introduction
LDAP is a protocol spoken by directory servers. A directory is a data store that can be read from very quickly. A DIT (Directory Information Tree) is the information in the database.
A DIT is laid out in a tree structure. Each entry in the directory has a unique address.
what it is
A DIT is usually called a directory.
Let's say you have a DIT (Directory Information Tree) full of employee records. The table shows the root and the bottom bit of the branches of this employee directory. The root of the tree is named dc=uk. Four layers down from this, in the branch ou=People, are a bunch of entries with catchy names like uid=1. These are the employee records. This branch has ten thousand entries, one entry for each employee of the company.
| DIT (Directory Information Tree) | ||||
|---|---|---|---|---|
| dc=uk | ||||
| dc=co | ||||
| dc=idc | ||||
| ou=Locations | ||||
| ou=Companies | ||||
| ou=Directory Admin | ||||
| ou=Parameters | ||||
| ou=People | ||||
| uid=1 | ||||
| uid=2 | ||||
| uid=3 | ||||
| ... | ||||
Each entry has a unique key called a dn (distinguished name). If you are looking for an entry that contains a person's details, you are bound to know their name. You must find the dn by searching for the name.
The only unique part of an entry is the dn which looks something like this: uid=1234, ou=people, dc=idc, dc=co, dc=uk. This is created by reading this tree from the right hand side (uid=1) to the left hand side (dc=uk) and writing down each name, seperated by commas. No-one except a serious LDAP geek remembers a dn.
An employee entry may look like this.
| employee entry | ||
|---|---|---|
| attribute | value | description |
| dn | uid=1234, ou=people, dc=idc, dc=co, dc=uk | |
| businessCategory | Information Technology | |
| givenName: | Nick | |
| mobile | 0123 456 7890 | |
| objectClass | customer01person | |
| objectClass | inetorgperson | |
| objectClass | organizationalPerson | |
| objectClass | person | |
| objectClass | top | |
| customer01SecretChallenge2 | The town you were born in | |
| userPassword | {SSHA}PxBUbN0sIo7L4WVCGqni9fo3R01maBg== | I have forgotten my password. I can't see what it is because it is encrypted. |
| customer01SecretChallenge | Your house number/name | |
| facsimileTelephoneNumber: | ||
| ou | Technical Operations | |
| uid | 1234 | |
| idc@planetlarg.net | ||
| cn | Nick | |
| telephoneNumber | 0123 456 7890 | |
| manager | 5678 | |
| o | LIC support team | |
| customer01ExtnNumber | 123 4567 | |
| l | the office | |
| customer01SecretResponse2 | North Pole | |
| customer01SecretResponse | 123 | |
| description: | works hard | |
| sn: | Smith | |
| personalTitle | Mr | |
| customer01MobileExtnNumber | 1234 | |
| title | support analyst | |
what it isn't
A directory server. This information could be managed by any database server such as Oracle or MySQL.
where it is
The directory server running in the LIC is IDS5 (iPlanet Directory Server). This is Sun's directory server product. Lots of DITs can be found on the directory server hosts BLD01 and 2.
history
