Embed Size (px)
DESCRIPTION
Namespace Can be meaningful or meaningless inside and outside of the directory Meaningful uid=jdoe,dc=acme,dc=com jdoe is meaningful, it describes a user Meaningless Randomly Generated number Specific to directory
Citation preview
LDAP Namespace
CNS 4650Fall 2004
Rev. 2
What is a namespace?
• Different from XML, C++, Java, etc.• Names permitted and used in a
directory• Can include (and usually) connected
and potentially connected directories• Usually defined on initial configuration
of LDAP server
Namespace
• Can be meaningful or meaningless inside and outside of the directory
• Meaningful• uid=jdoe,dc=acme,dc=com
• jdoe is meaningful, it describes a user
• Meaningless• Randomly Generated number
• Specific to directory
Names in LDAP
• Every object name must be unique• Not just user objects!
• Uniqueness is based upon placement in directory
Hierarchical Namespace
• Names are hierarchical• Name relative to
location in directory• Only portion of name
unique under common parent entry
• Different from flat namespace
DIT Functions
• Allows namespace to be unique across enterprises
• Can be distributed• Facilitates security
DIT Functions
• Allows namespace to be unique across enterprises
• Can be distributed• Facilitates security
Distinguished Names
• Fully qualified name of an LDAP object• Two pieces
• RDN (Relative Distinguished Name)• The base
• Similar to a primary key in database terminology
• Example: uid=jdoe,dc=acme,dc=com
Relative Distinguished Name
• RDN is one of the attributes of the object• cn, uid
• Best choice is a unique and unchanging attribute
• Attribute that every object contains• Multivalued RDNs
• uid=jdoe+ou=Sales• Examples: uid=jdoe, cn=John, cn=John Doe
The base
• Parents containers of objects• Objects cannot exist without parents• Parent containers are also objects or valid
entries• Pieces of DN are separated by commas• Whitespace before or after commas does not
matter• Examples: dc=acme,dc=com dc=acme,
dc=com ou=sales,dc=acme,dc=com
Build Namespace
• Walk name or tree in reverse
• LDAP and X.500 are opposite
Examples (LDAP and X.500)
• LDAP• uid=jdoe,ou=engr,dc=acme,dc=com• cn=printer,ou=sales,dc=acme,dc=com
• X.500• o=com,ou=acme,ou=engr,uid=jdoe• o=com,ou=acme,ou=sales,cn=printer
Root Namespace
• Traditional• Organizational,
Organizational Unit• “o”, “ou”
• Domain Component• DNS name parsed
• “dc”
Root Namespace
• Traditional• Organizational,
Organizational Unit• “o”, “ou”
• Domain Component• DNS name parsed
• “dc”
