Lightweight Directory Access Protocol (LDAP) is designed to provide access to X.500 directory services (i.e. to maintain directory databases). It is frequently used to distribute public key certificates, address book information, and user authentication information. Clients can be controlled by individuals (via an application, called LDAP browser) or an agent (e.g.: authentication module or any other application).
X.500 represents information in a hierarchical directory structure. Every entry in the tree is identified with a unique distinguished name (DN) and contains several attributes. A DN looks like the following:
uid=username,ou=administrators,ou=some-department,ou=some-part-of-the-company,dc=company,dc=net
A schema defines sets of attribute entries in an ObjectClass. Every container can have different ObjectClasses, with each ObjectClass having mandatory and optional entries. The following example defines a user with several attributes from five ObjectClasses.
Example 4.27. Example Ldap entry |
---|
dn: uid=username,ou=departnent,dc=company,dc=hu uid: username cn: username sn: username uidNumber: 1234 gidNumber: 1234 mail: username@company.hu displayName: Dr. UserName homeDirectory: /home/username objectClass: top objectClass: posixAccount objectClass: inetOrgPerson objectClass: inetLocalMailRecipient objectClass: sambaSamAccount sambaSID: 1234 loginShell: /bin/bash userPassword: {SMD5}fdsfhiz234dsadsad telephoneNumber: 1234 street: Foo postOfficeBox: 1234 roomNumber: 107 |
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu