LDAP programming management and integration

Free Download

Authors:

ISBN: 1930110405, 9781930110403

Size: 3 MB (3391769 bytes)

Pages: 352/352

File format:

Language:

Publishing Year:

Category:

Clayton Donley1930110405, 9781930110403

Focusing on the practical application of the Lightweight Directory Access Protocol, this tutorial is geared toward IS professionals and software developers who are responsible for getting the maximum potential from their directories by integrating them with existing processes and applications. As the Internet standard for directory services, LDAP is accepted as a critical service and is poised to become an important means of remote information access. Numerous examples demonstrate the best techniques for managing directory data in a network environment. Fundamentals of LDAP design and integration with applications, including messaging, XML, and security services, are provided with examples in Java.

Table of contents :
contents……Page 5
preface……Page 11
Who am I, and what’s my motivation?……Page 12
Lessons learned, and this book’s focus……Page 13
Configuration is trivial; management is complex……Page 14
acknowledgments……Page 15
about this book……Page 16
author online……Page 17
Code conventions……Page 18
Directory server vendors……Page 19
LDAP Perl modules……Page 20
DSML/XML……Page 21
about the cover illustration……Page 22
Fundamental LDAP concepts……Page 23
Introduction to LDAP……Page 25
1.1.2 LDAP and directory services……Page 26
1.1.3 Other directory services……Page 27
1.2.2 LDAP is not a file system for very large objects……Page 29
1.2.4 LDAP is not useful without applications……Page 31
1.3.1 White pages……Page 32
1.3.2 Authentication and authorization……Page 34
1.3.3 Personalization……Page 35
1.3.5 Public Key Infrastructure……Page 36
1.4.1 X.500 and DAP……Page 37
1.4.2 A new standard is born……Page 38
1.4.3 LDAP goes solo……Page 39
1.5 LDAP revisions and other standards……Page 40
1.5.1 Replication and access control……Page 41
1.5.2 Directory Enabled Networking……Page 43
1.5.3 XML and directories……Page 44
1.6 Directory management……Page 45
1.7 Directory integration……Page 46
1.7.1 Integration via metadirectories……Page 49
1.8 Integration and federation via virtual directory technology……Page 52
1.9 Why this book?……Page 53
1.10 Summary……Page 54
Understanding the LDAP information model……Page 56
2.1.1 Entries……Page 57
2.1.3 LDAP entries vs. database records……Page 58
2.2.1 Standard LDAP schema……Page 59
2.3.1 Defining attribute types……Page 61
2.3.2 Syntax definitions……Page 62
2.3.3 Matching rules for attributes……Page 63
2.3.4 Support for multiple values……Page 65
2.3.5 Inheritance……Page 66
2.3.7 Variables in Java, Perl, and C……Page 67
2.4.1 Defining object classes……Page 68
2.4.3 Object class inheritance……Page 69
2.4.5 Object class types……Page 70
2.4.6 LDAP object classes and Java or C++ classes……Page 72
2.5.2 Modeling relationships……Page 73
2.5.3 Modeling object instances……Page 75
2.6 Summary……Page 76
Exploring the LDAP namespace……Page 77
3.1 What is a namespace?……Page 78
3.1.1 Hierarchical namespaces……Page 79
3.2 Specifying distinguished names……Page 81
3.2.1 Choosing a relative distinguished name attribute……Page 82
3.2.2 Determining the base……Page 84
3.3.1 Traditional style of assigning the root name context……Page 86
3.4 Selecting and designing a directory tree……Page 87
3.4.1 Intranet directories……Page 88
3.4.2 Internet directories……Page 91
3.4.3 Extranet directories……Page 93
3.5 Summary……Page 96
Search criteria……Page 97
4.2.1 Search base……Page 98
4.2.2 Search scope……Page 99
4.3 What to evaluate: search filters……Page 100
4.3.1 Presence filters……Page 101
4.3.2 Exact equality filters……Page 102
4.3.3 Substring matching……Page 103
4.3.4 Ordered matching (greater than/less than)……Page 105
4.3.6 Multiple filters: AND and OR operators……Page 106
4.3.8 Extensible searching and matching rules……Page 108
4.5 LDAP search criteria vs. SQL queries……Page 109
4.6 Increasing search performance……Page 110
4.7 Summary……Page 111
Exchanging directory information……Page 112
5.1 Representing directory information outside the directory……Page 113
5.2.1 Expressing entries in basic LDIF……Page 114
5.2.2 Writing LDAP changes as LDIF……Page 116
5.2.3 Representing schemas in LDIF……Page 117
5.3.1 Why use DSML?……Page 118
5.3.3 A DSML example……Page 120
5.3.4 Handling binary values in DSML entries……Page 121
5.4.1 DSML object classes……Page 122
5.4.2 DSML attribute types……Page 123
5.5.1 Converting DSML to HTML using XSLT……Page 124
5.6 Summary……Page 126
LDAP management……Page 127
Accessing LDAP directories with Perl……Page 129
6.1 LDAP access from Perl……Page 130
6.2.2 Opening a connection……Page 131
6.2.3 Binding to the directory……Page 132
6.3.1 Performing a search……Page 133
6.3.2 Understanding search scopes……Page 135
6.3.5 Limiting attribute retrieval……Page 137
6.4.1 Updating an entry……Page 138
6.4.4 Renaming an entry……Page 139
6.5 Comparing entries……Page 140
6.7 Support for encrypted/SSL connections……Page 141
6.8 Summary……Page 142
Managing directory entries, groups, and accounts……Page 143
