LDAP是什么?
LDAP是'Lightweight Directory Access Protocol'简写,中文直译的话称作'轻量级目录访问协议'
那么会引申出什么是directory service?
1 | A directory is a specialized database specifically designed for searching and browsing, |
LDAP是怎样存储信息的?
树状结构, LDAP的信息模型基于entries(条目), entries是全局唯一属性(globally-unique Distinguished Name)的集合.
每颗树只有一个root entry,我们称之为naming context或者suffix(后缀)
LDAP是怎样定义信息的?
过objectClass来控制条目中所需和允许的属性(attribute), 属性的值必须遵从schema(模式)规则.
两种命名方式
traditional naming
internet naming
OpenLDAP 是什么, 跟LDAP什么关系?
OpenLDAP是一个软件, 是LDAP协议的开源实现
常见名词解释或规范
Schema: 模式 定义对象类
objectClass: 对象类
- 结构型(structural): 如person
- 辅助型(auxiliary): 如extensibleObject
- 抽象型(abstract): 如top,不能直接使用
Entry: 条目. 目录树中一个具体的对象. 对象类和属性组合成条目
DN: Distinguished Name 全局唯一名字 例: uid=babs,ou=People,dc=example,dc=com.
RDN: Relative DN 相对名字 例: uid=babs
DC: Domain Component 域组件?例: dc=test,dc=com
O: organizations 组织 例如: dc=example
OU: Organizational Units 组织单元 例: ou=People
CN: Common Name 用户名或服务器名
C: Country 国家
LDIF: LDAP Data Interchanged Format 轻量级目录访问协议数据交换格式. 存储LDAP配置信息及目录内容的标准文本文件格式.
OLC: On-Line Configuration
DIT: Directory Information Tree 目录信息树
1
2
3LDAP directory servers present data arranged in tree-like hierarchies in which
each entry may have zero or more subordinate entries.
This structure is called the Directory Information Tree, or DIT.Root DSE: Root Directory Special Entry 根特殊条目,其DN是零长度字符串
1
2
3
4
5
6All LDAP servers must expose a special entry, called the root DSE,
whose DN is the zero-length string.
This entry will be described in detail below,
but one of the operational attributes that it exposes is called namingContexts,
which provides a list of all of the DNs that act as naming contexts for the DITs
that may be held in the server.