grittier stuff associated with LDAP
later, but I know that you want to walk away from this with
something that works, so this is the plan for today.
A directory is a collection of entries, as you might expect in
any database. Each entry is made up of attributes--more importantly
globally-unique distinguished names, and I do mean globally. Each
attributes also has types with associated values. For instance, an
e-mail address is defined as "mail", while a person's full name is
referred to as cn for "common name". All this data is organized
inside of a hierarchical structure. The database represents an
organization. Inside that organization are organizational units.
Inside organizational units are people. A person is described by
attributes of different types and values. Trust me. This will all
make sense when you see it in action."