LDAP sketch

LDAP Relevant concepts

1） Lightweight Directory Access Protocol （Lightweight Directory Access Protocol）,LDAP Is a communication protocol ,LDAP Able to support TCP/IP. Protocol is the standard , Under this set of standards ,AD（Active Directory） It's a set of products implemented by Microsoft . You can put AD It's a database , There are also a lot of people who put LDAP It's a database （ A tree database ）.LDAP There are also servers and clients , The server is used to store resources , The client controls and operates accordingly .
2）LDAP The storage is tree structured , The data is stored on the leaf node , therefore LDAP It is mainly used for query in the application of , The operation efficiency of insertion and deletion will be relatively low . Take a look at the following example ：

LDAP Define the location of a record in ： Trees （dc=main） Branch （ou=o1,ou=oo1,ou=ooo1） node （cn=node）

dn: cn=node,ou=o1,ou=oo1,ou=ooo1,dc=main

3）ou There will be multiple values , From the roots to node The location of , It may go through several branches , therefore ou There may be multiple values , About dn The next string , Namely cn,ou,dc; Separated by commas .

LDAP Description of descriptors in tree database ：
dn： The detailed location of a record 
dc： The area of a record （ Trees ）
ou： The organization of a record （ Branch ）
cn/uid： The name of a record /id（ node ）
LDAP： At the top of the tree is the root , It's called “ The benchmark DN”

LDAP Application scenarios of

because LDAP Use a tree structure to store data , So the efficiency of query is higher （ Refer to the index principle in relational database ：B Trees /B+ Trees ）, So in certain scenarios , Using this tree structure for storage has more advantages , for example ： Need to store a lot of static data , The data is relatively stable , No frequent modifications are required , Be able to do a quick search .LDAP Compared with the traditional relational database , The structural characteristics determine that it can undertake the application scenarios that need fast retrieval , For example, domain authentication .

LDAP Common directory tree structure design

LDAP The root of a directory tree is generally defined as a country （c=CN） Or domain name （dc=com）, Second, it often defines one or more organizations （organazation,o） Or organizational unit （organazation,ou）, An organizational unit can contain members 、 equipment （ Computer / The printer ） Etc .

 for example ：uid=babs,ou=People,dc=example,dc=com

 Suppose the domain name is foobar.com, This domain name can be transformed into this dn：dc=foobar,dc=com

 If foobar.com And wocket.com and gizmo.com Merge , The above directory structure can adapt to this sudden change , There's no need to re plan 

 The better the initial directory structure is set , The less changes are needed for subsequent extensions , Generally, the structure with uniform distribution and shallow layers works best 

LDAP Do unified certification

Unified identity authentication changes the original authentication strategy of different applications , Make the applications that need to be authenticated pass LDAP Unified Authentication , After unified authentication , All of the user's information is stored in AD Server in , When end users need to use internal services , You have to go through AD Authentication of the server .

The structure shown below is LDAP General configuration of unified identity authentication ,LDAP client It's all kinds of identity authentication software , for example Apache、Proftpd、Samba etc. ,LDAP Server It's the realization of LDAP Back end services , for example OpenLDAP etc. .OpenLDAP It's just LDAP An implementation of a protocol , The data will be stored in the background database ,LDAP Server and DataStorage Many times it will be deployed on the same server , Although the form of background database can be various , But according to LDAP The agreement in the agreement , The actual logical structure of the data will still be a tree structure .