LDAP Synchronization

LDAP Basics

LDAP is the abbreviation of Lightweight Directory Access Protocol, a set of protocols for accessing information directories. It allows quick, efficient searches of directory services. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler. Built around Internet technologies, LDAP makes it possible to easily update and query directory services over standard TCP/IP connections, and includes a host of powerful features, including security, access control, data replication and support for Unicode.

LDAP is especially useful for “single sign on” where one password for a user is shared between many services.

Communication with LDAP Server

Directories are usually accessed using the client/server model of communication. LDAP servers index all the data in their entries and “filters” may be used to select just the person or group requested, and return just the requested information.

Schema

The contents of the entries of a directory are organized in a tree. The entries in a subtree are structured by a schema.

The schema defines object classes. Each entry must have an objectClass attribute, containing named classes defined in the schema. The object class definitions list which attributes are obligatory and which are optional. For example, an entry representing a person might belong to the classes “top” and “person”. Membership in the “person” class would require the entry to contain the “sn” (surename) and “cn” (common name) attributes, and allow the entry also to contain “userPassword”, “telephoneNumber”, and other attributes. The schema is relevant for queries to the LDAP server that have to be specified in the LDAP configuration in Stages.