Implementing LDAP

There is growing interest in a standard way of providing access to personal information (e.g. "white pages" data) and simplifying the administration and management of this data. LDAP (Lightweight Directory Access Protocol) is poised to be the solution to these problems. Since the IETF recently approved the version 3 of the LDAP protocol it is now rapidly growing in importance as major companies seek to make their proprietary networks available as LDAP servers. Implementing LDAP comes at a time when programmers everywhere consider LDAP as the answer to their development needs.

Who is this book for?

This book is intended for programmers and system administrators who need to build LDAP clients and install LDAP servers. It will also appeal to that group of experienced web users who have heard about LDAP but want a definitive reference on the subject. The book, like LDAP itself, has not been written with any specific programming language or operating system in mind, though it makes extensive use of one of the LDAP-enabled servers currently available — Netscape's Directory Server version 4.0.

What does this book cover?

• Explains the reasoning behind a central, open standard directory access protocol and how LDAP meets the requirements
• Discusses the internals of LDAP including the LDAP Data Interchange Format (LDIF)
• Gives a detailed description on how to install and deploy an LDAP server
• Worked examples to browse and modify LDAP data are provided in C, Perl, Java and Sun's JNDI
• An introduction to Microsoft's Active Directory Services Interface (ADSI)
• Brief overview of other available LDAP-enabled technologies such as PHP, Server-Side JavaScript and ColdFusion
• Discussion of LDAP security and other advanced issues

