directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1402949 - in /directory/site/trunk/content/apacheds/basic-ug: 1.2-some-background.mdtext images/cover_howes_100.gif images/cover_zoerner_100.gif images/de.png images/fromX500toLDAP.png images/ldap-tools.png
Date Sun, 28 Oct 2012 08:02:38 GMT
Author: elecharny
Date: Sun Oct 28 08:02:37 2012
New Revision: 1402949

Added a page is in basic UG

    directory/site/trunk/content/apacheds/basic-ug/images/cover_howes_100.gif   (with props)
    directory/site/trunk/content/apacheds/basic-ug/images/cover_zoerner_100.gif   (with props)
    directory/site/trunk/content/apacheds/basic-ug/images/de.png   (with props)
    directory/site/trunk/content/apacheds/basic-ug/images/fromX500toLDAP.png   (with props)
    directory/site/trunk/content/apacheds/basic-ug/images/ldap-tools.png   (with props)

Added: directory/site/trunk/content/apacheds/basic-ug/1.2-some-background.mdtext
--- directory/site/trunk/content/apacheds/basic-ug/1.2-some-background.mdtext (added)
+++ directory/site/trunk/content/apacheds/basic-ug/1.2-some-background.mdtext Sun Oct 28 08:02:37
@@ -0,0 +1,114 @@
+Title: 1.1 - What Apache DS is
+NavPrev: 1.1-what-apacheds-is.html
+NavPrevText:  1.1 - What Apache Directory Server is
+NavUp: 1-how-to-begin.html
+NavUpText: 1.1 - How to begin
+NavNext: 1.3-installing-and-starting.html
+NavNextText: 1.3 - Installing and starting the server
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+# Some Background. Directories, directory services and LDAP
+This section provides a brief overview about directories, directory services and LDAP. Furthermore
you find links to different resources (books, online resources, ...), which may act as introduction
to the topic. If you are already an LDAP expert, you'll probably skip this section. 
+## Directories and directory services
+Generally speaking, a directory is a collection or list of data. Real world examples are
telephone books (public or within organizations), church/land registers and listings of works
(e.g. the Koechel-index, which lists all compositions of Mozart). All these examples have
the purpose to preserve information and to make it available on demand to whom it may concern.
+Within information technology the term *directory* is used for a special kind of data storage.
It allows the structured storage and efficient retrieval of objects which are often derived
from the real world (e.g. persons, IT equipment). Characteristic:
+* all data is stored in so called *entries*
+* the set of entries within a directory forms a tree (hierarchical database)
+A *directory service* is a solution which offers users access to the information stored in
the directory. A directory assistance (call center agent) is a good real world example for
such a service. Within information technologies, such services are normally provided by software
components. Directory services provide access to the content of a directory via a well-defined
interface. If a network is used, an appropriate protocol has to be defined. LDAP (see below)
is such a protocol.
+The real world examples mentioned above may be stored in such a directory, although other
types of storage systems can be more appropriate (this depends on circumstance/requirements).
At first sight directories compete thereby as data storage with the established relational
data bases. However in the most large enterprises and organizations both directory services
and relational databases are actually used. Read how Vikas Mahajan describes directories and
databases as complementary, not competitive, solutions in his excellent article ["Should I
Use a Directory, a Database, or Both?"](
+## LDAP -- the Lightweight Directory Access Protocol
+### What is it? Some history.
+The comprehensive standard *X.500*, finalized in 1988, builds the foundation for many of
today's directory solutions. Within this standard, the client accesses the server via the
Directory Access Protocol (*DAP*), which is OSI protocol stack based. With the Internet boom
in the nineties, the accessibility of directories via TCP/IP became more and more important.
Hence a TCP/IP-based access method, which in functionality was a subset of DAP, was standardized
in 1993: the *Lightweight Directory Access Protocol (LDAP)*. First LDAP implementations were
gateway solutions, they mediated between LDAP clients and X.500 servers.  In 1995 the University
of Michigan presented the first native LDAP server; in the meantime the work is continued
by the [OpenLDAP]( project. 1996 Netscape followed with the first
commercial LDAP server (Netscape Directory Server, foundation of several later LDAP servers).
Other examples (among many others) include [Microsoft Active D
 irectory]( and [Novell eDirectory](
The figure below shows the development of directory protocols from X.500/DAP to LDAP.
+![From X500 to LDAP](images/fromX500toLDAP.png)
