Learning
Objectives
1.
Understand what a directory service is
2.
Understand the structure of a directory service
3.
Understand the LDAP functional model
4.
Understand the LDAP security model
Readings
Additional Resources
Some
common directory products (just know what they are)
Notes
A directory service is much like a telephone directory. It’s a hierarchical database that stores information in an object-oriented, rather than a tabular form, as an RDBMS does. The difference in the architecture is in the type of services that a directory provides.
First, the directory is predominantly used for read access, not write access—that is, you look up user information more often than update it or add new users. Secondly, a directory service tends to store data that can be structured more easily in a hierarchical manner. Directory entries typically consist of "entries" with "attributes", while an RDBMS has "tables" with "records". Additionally, each attribute is permitted to have more than one value.
LDAP stands for the "Lightweight Directory Access Protocol". It was originally designed to provide access to X.500 databases; however it is now more common to find LDAP servers in a standalone capacity. LDAP has become the defacto standard for internet directory services. Many of the internet email directories (such as bigfoot and four11) provide LDAP access to their databases. LDAP has caught on in many other capacities on the internet; currently Netscape, Novell, Microsoft, Sun and many other large companies are incorporating LDAP into their directory strategies. LDAP is well suited to replace traditional Directory Services, such as NIS. (from here)