Index
A
abstract
object class type 48
access control
standardization 19
access control lists
and operational attributes 87
access control rules 58
general concepts 268
access controls
proprietary functionality available 269
access management products 269
account information
in LDAP 136
object class issues 137
accounts
association with people 122
joining 159
linking to people 141
vs. people 136
Active Directory xx
Alternative Name Lookup (ANL) 157
auxiliary class support 50
multivalued attributes as RDNs 61?62
naming limitations 62
renaming entries 231
renaming nonleaf nodes 62
restrictions on root naming context 65
support for inetOrgPerson 38
support for syntaxes 41
Active State Perl
getting required module xxi
add change type
in LDIF 94
add()
method in Net::LDAP 117
method in Net::LDAP::Entry 130
adding new entries
in Net::LDAP 117
administration
scaling 124
administrative user
need to authenticate 134
alias object class 273
aliasedObjectName attribute 280
altServer attribute 280
ambiguity
and searching 81
American National Standards Institute (ANSI) 40
AND (&) operator 84
anonymous
access using Net::LDAP 110
Apache AXIS 250
ASN.1 264
asynchronous operations
and Net::LDAP 109
attribute
ability to have multiple names 176
attribute retrieval
limiting in Net 115
attribute return list 87
attribute syntax
impact on search 80
attribute types 36
converting to DSML 204
defining 39
inheritance 44
listing details from server 174
multiple values for 43
naming 39
representing in DSML 101
representing in LDIF 95
user modification of 45
attribute values 36
unordered nature of 43
Attributes
of XML element 187
attributes 36
adding multiple values in JNDI 228
LDAP vs. XML 99
limiting return in Net::LDAP 113
limiting return in search 87
attributes (continued)
object class 47, 51
representing in DSML 99
required vs. optional in DSML definition 101
returning without values in Net::LDAP 116
updating in Net::LDAP 116
writing in DSML 202
attributetypes
special server attribute 176
attributeTypes attribute 280
audit trails 23
authentication 254
applications using LDAP 257
defined 12
use of exact searching 81
using Net 110
authoritative source 147
finding in a complex environment 148
handling in bidirectional synchronization 167
authorityRevocationList attribute 281
authorization 254
directory-based in applications 269
in the directory 269
auxiliary
object class type 49
availability 254
B
base
using scope in Perl 183
base scope
to retrieve server information 170
using in Net::LDAP 113
Base64 151
and binary values in LDIF 92
encoding binary values with 93
encoding values in DSML 100
handling with Net::LDAP 112
Basic Encoding Rules 264
BasicAttribute
JNDI class 226, 228
bidirectional synchronization 166
Binary
syntax defined 40
binary values
handling in JNDI 225
and LDIF 92
bind()
in Net::LDAP 110
binding
with Net::LDAP 110
requirements for directory modification 116
role in authentication 257
businessCategory attribute 281
C
c attribute 281
cACertificate attribute 281
card catalog information
managing in LDAP 143
carLicense attribute 282
caseIgnoreOrderingMatch 42
centralized administration 122
certificate
syntax defined 40
certificate authorities 65
certificate revocation list 15
certificateRevocationList attribute 282
certificates
storage using LDAP 259
use with Net::LDAP 120
certificationAuthority object class 274
CGI
Perl module 127
change log keeping to aid synchronization 162
change time stamps
and operational attributes 87
changetype
LDIF flag 94
character() 188
close() method
on DirContext class 218
cn attribute 282
cn=monitor
special entry 178
command-line tools
getting xx
Common Information Model (CIM) 21?22, 56
common name
deriving 129
compare operation 118
drawbacks when checking passwords 260
compare()
method in Net::LDAP 118
concurrent connections
finding on server 179
connections
issues with reusing 220
pooling for performance 89
country object class 274
create a user 130
createSubcontext()
method on DirContext 227
createTimestamp attribute 282
in DSML 208
creatorsName attribute 283
credentials
switching on open connection with Net::LDAP 110
cRLDistributionPoint object class 274
crossCertificatePair attribute 283
crypt-style passwords 133
CSV
database interchange format 91
D
database records
comparison to LDAP entries 36
databases
mapping to LDAP namespace 149
migrating to LDAP 152
delegated administration 124
relation to directory tree design 67
deleted entries
handling in synchronization 166
in Net::LDAP 117
non-leaf entries 117
with children 230
deltaRevocationList attribute 284
departmentNumber attribute 284
description attribute 284
destinationIndicator attribute 284
destroySubcontext()
method of DirContext 231
device object class 274
digital certificate 65, 262
associating with directory information 267
defined 14
distributing with directories 264
expiration 267
exporting and publishing to directory 265
issues requiring directories 262
revocation 267
self-signing in Java 263
signing 262
submitting to certificate authority for signing 264
writing in LDIF 93
DirContext 217
initializing with SSL 270
using to manipulate entries 229
