P. 1
Assignment No1 LDAP

Assignment No1 LDAP

|Views: 123|Likes:
Published by inayyer

More info:

Published by: inayyer on Nov 18, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Advanced Operating Systems

Assignment No.1 By Imran Nayyer Roll # 1433 Ms (CS) 1st Topic: LDAP

3: Describe at least six differences between directories and databases.Question No. the directory is most likely to perform better than the database in terms of processing a query for the telephone . Traditional databases have been designed and optimized for both query and update operations on data and are designed to handle highly complex data. Thus the lightweightness of LDAP comes from it being a simple protocol handling simple data. in an LDAP directory there can be one attribute with the name telephone number but with multiple values. for example. say one work number and a second cell phone number? 2: In a traditional database. making it more efficient and easier to implement than DAP.2: What is LDAP? Answer: The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying data of directory services implemented in Internet Protocol (IP) networks. there could be two fields with the same name telephone number.500 DAP. as opposed to LDAP. leaving out many of the lesser-used features. This difference is explicit on the following counts: 1: Databases usually have only fields with unique names within a record. this is solved by representing the numbers as a separate telephone number table with the employee ids used to relate them to a particular employee. It runs directly over TCP. an employee record has one field with the name telephone number. Further. Answer: LDAP was designed and optimized to handle simple data. This is not the case with an LDAP directory. In such a situation. and there is one and only one field with this name as far as the record is concerned. which once written.1: What does LDAP stands for? Answer: LDAP stands for Lightweight Directory Access Protocol. an employee record in a database may have a field named telephone number. traditional databases have been built for transaction integrity and consistency. which is essentially a text-based directory storage system. This is not really a priority for LDAP where the data is most often read than written. The way a directory organizes data is considerably different from how a traditional database organizes it. one representing the work number and the other representing the mobile number. For example. Question No. will seldom be modified. Question No. and makes several simplifications to full X. LDAP uses primitive string encodings for most data elements. So what if an employee has two telephone numbers. However.

be eminently suitable for maintaining details of the bank branches. Such a fluid scheme is one of the reasons that queries are processed very fast in a LDAP directory. as noted above. LDAP provides a remote and local data access method that is standardized.numbers of an employee. To illustrate: LDAP would NOT be suitable for maintaining banking transaction records since.though even here there are signs that LDAP implementations are looking at such capabilities... So why use LDAP? Here is our list of key characteristics which make the (currently) high level of pain worthwhile. RDBMS systems provide local access standards such as SQL but remote interfaces tend to be proprietary.unless you update a highly indexed attribute on every operation . It does implicitly ignore the use of Directories for transaction processing . they change on every access (transaction). by their nature. It is thus possible to replace the LDAP implementation completely without affecting the external interface to the data. The above definition focuses exclusively on the standard nature of LDAP data access and does not consider the ratio of reads to writes which. 4: Visibility of Data Organization 5: Data Synchronization 6: So what are LDAP (Directory) advantages and why would any sane human being use a directory? Before attempting to answer the question let's dismiss the tactical issue of performance. will depend on the number of operational indices maintained. LDAP would. employees etc. By using referral methods LDAP data can be moved to alternate LDAP servers by changing operation parameters only. however. the type of data that would normally be stored in an LDAP service would not be expected to change on every access. LDAP systems can be operationally configured to replicate data to one or more application without adding either code or changing the external access to that data. LDAP provides a method whereby data may be moved (delegated) to multiple locations without affecting any external access to that data. In general RDBMS systems are still significantly faster than LDAP implementations. assuming you compare like with like. Because LDAP uses standardized data access methods Clients and Servers may be sourced (or developed) independently.in which case you deserve everything you (don't) get. 3: LDAP is characterized as a 'write-once-read-many-times' service. That is to say. (a measured network initiated transaction) the differences will become increasingly non-existent . This is changing with the development of second generation Directory Servers and while it is likely that RDBMS will always remain faster than LDAP the gap is reducing significantly to the point where. hours of opening. .

clients in a single location can access a directory containing information about everybody in the world that is stored by a single directory server. For example. The mail server looks up an internal table to locate the host machine on which the recipient of the message has an account. For example. In fact. and that directory can be replicated at many directory servers. Or. . a distributed and replicated directory might perform better because a read request can be serviced by a nearby server. when the name of a website is typed into a browser. We use white pages directories when we need to find something specific about a person or a business about which we know something distinguishing such as the name of the person or the name of the business. Ideally. there are now quite a few installations where DNS lookup is directory enabled using DNS-toLDAP gateways. When we need to find more general information about a group. clients scattered across the globe can access a directory containing only information about a single department. say we need to find the list of all local merchants who specialize in selling reusable widgets. The scope of information to be stored in a directory is often given as an application requirement. the browser contacts a Domain Name System (DNS) server.Question No. we refer to a yellow pages directory. a distributed directory might be more difficult to maintain because multiple sites. Similarly. A centralized directory may be less available because it is a single point of failure.4: What are three dimensions of a directory and how they are different from each other? Answer: The three dimensions of a directory are 1: scope of information 2: location of clients 3: distribution of servers All are independent of each other. The email client sends a mail message to a mail server. such information can reside in a directory and can be accessed by any client that can speak the protocol of the directory. The distribution of directory servers and the way in which data is partitioned or replicated can often be controlled to affect the performance and availability of the directory. must be kept up-to-date and in running order. However. The DNS server looks up an internal table that maintains a mapping between a DNS name and the IP address of the machine that hosts the web site. possibly under the control of multiple administrators. We use directories when we use e-mail or a web browser. The generic example of a directory would be a telephone directory or an address book. The server returns the mapping to the browser that now talks directly to the web server using its IP address.