7.2.1 Centralized administration……Page 144
7.2.2 Distributed administration……Page 146
7.2.3 User self-administration/self-service……Page 147
7.3 Creating people entries……Page 148
7.3.1 People entries via a web form……Page 149
7.3.2 People entries based on existing data……Page 152
7.4 Creating and maintaining groups……Page 156
7.4.1 Explicit groups……Page 157
7.5 Representing and managing account information……Page 158
7.5.1 Unix user accounts……Page 159
7.5.2 Linking Unix accounts to people……Page 163
7.6.2 DNS information……Page 164
7.7 Summary……Page 165
Synchronizing LDAP information……Page 166
8.1.1 Replication……Page 167
8.2 Data flow analysis……Page 168
8.2.2 Determining the authoritative source……Page 169
8.2.3 Data transformation……Page 170
8.2.4 Namespace translation……Page 171
8.3.1 LDAP Data Interchange Format……Page 172
8.3.2 Directory Services Markup Language……Page 173
8.4.1 Migrating a simple table……Page 174
8.4.2 Migrating from multiple sources……Page 176
8.4.3 Adding new information to existing entries……Page 179
8.5.1 Multikey matches……Page 181
8.5.2 Fuzzy matching……Page 182
8.6.1 Synchronization to LDAP……Page 184
8.6.2 Synchronization from LDAP……Page 185
8.6.3 Bidirectional synchronization……Page 188
8.7 Summary……Page 189
Accessing operational information in LDAP……Page 190
9.1.1 Retrieving available root naming contexts……Page 191
9.1.2 Extracting object class information……Page 192
9.1.3 Getting attribute type details……Page 196
9.2.2 Reading the monitor information……Page 200
9.2.3 Polling the monitor entry……Page 202
9.3 Testing replication……Page 203
9.4 Summary……Page 206
DSML: getting under the hood……Page 207
10.1.2 A simple XML parser handler……Page 208
10.1.3 Parsing a simple document……Page 210
10.1.4 PerlSAX’s built-in error checking……Page 211
10.2 Parsing DSML into a Perl object……Page 212
10.2.1 Beginnings of a useful DSML parser handler……Page 214
10.2.2 Handling elements in the DSML file……Page 215
10.2.5 Invoking the SAX parser using DSMLHandler……Page 216
10.3.1 Writing directory entries……Page 218
10.3.3 Conversion example for object classes……Page 221
10.3.4 Converting attribute types……Page 226
10.4 Using Perl to convert DSML with XSLT……Page 230
10.4.1 Converting DSML to HTML……Page 231
10.5 Summary……Page 233
Application integration……Page 235
Accessing LDAP directories with JNDI……Page 237
11.2 JNDI architecture……Page 238
11.3 JNDI operations: the DirContext class……Page 239
11.3.3 Binding to the directory……Page 240
11.3.4 A reusable LDAP connection handler……Page 241
11.4 Searching with JNDI……Page 242
11.4.1 Abstracting the entry……Page 243
11.4.2 A search class……Page 245
11.5.1 A simple add example……Page 248
11.5.2 A generalized add example……Page 249
11.6.1 Modifying entries……Page 251
11.6.2 Deleting entries……Page 252
11.6.3 Renaming entries……Page 253
11.7 Summary……Page 254
Java programming with DSML……Page 255
12.1 Writing DSML with Java……Page 256
12.2 DSML with JNDI……Page 257
12.2.1 Automatic DSML output from LDAP URLs……Page 258
12.3 Working with schemas in DSML……Page 259
12.3.1 Reading schemas with SAX……Page 260
12.3.2 Designing a basic SAX handler……Page 262
12.4 Transformation with XSLT in Java……Page 266
12.5 Enhancements with DSMLv2……Page 270
12.5.2 Creating DSMLv2 SOAP requests……Page 271
12.6 Summary……Page 274
Application security and directory services……Page 275
13.1.1 What is security?……Page 276
13.1.2 How LDAP provides security……Page 278
13.2.1 Preshared secret keys……Page 281
13.2.2 Public/private key pairs……Page 283
13.3 Using digital certificates……Page 284
13.3.1 Creating a digital certificate in Java……Page 285
13.3.2 Storing and distributing digital certificates……Page 286
13.4.1 Understanding access control rules……Page 290
13.4.3 Application authorization……Page 291
13.5 Encrypting LDAP sessions using JNDI and SSL……Page 292
13.6 Summary……Page 293
alias……Page 295
device……Page 296
groupOfNames……Page 297
organization……Page 298
organizationalRole……Page 299
residentialPerson……Page 300
top……Page 301
attributeTypes……Page 302
cACertificate……Page 303
createTimestamp……Page 304
dITStructureRules……Page 305
destinationIndicator……Page 306
dnQualifier……Page 307
enhancedSearchGuide……Page 308
houseIdentifier……Page 309
l……Page 310
member……Page 311
name……Page 312
objectClass……Page 313
physicalDeliveryOfficeName……Page 314
postOfficeBox……Page 315
protocolInformation……Page 316
seeAlso……Page 317
street……Page 318
supportedControl……Page 319
telephoneNumber……Page 320
uniqueMember……Page 321
userSMIMECertificate……Page 322
x500UniqueIdentifier……Page 323
B.1.2 The Entry class……Page 324
B.2 Examples from chapter 7: entry management……Page 325
B.3 Examples from chapter 8: migration and synchronization……Page 328
B.4 Examples from chapter 9: server management and monitoring……Page 332
B.5.1 Rebinding to another server……Page 335
B.5.3 Copying and moving attributes……Page 336
B.5.4 Forcing a change……Page 337
index……Page 339

Reviews

There are no reviews yet.

Be the first to review “LDAP programming management and integration”
Shopping Cart
Scroll to Top