The final Internet protocol tag that you need to look at is CFlDAP. This tag is used to interact with servers running the Lightweight Directory Access Protocol, also known as LDAP. LDAP is emerging as the standard for storing and disseminating structured directories of information, such as information about corporate employees or information about the nodes on a computer network. Common applications include Internet whitepages systems and corporate-employee and user-account management systems. In this chapter, you willieam what LDAP is and then take a quick look at the CFLDAP tag and how it can be used. Finally, you will create a concrete example in which to develop a template for issuing a query to an LDAP server and displaying the results.
LDAP is an Internet protocol for storing and sharing structured directories of information, As LDAP has grown in popularity and companies such.as Netscape have developed commercial-grade, manageable, LDAP-server software, the applications of this protocol
have increasingly diversified. LDAP is being used to replace OS-specific user databases and authentication systems and to build employee directories; it also provides a tool for information systems departments to track and manage all hardware and software deployed QJl a network, and much more.
At the center of LDAP is the’ directory. Therefore, you need to start by understanding what a directory is.
Directories are databases designed to be read far more often then they are updated. Accordingly, LDAP servers are optimized to provide quick response time when faced with high volumes of lookup.
Technically, there is no limitation on the type of information that can be stored in an LDAP directory. The real issue is how data is structured. .- Structurally, directories contain entries, and individual entries are collections of attributes. Each entry has a name, referred to as the distinguished name, which provides a unique, unambiguous way in which to refer to anentry in the directory.
The information in a directory is arranged in a hierarchical tree. These trees are arranged in a structure reflecting political, geographic, or organizational divisions. In fact, individual organizational directories can be seen as fitting into a larger global directory, parts of.which are publicly accessible and parts of which have limited access . For instance a simplified image of a global directory structure. In this example, Sybex may not want its segment of the tree made public, so it runs a private directory server that cannot be accessed from outside the organization whereas Juxta Publishing takes the reverse approach, making its directory information publicly accessible.
Individual entries in the directory tree are referenced by a distinguished name in the form of an attribute-value pair written as attri bute=va 1ue. At different levels of the hierarchy, different attributes serve as the distinguished name of an entry. At the Oountry level, the country attribute, referred to by the attribute name c, is the entry name and takes the form c-US or c-GB. Similarly, at the organization level, the organization attribute named is the entry name, as in 0-Juxta Publishing or o=Sybex Public sharing the simple directory tree you just looked at with the names of the entries identified by their attribute-value pairs.
Building a Distinguished Name
As mentioned earlier, each entry in a directory can be referenced by a unique name known as the distinguished name. This is not simply the entry name we just discussed. After all, there might be a Juxta Publishing in more than one country, which means there is no guarantee that o=Jux ta Public sharing is a unique identifier for the organization .Instead, the distinguished name of an entry is built by taking the name of the entry in question and adding the names of its ancestors back up to the root, all separated by commas.
For instance, in the tree shown in Figure 25.2, the distinguished name of Arman Danesh
Searching a Directory
The process of searching a directory is as follows:
1. Specify the sub-tree to be searched.
2. Specify a search using an information filter.
For example, suppose you wanted to search the Juxta Publishing sub-tree for an employee named Arman Danesh. Youwould specify o=Juxt a Public sharing as the top of the sub-tree to be searched and indicate that the search should look for entries with Arman Danesh in their name .
Using Public LDAP Seniers
Several Internet white pages and person directories operate public LDAP servers that can be queried from anywhere on the Internet. The following list is a selection of these directories:
Later in this chapter, you will work with the Four11 server in an example.