What is LDAP ...??

________________________________________________________________________________ _______ LDAP stands for "Lightweight Directory Access Protocol", is a software p rotocol for enabling anyone to locate organizations, individuals and other resources suc h as files and devices in a network, whether on the public Internet or a corporate in tranet. LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server. LDAP (Lightweight Directory Access Protocol) is a protocol for communications be tween LDAP servers and LDAP clients. LDAP servers store "directories" which are access by LDAP clients. LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI netwo rk protocol stack. LDAP servers store a hierarchical directory of information. In LDAP parlance, a fully-qualified name for a directory entry is called a Distinguished Name. Unlik e DNS (Domain Name Service) FQDN's (Fully Qualified Domain Names), LDAP DN's sto re the most significant data to the right. LDAP is extensible and can be used to store any type of data. Most interesting i s that LDAP is being used as a core technology for most Single Sign On (SSO) imp lementations. LDAP lets you "locate organizations, individuals, and other resources such as fi les and devices in a network, whether on the Internet or on a corporate intranet ," and whether or not you know the domain name, IP address, or geographic wherea bouts. An LDAP directory can be distributed among many servers on a network, the n replicated and synchronized regularly. An LDAP server is also known as a Direc tory System Agent (DSA). LDAP was developed at the University of Michigan; it's "lightweight" in contrast to DAP, a part of the older X.500 directory protocol for networks. It is both s impler and less secure, hence lighter. It can be used to route email in large or ganizations as well as look up people and machines across public or private netw orks. Many current email clients, including Microsoft Outlook, Eudora, and Netscape Co mmunicator, use some form of LDAP database to look up email addresses. Internic and Infospace are two examples of big public look-up services built with LDAP.

What is LDAP used for? _______________________________ I know that LDAP is used to provide some information and to help facilitate auth orization. But what are the other usages of LDAP? -------------------------

Well, there are LDAP servers and the LDAP protocol. Combined, it's a data store, or a database. It's not relational, but it's just a place to store data, and it 's optimized to be efficient at reads more than writes. It doesn't support trans actions. Now, it happens to be very popular for storing credentials, but that's by no mea ns its only purpose, and not its original purpose. ------------------------LDAP is the Lightweight Directory Access Protocol. Basically, it's a protocol us ed to access data from a database (or other source) and it's mostly suited for l arge numbers of queries and minimal updates (the sort of thing you would use for login information for example). LDAP doesn't itself provide a database, just a means to query data in the databa se. ---------------The main idea of LDAP is to keep in one place all the information of a user (con tact details, login, password, permissions), so that it is easier to maintain by network administrators. For example you can: * use the same login/passwd to login on an Intranet and on your local comput er. * give specific permissions to a group of user. For example some could acces s some specific page of your Intranet, or some specific directories on a shared drive. * get all the contact details of the people in a company on Outlook for exam ple. ----------------LDAP is a protocol for accessing a directory. A directory contains objects; gene rally those related to users, groups, computers, printers and so on; company str ucture information (although frankly you can extend it and store anything in the re). LDAP gives you query methods to add, update and remove objects within a director y (and a bunch more, but those are the central ones). What LDAP does not do is provide a database; a database provides LDAP access to itself, not the other way around. It is much more than signup. ----------------LDAP is Lightweight Directory Access Protocol. DAP, is an X.500 notion, and in X .500 is VERY heavy weight! (It sort of requires a full 7 layer ISO network stack , which basically only IBM's SNA protocol ever realistically implemented). There are many other approaches to DAP. Novell has one called NDAP (NCP Novell C ore Protocols are the transport, and NDAP is how it reads the directory). LDAP is just a very lightweight DAP, as the name suggests. -----------------LDAP is also used to store your credentials in a network security system and ret rieve it with your password and decrypted key giving you access to the services.

________________________________________________________________________________ ___________________________________________ =================================== LDAP Client Side configuration ============ ========================== [root@station140 ~]# authconfig-tui [root@station140 ~]# [root@station140 ~]# [root@station140 ~]# getent passwd ldapuser2 ldapuser2:x:2002:2002:ldapuser2:/rhome/station2/ldapuser2:/bin/bash [root@station140 ~]# [root@station140 ~]# [root@station140 ~]# vim /etc/auto.master /rhome/station2 :wq! [root@station140 ~]# [root@station140 ~]# vim /etc/auto.misc ldapuser2 2 :wq! [root@station140 ~]# [root@station140 ~]# service autofs restart Stopping automount: Starting automount: [root@station140 ~]# su - ldapuser2 [ldapuser2@station140 ~]$ [ldapuser2@station140 ~]$ -rw,soft,intr station215.example.com:/rhome/station2/ldapuser /etc/auto.misc

[ OK ] [ OK ]