1. An Introduction to Directory Services
• The Information Revolution
• From Cavewalls to Science
• The Telephone, The Computer and The History of the 20^th Century
• Computers and the Information Age
• Introducing Directories
• Directory Services
• Talking to a Directory Service
• Ubiquitious Directory Services
• Directory Services in Our Daily Lives
• The Telephone Directory Service
• Television Show Listings Services
• Domain Name Service for the Internet
• How DNS Works
• Name Server Lookup
• A Typical DNS Request
• Why Do We Need Directory Services?
• Life Without a Central Directory Service
• Life With a Central Directory Service
• The Benefits of a Centralized Directory Service
• Standardized Directory Services to the Rescue
• Vendor-Derived vs Open Standards
• Vendor-Derived Standards
• Open Standards
• Vendor-specific Directory Service Solution
• Sun Microsystems NIS+
• Novell's Netware Directory Service
• Microsoft's Active Directory
• Open Standards Directory Service Solutions
• An Open Solution: X.500
• An Open Gateway Service
• LDAP — The Directory Services Solution
• Summary
2. Introducing the Lightweight Directory Access Protocol
• Why LDAP?
• The Problem with X.500
• OSI Versus the Internet Model
• The Development of LDAP
• Five Reasons why LDAP is the Right Choice
• Open Solution
• A Secure, Extensible Format
• Programmable from Standard APIs
• Gateway Services
• Vendor Support
• What is LDAP Made Of?
• Definition of LDAP Terminology
• LDAP: The Data Format
• Schemas, Objects and LDAP
• Object Types
• Attributes and Distinguished Names
• LDAP: The Protocol
• Conserving TCP/IP Connections
• LDAP Operations
• Other Protocol Services
• LDAP: The APIs
• University of Michigan API
• Netscape SDKs
• Netscape C, Java and Perl SDK Internals
• Multi-tasking
• Sun and Microsoft's LDAP SDKs
• Other SDKs
• Summary
3. Object Classes, Schemas and LDIF
• Databases vs. Directory Services
• Drawbacks of Traditional Database Applications
• Relational Database Management Systems
• Introduction to LDAP Objects
• Why Objects?
• An Object Example
• Metadata
• LDAP Objects Defined
• LDAP RFC Objects
• Object Class and Attribute Definitions
• Object Classes
• Attributes
• Operational Attributes
• Schemas
• Example Schema
• An Example LDAP Directory
• Deciding on a Naming Scheme
• Problems with the X.500 Naming Scheme
• Success with Internet Domains
• Further Considerations
• Building the Airius, Inc Directory
• What is LDIF?
• LDIF Examples
• Perl and LDIF
• Java and LDIF
• Summary
4. Choosing and Installing an LDAP Server
• LDAP: Server or Access Protocol?
• LDAP Server Types
• LDAP Vendors
• Novell
• Microsoft
• Sun Microsystems
• University of Michigan
• OpenLDAP
• Innosoft
• Netscape
• General OS Support
• LDAP Server Example
• OpenLDAP Project
• Installing OpenLDAP
• Example of OpenLDAP Operation
• Benefits of OpenLDAP
• Netscape Directory Server
• Installing Netscape Directory Server
• The Installation Wizard
• Netscape Directory Server Gateway
• Managing Netscape Console
• Benefits of Netscape Directory Server
• OpenLDAP vs Netscape Directory Server
• Summary
5. Deploying a Netscape Directory Server
• LDIF Revisited
• Exporting Netscape's Address Book
• Export Microsoft Internet Explorer's Address Book
• LDIF: It's not just for the Address Books!
• Installing the Netscape Directory Sample Data
• Testing the LDAP Server
• Designing your own LDAP data
• 'Basic' LDAP
• LDAP for Authentication
• A Brief History of User Authentication
• Smart Cards and Biometric Systems
• Designing Your LDAP Directory Service
• Why Choose LDAP?
• Current Directory Service Unmanageable
• Need a Distributed Database Application
• Central, Open Access to Directory Information for E-mail Clients
• Digital Certificates
• LDAP Implementation
• Developing your Directory Information Tree
• Naming the Root
• Determining RDNs
• Tree Branching
• Adding your own Attributes/Objects
• Implementing an Upload Mechanism
• Advanced Issues
• Summary
6. Programming with Netscape's C LDAP SDK
• The Netscape C LDAP SDK
• A Brief Look at the LDAP C API
• The LDAPMessage Structure
• LDAPMessage Functions
• Determining LDAP Scope
• Initial LDAP Operations
• Initialize an LDAP Handle (Connecting/Disconnecting)
• Synchronous versus Asynchronous Operation
• Binding to the LDAP Server
• Synchronous Bind
• Asynchronous Bind
• A Final Note About Authentication
• Searching an LDAP Server
• Introduction to Filters
• Synchronous Search
• Asynchronous Search
• Sorting
• Sort with Multiple Attributes
• Sort an Attribute by Values
• Working with Search Filter Files
• Working with LDAP URLs
• Entry Modifications
• Adding Entries
• Modifying an Entry
• Deleting an Entry
• Working with Advanced Controls and Extended Operations
• A Working Authentication Routine
• Summary
7. Programming with the PerLDAP SDK
• First a Word From Our Sponsor
• Installing PerLDAP
• PerLDAP Module Reference
• Connecting and Binding to the LDAP Server
• Searching an LDAP Server
• The Search Operation
• Modifying the LDAP Database
• Add a New Entry
• Modify an Entry
• Delete an Entry
• LDAP URLs
• A WWW LDAP gateway in Perl
• Summary
8. Programming with the Netscape Directory SDK for Java
• Directory SDK for Java Packages and Classes
• netscape.ldap Classes
• Interfaces
• Classes
• Exceptions
• Connecting and Binding to an LDAP Server
• The Connection
• Binding (Authentication)
• Anonymous Binding
• Non-Anonymous Binding
• LDAP v2 vs LDAP v3
• Connect and Bind in One Step
• use a Clone and Save Some bandwidth
• Further Operations
• Disconnect
• Searching an LDAP Server
• The Search Operation
• Anonymous Search
• Authenticated Search
• Selecting Attributes
• Search Constraints
• LDAP Database Modifications
• Add an LDAP Entry
• LDAP Entry Modifications
• Delete an LDAP Entry
• Netscape Java LDAP JavaBeans
• LDAP Browser Example
• Authenticating Through LDAP
• Summary
9. Programming with the LDAP Provider in the Sun JNDI
• What is JNDI?
• Naming Service versus Directory Service
• JNDI Class Structure
• javax.naming
• Interfaces
• Classes
• Exceptions
• javax.naming.directory
• Interfaces
• Classes
• Exceptions
• Connecting to an LDAP Server
• Connecting
• Binding
• Searching an LDAP Server
• The Search Operation
• How a JNDI Search is Performed
• LDAP Server Modifications
• Adding Entries
• Modifying Entries
• Deleting Entries
• Using a Different Provider
• Using JNDI and LDAP to Store Java Objects
• Storing and Restoring Methods
• Authentication Control
• Not the Whole Story
• Prepare Schema
• Example Application
• Summary
10. Programming with the ADSI SDK
• About ASDI
• The ADSI Providers
• The LDAP Provider
• The WinNT Provider
• The NDS Provider
• The IIS Provider
• Active Directory Browser
• The ADSI Directory Structure
• Querying a Directory
• Installing Active Directory Browser
• The ASDI Object Model
• A Word About COM
• ADSI COM Objects
• ADsPaths
• Wrapping Directory Objects
• Understanding COM Interfaces
• Interface Inheritance
• The Property Cache
• Programming with ADSI
• Binding and Authenticating
• Retrieving Entries
• Retrieving Known Attributes
• Retrieving All Attributes
• Modifying Entries
• Browsing the Directory
• Adding Entries
• Deleting Entries
• Searching
• Introduction to Active Directory
• Replication
• Installation Information
• Security ACLs
• Domain Trees and Forests
• Extensible Schema
• Summary
11. Alternative LDAP SDKs and Tools
• LDAP Command Line Tools
• ldapsearch
• ldapmodify
• Net::LDAP
• Using Net::LDAP
• PHP
• Using PHP-LDAP
• PS Enlist (Accessing LDAP from ODBC)
• Using PS Enlist
• Server-Side JavaScript — LDAP SDK
• Using SSJSLDAP
• Allaire's ColdFusion
• Conclusion
12. Referrals, Replication, Security and LDAP Controls
• Referrals
• Referrals and Clients
• Server Replication
• Replication in Netscape Directory Server
• Securing LDAP
• Access Control Lists
• Protecting Data Over the Wire
• Introducing the Secure Socket Layer
• How SSL Works
• How a Client Determines A Servers Trustworthiness
• What is a Certificate Authority
• Adding SSL Encryption to Your LDAP Server
• Writing SSL Capable LDAP Clients
• Simple Authentication and Security Layer (SASL)
• Working with LDAP Controls
• Summary
13. LDAP Cookbook
• DumpTree
• GetGroups
• Dealing with Images
• Document Management
• Storing SQL in LDAP with JNDI
• Servlet Authentication with LDAP
• Summary

1. LDAP Glossary
2. LDAP FAQ
3. Reference Section
4. Common LDAP Object Classes and Attributes
• Obtaining an Object Identifier (OID)
• Programmatically Accessing LDAP Schema Information
• Accessing Schema Information with Java
• Object Classes
• Attributes
5. Advanced LDAP: A Directory Enabled Messaging System
• Web Based Messaging
• File-based Messaging Systems
• Database Messaging Systems
• The Alternative: LDAP-based Messaging System
• An Author
• A Subject
• A Message
• messageReferral
• notificationList
• Keywords
• Brazos, the LDAP Messaging System
• Huaco, Java Servlet Interface for Brazos
• The Source Code

A very good and practical book on LDAP. Recommended.