” Second. In addition.500 (e. returning either results or errors to the client.5: What is DAP? How is LDAP different from DAP? Answer: LDAP has four key advantages over DAP. the ability to sign operations).500.. in theory). Clients assume a single connection model in which X.500 appears as a single logical directory.500 functional model in two ways. It also leaves out some of the more esoteric and less-oftenused service controls and security features of full X. though X. which have considerable structure leading to encoding/ decoding complexity and size. emulating them via the search operation. Fourth. LDAP frees clients from the burden of chasing referrals. It leaves out the read and list operations. the near universal availability of TCP/IP implementations means that LDAP can run on most systems “out of the box.6: Was LDAP version 2 an internet standard in 1998? Is it now? Answer: Yes LDAP version 2 was an Internet standard in 1998 and it is still an internet standard. The datastore is hidden from the clients since the server knows how to retrieve information from the datastore and present it to the clients in a common format. First. .1 and BER [12].500 uses a complex and highly-structured encoding even for simple data elements. The actual data is stored in a datastore (usually a database). LDAP relegates the knowledge of a value’s syntax to the application program rather than lower level protocol routines. The LDAP server is responsible for chasing down any referrals returned by X. This encoding is a big win for distinguished names. X. it runs directly over TCP (or other reliable transport. LDAP simplifies the X.500 and LDAP both describe and encode protocol elements using ASN. LDAP uses string encodings for distinguished names and data elements. eliminating much of the connection set-up and packet-handling overhead of the OSI session and presentation layers required by DAP. Third. Question No. LDAP data elements are string types. This simplifies LDAP implementations.Question No.7: What is stand alone LDAP server? Answer: LDAP server is the server that LDAP clients interact with to obtain directory information. Question No.g.

. This is accomplished by specifying the projected user profile distinguished name (DN) for the bind DN and the correct i5/OS™ user profile password for authentication. or! (Os400-gid=0). two LDAP server controls are now provided. which is a group profile. You can retrieve all attributes of a user profile except the password and similar attributes. These controls can be specified on the LDAP delete operation. You can specify the object class. 6: ModRDN You cannot rename projected user profiles because this is not supported by the operating system. Answer: The following are the LDAP operations that can be performed using the projected user profiles. The os400-gid attribute is limited to specifying (os400-gid=0). 1: Bind An LDAP client can bind (authenticate) to the LDAP server using a projected user profile. and os400-gid attributes in search filters. which is an individual user profile. For certain filters. Refer to the Delete User Profile (DLTUSRPRF) command for more information about the behavior of these parameters. 3: Compare The LDAP compare operation can be used to compare an attribute value of a projected user profile. However.8: Describe six types of operations that LDAP defines on directory entries. 5: Delete User profiles can be deleted using the LDAP delete operation. 4: Add and modify You can create user profiles using the LDAP add operation and you can also modify user profiles using the LDAP modify operation.Question No. os400-profile. subsequent searches can be conducted to return more detailed information. The os400-profile attribute supports wildcards. only the DN object class and os400-profile values are returned. The os400-aut and os400-docpwd attributes cannot be compared. To specify the behavior of the DLTUSRPRF OWNOBJOPT and PGPOPT parameters. 2: Search The system projected backend supports some basic search filters.

wow.9: Name and briefly summarize the four models on which LDAP is based. search. 3: Functional Model When you read. in a very fine-grained manner. . we reference security implications in the text. write or modify the LDAP you are using the Functional Model . which can do what to what data. 4: Security Model You can control. Answer: 1: Information Model We tend to use the term Data Model. To begin with .Question No. We progressively introduce the concepts and have dedicated a specific chapter to it. Where you cannot retro-fit. dc=com' stuff that you stumble across in LDAP systems. 2: Naming Model This defines all that 'dc=example.this may. in our view a more intuitive and understandable term.forget security. The Data (or Informational) Model defines how the information or data is represented in an LDAP enabled system . We stick pretty much to the specifications here because the terms are so widely used. This is complex but powerful stuff. You can always go back and retro-fit security in LDAP. be the way the data is actually stored as explained above. or may NOT.

No material has been copied from any other student. References: http://www.com/Authoring/Languages/PHP/Pro/prophp1_2.wdvl.wdvl.com/books/ldap/ch2/ http://en.html http://www.html http://www.com/Authoring/Languages/PHP/Pro/prophp1_4.Note: The information provided in this assignment is 100% my own search from the following links below.zytrax.wikipedia.org/wiki/LDAP .

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->