the ability to replicate information widely in order to increase
availability and reliability, while reducing response time. When
directory information is replicated, temporary inconsistencies between
-the replicas may be OK, as long as they get in sync eventually.
+the replicas may be okay, as long as they get in sync eventually.
There are many different ways to provide a directory service. Different
methods allow different kinds of information to be stored in the directory,
is an example of a globally distributed directory service.
-
H2: What is LDAP?
{{slapd}}'s model for directory service is based on a global directory
title="LDAP directory tree (traditional naming)"
FT[align="Center"] Figure 1.1: LDAP directory tree (traditional naming)
-The tree may also be arranged based upon Internet domain names.
-Figure 1.2 shows an example using this increasingly popular naming
-approach.
+The tree may also be arranged based upon Internet domain names. This
+naming approach is becoming increasing popular as it allows for
+directory services to be locating using the {{TERM[expand]DNS}}.
+Figure 1.2 shows an example LDAP directory tree using domain-based
+naming.
!import "intro_dctree.gif"; align="center"; \
title="LDAP directory tree (Internet naming)"
In addition, LDAP allows you to control which attributes are required
and allowed in an entry through the use of a special attribute called
-{{objectClass}}. The values of the {{objectClass}} attribute
+{{EX:objectClass}}. The values of the {{EX:objectClass}} attribute
determine the {{schema}} rules the entry must obey.
{{How is the information referenced?}}
{{How is the information protected from unauthorized access?}}
Some directory services provide no protection, allowing anyone to see
-the information. LDAP provides a method for a client to authenticate,
-or prove its identity to a directory server, paving the way for rich
-access control to protect the information the server contains.
+the information. LDAP provides a mechanisms for a client to
+authenticate, or prove its identity to a directory server, paving
+the way for rich access control to protect the information the server
+contains. LDAP also supports privacy and integrity security
+services.
H2: How does LDAP work?
{{B:LDAPv2}} and {{B:LDAPv3}}: {{slapd}} supports both version 2 and 3
of the {{TERM[expand]LDAP}}. {{slapd}} provides support
-for the latest features while maintaining interoperability with existing
-clients. {{slapd}} supports both IPv4 and IPv6 protocols.
+for the latest features while maintaining interoperability with
+existing clients. {{slapd}} supports both IPv4 and IPv6.
{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports
strong authentication services through the use of SASL. {{slapd}}'s
copies of its database. This {{single-master/multiple-slave}}
replication scheme is vital in high-volume environments where a
single {{slapd}} just doesn't provide the necessary availability
-or reliability. {{slapd}}
-also includes experimental support for {{multi-master}} replication.
+or reliability. {{slapd}} also includes experimental support for
+{{multi-master}} replication.
{{B:Configuration}}: {{slapd}} is highly configurable through a
single configuration file which allows you to change just about
very well. These features and more will be coming in a future release.
-
H2: What about X.500?
Technically, LDAP is a directory access protocol to an {{TERM:X.500}}
X.500 DAP. If you are not running X.500 DAP, want to stop running
X.500 DAP, or have no immediate plans to run X.500 DAP, read on.
-It is possible to replicate data from a {{slapd}} directory
-server to a X.500 {{TERM:DSA}}, which allows your organization to
-make your data available as part of the global X.500 DAP directory
-service on a {{read-only}} basis. See the
-{{SECT:Replication to an X.500 DSA}}
-section in the
-{{SECT:Replication with slurpd}} chapter of this document.
-
-Another way to make data in a {{slapd}} server available to the
-X.500 community would be by using a X.500 DAP to LDAP gateway. At
-this time, no such software has been written (to the best of our
-knowledge), but hopefully some group will see fit to write such a
-gateway.
+It is possible to replicate data from an LDAP directory
+server to a X.500 DAP {{TERM:DSA}}. This requires an LDAP/DAP
+gateway. OpenLDAP does not provide such a gateway, but our
+replication daemon can be used to replicate to such a gateway.
+See the {{SECT:Replication with slurpd}} chapter of this document
+for information regarding replication.
H2: What is slurpd and what can it do?
