4.12.1. The LDAP protocol

Lightweight Directory Access Protocol (LDAP) is designed to provide access to X.500 directory services (i.e. to maintain directory databases). It is frequently used to distribute public key certificates, address book information, and user authentication information. Clients can be controlled by individuals (via an application, called LDAP browser) or an agent (e.g.: authentication module or any other application).

X.500 represents information in a hierarchical directory structure. Every entry in the tree is identified with a unique distinguished name (DN) and contains several attributes. A DN looks like the following:

uid=username,ou=administrators,ou=some-department,ou=some-part-of-the-company,dc=company,dc=net

A schema defines sets of attribute entries in an ObjectClass. Every container can have different ObjectClasses, with each ObjectClass having mandatory and optional entries. The following example defines a user with several attributes from five ObjectClasses.

Example 4.25. Example Ldap entry
dn: uid=username,ou=departnent,dc=company,dc=hu
uid: username
cn: username
sn: username
uidNumber: 1234
gidNumber: 1234
mail: username@company.hu
displayName: Dr. UserName
homeDirectory: /home/username
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: sambaSamAccount
sambaSID: 1234
loginShell: /bin/bash
userPassword: {SMD5}fdsfhiz234dsadsad
telephoneNumber: 1234
street: Foo
postOfficeBox: 1234
roomNumber: 107