Source: Keyword Positions
What ldap that?
LDAP (Lightweight Directory Access Protocol) that is lightweight directory access protocol, providing information services. What is a directory service that it?
A directory service is a special kind of database system that has been specifically optimized for specific read, browse and search operations. Directory is generally used, the filtration capacity containing descriptive attribute-based information and support intricate. Contents generally do not support a common database operations required for operating a large number of complex update or rollback transaction management strategy.
LDAP directory information is organized in accordance with a tree structure, an entry (entry) in the data structure stored in the specific information. Record table entry corresponding to the relational database; entries having a distinguished name DN (Distinguished Name) attribute (Attribute), DN is used to reference entries, DN, corresponding to the relational database table key (Primary Key). By the attribute type (Type) and one or more values (Values) composition, corresponds to the relational database fields (Field) of field names and data types, for convenience only need to retrieve, LDAP may be a plurality of Type Value rather than a relational database for each domain to reduce data redundancy requirements to be implemented is irrelevant. LDAP entries tissue generally organized by geographical and organizational relationships, very intuitive. LDAP data stored in the file in order to improve efficiency can be used based on the index file database, rather than a relational database.
Information is stored in an LDAP tree structure, in the general definition of national roots (c = CN) or domain (dc = com), are often define one or more tissue (organization) (o = Acme) at its lower or organizational unit (organizational units) (ou = People).
Each entry will which properties may be supported by object class (objectClass) property to control the value of the property determines the number of rules the entry must be followed, for example, inetorgPerson object classes needed to support sn (surname) and cn (common name ) attribute, but it may also contain optional attributes, such as e-mail, telephone number.
E.g. babs entries on figure:
DN: uid = babs, ou = people, dc = example, dc = com, with respect ou = people, dc = rDN example, dc = com node: uid = babs
ObjectClass:Person
Usually a node with a dn (Distinguished Name) to identify its uniqueness, give a more popular example: cn = Joe Smith, ou = test department, dc = example.com such an expression that is explained, staff is Joe Smith test department, and is example.com employees.
LDAP referred to correspondence
- o: organization (Organization - Company)
- ou: organization unit (OU - Department)
- c: countryName (country)
- dc: domainComponent (domain name)
- sn: suer name (real name)
- cn: common name (common name)
ldap features:
- LDAP structure represented by the tree, rather than form. Because of this, the SQL statement can not be used
- LDAP can quickly get results, but in terms of writing, it is much slower
- LDAP provides a quick query of static data
- Tool Client / server model, Server for storing data, Client provides the operation of the directory information tree
- These tools can be a content database in text format (LDAP Data Interchange Format, LDIF) presented in front of you
- LDAP is an open Internet standard, LDAP protocol is a cross-platform protocol Interent
ldap can you do?
SEO marketing directory server is the most common situation among multiple centralized user management system, such as the company will use the OA, Confluence, gitlab, jira office systems and so on. If every system we need to remember a password account, it is undoubtedly very laborious. User by using the LDAP directory server to manage a plurality of centralized applications, each application through a common LDAP directory server communications protocol, the purpose of centralized management of user information. In fact, many open source projects supported LDAP user authentication (eg SuperSet, Hue, etc.). Directory service can store a variety of information, including personal information, web links, jpeg images. Therefore, many companies use to manage the organization and the users, so a unified identity authentication.
Stepped pit:
At first, Meng new objectclass is usually very ignorant force, he in the end what constraints property, which is to be filled? ? Format does not fill or fill out wrong, an error will be, people just teeth. Following is a brief said under my problems.
Typically, an organization we need to hang in a certain node, we need to provide the following two objectclass will be able to:
objectclass: top objectclass: organizationalUnit
The top is organizationalUnit parent. Therefore organizationalUnit can have all the attributes of top, note, ou attribute Required
Usually we put a man hanging in a node, the following constraints:
objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson
Baidu keyword ranking seo more than four classes, from bottom to top as inheritance, please note: sn and cn two properties is required.