!define HTML_URL_CATALOG "../index.html"
!macro HTML_HEADER
- !block inline
-<FONT FACE="Arial,Verdana,Helvetica">
- !endblock
+# !block inline
+#<FONT FACE="Arial,Verdana,Helvetica">
+# !endblock
!if DOC_LOGO
!block inline
<A HREF="http://www.OpenLDAP.org/">
!macro HTML_FOOTER
!HTML_PRE_SECTION
!HTML_NAVIGATE
+# !block inline; expand
+#</FONT>
+# !endblock
!block inline; expand
-</FONT>
<P>
<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
______________<BR>
!endmacro
!macro HTML_TOPIC_HEADER
- !block inline; expand
-<FONT FACE="Arial,Verdana,Helvetica">
- !endblock
+# !block inline; expand
+#<FONT FACE="Arial,Verdana,Helvetica">
+# !endblock
!define DOC_TOPIC_LOGO $var{'DOC_LOGO'}
!if DOC_TOPIC_LOGO
!default DOC_TOPIC_LOGO_BASE $var{'DOC_LOGO_BASE'}
!macro HTML_TOPIC_FOOTER
!HTML_PRE_SECTION
!HTML_TOPIC_NAVIGATE
+# !block inline; expand
+#</FONT>
+# !endblock
!block inline; expand
-</FONT>
<P>
<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
______________<BR>
!block references; data
Reference|Status|Document|Jump
-RFC2079|PS|RFC2079|ftp://ftp.isi.edu/in-notes/rfc2079.txt
-RFC2251|PS|RFC2251|ftp://ftp.isi.edu/in-notes/rfc2251.txt
-RFC2252|PS|RFC2252|ftp://ftp.isi.edu/in-notes/rfc2252.txt
-RFC2253|PS|RFC2253|ftp://ftp.isi.edu/in-notes/rfc2253.txt
-RFC2254|PS|RFC2254|ftp://ftp.isi.edu/in-notes/rfc2254.txt
-RFC2255|PS|RFC2255|ftp://ftp.isi.edu/in-notes/rfc2255.txt
-RFC2256|PS|RFC2256|ftp://ftp.isi.edu/in-notes/rfc2256.txt
-RFC2798|PS|RFC2798|ftp://ftp.isi.edu/in-notes/rfc2798.txt
-RFC2829|PS|RFC2829|ftp://ftp.isi.edu/in-notes/rfc2829.txt
-RFC2830|PS|RFC2830|ftp://ftp.isi.edu/in-notes/rfc2830.txt
-RFC2831|PS|RFC2831|ftp://ftp.isi.edu/in-notes/rfc2831.txt
+RFC2079|PS|Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifers|ftp://ftp.isi.edu/in-notes/rfc2079.txt
+RFC2251|PS|Lightweight Directory Access Protocol (v3)|ftp://ftp.isi.edu/in-notes/rfc2251.txt
+RFC2252|PS|LDAPv3: Attribute Syntax Definitions|ftp://ftp.isi.edu/in-notes/rfc2252.txt
+RFC2253|PS|LDAPv3: UTF-8 String Representation of Distinguished Names|ftp://ftp.isi.edu/in-notes/rfc2253.txt
+RFC2254|PS|The String Representation of LDAP Search Filters|ftp://ftp.isi.edu/in-notes/rfc2254.txt
+RFC2255|PS|The LDAP URL Format|ftp://ftp.isi.edu/in-notes/rfc2255.txt
+RFC2256|PS|A Summary of the X.500(96) User Schema for use with LDAPv3|ftp://ftp.isi.edu/in-notes/rfc2256.txt
+RFC2296|PS|Use of Language Codes in LDAP|ftp://ftp.isi.edu/in-notes/rfc2296.txt
+RFC2798|INFO|Definition of the inetOrgPerson LDAP Object Class|ftp://ftp.isi.edu/in-notes/rfc2798.txt
+RFC2829|PS|Authentication Methods for LDAP|ftp://ftp.isi.edu/in-notes/rfc2829.txt
+RFC2830|PS|LDAPv3: Extension for Transport Layer Security|ftp://ftp.isi.edu/in-notes/rfc2830.txt
+RFC2831|PS|Using Digest Authentication as a SASL Mechanism|ftp://ftp.isi.edu/in-notes/rfc2831.txt
+RFC2849|PS|The LDAP Data Interchange Format|ftp://ftp.isi.edu/in-notes/rfc2849.txt
!endblock
projects / openldap / commitdiff