+### Information model primer
+Within the information model of LDAP, data is stored in entries, which build up a hierarchical,
tree like structure. Each entry has a unique name (*DN*, *Distinguished Name*), which depicts
its position within the tree. An entry consists of key/value pairs, the *attributes*. Some
attributes may occur more than once within an entry (single or multi valued, e.g. a person
can have more than one telephone number). So called *object classes* define, which attributes
an entry may have, and which of them are required. The classes build up a hierarchy with *top*
as root; there is a parallelism to the object oriented world. top forces only the attribute
objectclass, which assigns an entry its object classes. A *schema* consists object classes
and attribute types, and therefore defines, what kind of entries can be stored within the
directory. Directory servers ship a schema out-of-the-box, often with elements standardized
by RFCs. In addition, most directory solutions allow you to def
 ine custom object classes and attributes. But in practice, the pre-defined elements are used.
Sometimes they get extended according to special requirements.
+### Common applications of LDAP based directories
+LDAP operations include entry creation, modification, deletion and search. As a general rule,
LDAP directories are optimized for read and search operations, at the cost of write performance.
Data, which will be modified often, therefore better suits in a relational database, which
offers better support for transactions and referential integrity as well. Directories are
rather used if comparatively stable data has to be provided centrally.  
+Common examples are network resources (printers, services) and user data  (including credentials
and rights for the resources). As a notable feature, many directory products offer replicas,
which permit better access times and higher availability especially in geographically dispersed
organizations. Not for nothing, the most common LDAP application is the enterprise phone book.
That even Microsoft Outlook may be an LDAP client in this case - most average users probably
don't know.
+### Examples of software components which support LDAP
+![LDAP tools](images/ldap-tools.png)
+Very different types of software products may act as LDAP clients, consuming data for authentication,
authorization or data presentation etc.
+* E-Mail clients (e.g. Mozilla Thunderbird)
+* LDAP tools (e.g. Apache Directory Studio)
+* Web servers (e.g. Apache Tomcat, Apache HTTP Server)
+* Mail servers (e.g. Apache James)
+* ...
+Configuration details for several of these programs in conjunction with ApacheDS are described
in later sections.
+## LDAP resources
+### Books
+There are several good LDAP books available. Here are two examples which provide sample chapters
on their homepages.
+#### Understanding and Deploying LDAP Directory Services
+Understanding and Deploying LDAP Directory Services (2nd Edition) <br/>
+by Timothy A. Howes, Mark C. Smith, Gordon S. Good, Tim Howes <br/>
+Addison-Wesley Professional, 2nd Edition 2003 <br/>
+ISBN: 0-672323-16-8 <br/>
+[Book's Homepage (Howes)](
+#### LDAP fuer Java-Entwickler
+LDAP fuer Java-Entwickler -- Einstieg und Integration. ![DE](images/de.png) <br/>
+von Stefan Zoerner <br/>
+Software und Support Verlag, 3. aktualisierte Auflage 2007 <br/>
+ISBN: 978-3-939084-07-5 <br/>
+[Webseite zum Buch (Zoerner)](
+### Articles, forums, blogs and other online resources
+#### Blogs
+* [cn=Directory Manager - All about Directory Server](,
Sun Blog
+#### Articles and other online resources
+* [Understanding LDAP - Design and Implementation](,
IBM RedBook, July 2006
+* [Demystifying LDAP](
by Brian K. Jones, O'Reilly Network
+* [LDAP verstehen mit linx](, by Petra Haberer ![DE](images/de.png)

Added: directory/site/trunk/content/apacheds/basic-ug/images/cover_howes_100.gif
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/basic-ug/images/cover_howes_100.gif
    svn:mime-type = application/octet-stream

Added: directory/site/trunk/content/apacheds/basic-ug/images/cover_zoerner_100.gif
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/basic-ug/images/cover_zoerner_100.gif
    svn:mime-type = application/octet-stream

Added: directory/site/trunk/content/apacheds/basic-ug/images/de.png
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/basic-ug/images/de.png
    svn:mime-type = application/octet-stream

Added: directory/site/trunk/content/apacheds/basic-ug/images/fromX500toLDAP.png
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/basic-ug/images/fromX500toLDAP.png
    svn:mime-type = application/octet-stream

Added: directory/site/trunk/content/apacheds/basic-ug/images/ldap-tools.png
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/basic-ug/images/ldap-tools.png
    svn:mime-type = application/octet-stream

View raw message