Cover V06, I09
Article
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Listing 1
Listing 2
Listing 3
Listing 4
Sidebar 1

sep97.tar

Sidebar : X.500 (DAP) Distinguished Names Syntax and Object Classes

The LDAP hierarchy is unrelated to the Internet's Domain Name Server (DNS) naming space, server, or network architecture, or other network configuration information - this hierarchy is only contained within the DAP database. An entry is referenced by its distinguished name, which is constructed by taking the name of the entry itself (called the relative distinguished name, or RDN) and concatenating the names of its ancestor entries. For example, the entry for Francisco M. De La Vega has an RDN of cn=Francisco M. De La Vega and a DN of cn=Francisco M. De La Vega, ou=Genetica, o=CINVESTAV, c=MX. The full DN format is described in RFC 1779, "A String Representation of Distinguished Names." Since there is not a central X.500 registry authority like InterNIC for DNS, there is no guarantee that any DN is unique on a global scale. Thus, this may represent an obstacle for global "white pages" services based on LDAP. Some users propose the integration of DNS naming space into LDAP so as to profit from the infrastructure within DNS.

LDAP entries are typed by an objectclass attribute. This attribute allows you to control which attributes are required and allowed in an entry. The values of the objectclass attribute determine the schema rules the entry must obey, and most of the attributes used in Netscape DS are taken from X.500 standard. It is possible to construct new data types by including the new objectclass in the slapd.oc.conf file (see Listing 2) and defining any new attributes in the slapd.at.conf file. Netscape has created new objectclasses to handle entries for servers, administration entities, and NT directory-imported data. Attributes can contain values that range from ASCII text to binary data, the latter converted to base64 ASCII representation when exported as LDIF files. Passwords can be represented in their encrypted form, specifying the encryption algorithm (e.g., SHA). LDAP operations, like searches or access privilegies, can be regulated on the basis of the objectclass type. For example, it is possible to restrict searches of the directory to entries whose objectclass equals acl, to locate entries that describe access control lists.
 

© 2002 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com