Directory
management 32
servers 4
services 4
String syntax 40
directory 4
Directory Access Protocol 15
Directory Enabled Networking (DEN) 21, 38
management of LDAP information 143
directory entries
representing as DSML 99
writing as DSML 196
directory information tree (DIT) 57
See also directory tree
directory operations
in DSMLv2 100
directory schemas
defining with DSML 100
Directory Services Markup Language. See DSML
directory tree
and accounts 140
considerations for synchronization 150
design 65
divided for self-management 126
flat vs. hierarchical 66
directory tree design
extranets 71
flat 67
geographic 68
handling external users 69
handling groups of external people 70
handling partners 72
internal and external users 72?73
Internet 69
intranets 66
organization-based 66
partner segmentation 72?73
segmenting application data 70
Directory-enabled applications 32
displayName attribute 285
Distinguished Encoding Rules 264
distinguished name 36
as bind argument 110
base 59, 62
constructing in migration 153
defined 59
finding with search 118
generating 63
limitation on searching 80
representation in LDIF 92
returned in search 87
and search results 87
use in application authorization 269
distinguishedName attribute 285
distributed administration 124
and LDAP namespace 125
distributed management 68
Distributed Management Task Force (DMTF)
standard schema 38
dITContentRules attribute 283
dITStructureRules attribute 283
dmd object class 275
dmdName attribute 285
dnQualifier attribute 285
DNS
administrative model 126
managing information in LDAP 142
naming compared to LDAP 58
document checking
limitation with PerlSAX 190
Document Object Model 186, 196, 237
strengths 238
Domain Name Service
administrative model 125
Domain Name Service. See DNS
DSML 91, 151
binary attributes 99
comparison to LDIF 96
converting to HTML 102
generating 196
generating automatically in Java 236
introduced 96
introduction 22
representing directory schema 100
representing entry changes in 100
transmitting over SOAP 249
use with general-purpose tools 97
using with JNDI 235
version 2 enhancements 91
writing attribute types 101
writing in Java 234
writing object classes 100
DSML JNDI provider 237
dsml:addRequest
DSMLv2 element 249
dsml:attr
DSML element 198
dsml:attribute-type
DSML schema element 207
dsml:class
DSML element 203
dsml:description
DSML element 203
dsml:directory-entries 99
dsml:directory-schema
DSML element 201
dsml:dsml-entries
DSML tag 198
dsml:entry
DSML element 198
dsml:name
DSML schema element 203
dsml:objectclass
DSML element 198
dsml:object-identifier
DSML schema element 203
dsml:oc-value
DSML element 194, 198
dsml:single-value
DSML schema element 208
dsml:user-modification
DSML schema element 208
dsml:value
DSML element 194
DSML tag 198
DSMLEntry
example Java class 234
DSMLHandler
using 194
XML handler class 192
DSMLSOAPAdd
DSMLv2 request 250
DSMLv2
creating requests in JNDI 252
enhancements since DSMLv1 248
operations 248
provider 252
SOAP requests 249
standards 98
dynamic groups 136
creating with LDAP URL 136
dynamic objects
storage in LDAP 9
E
elements
in DSML 99
email
attributes required to route 115
email address
as unique key 159
email delivery 15
email relaying
use of LDAP filters 81
employeeNumber attribute 286
employeeType attribute 286
using to maintain account status 166
encryption 119
encryption algorithm
determining 260
end_element() 188, 193
enhancedSearchGuide attribute 286
entries 35, 47, 54
adding in JNDI 226
adding new in Net::LDAP 117
comparing in Net::LDAP 118
creating 62
deleting in Net::LDAP 117
names 57
renaming in Net::LDAP 117
Entry
example JNDI class 222
entry changes 92
entry names
whitespace 62
EQUALITY
attribute type definition keyword 177
error checking
handling in Net::LDAP 119
in XML with PerlSAX 189
existing information
using to populate directory 134
explicit groups 135
Extensible Markup Language. See XML
extensible searching 86
Extensible Stylesheet Language Transformations. See XSLT
extensibleObject object class 275
extranet
fit with distributed administration 124
importance of distributed administration 23
problems with central administration 123
F
facsimileTelephoneNumber attribute 287
federation 30
file system
why not use LDAP 7
filter
relation to scope and base 79
fuzzy matching 160
G
generationQualifier attribute 287
getID()
method on Attributes class 225
givenName attribute 287
graphical applications
and one-level scope 78
groupOfNames object class 275
groupOfUniqueNames object class 135, 276
groupOfURLs
dynamic group object class 136
groups
creating and maintaining 134
H
handlers
creating for PerlSAX 186
hasMore()
method on NamingEnumeration 221
houseIdentifier attribute 287
HTML 102
converting DSML into 208
I
IBM LDAP provider for JNDI 217
identity reuse 12
indexing
importance in tuning servers 88
to boost performance 89
inetOrgPerson object
class 38, 276
information model 35
inheritance
generalization 44, 53
modelling in UML 53
object class 47
specialization 44, 47, 53
initial substring search 82
INITIAL_CONTEXT_
FACTORY 217
initials attribute 288
integerOrderingMatch 42
integrity 254
internationalISDNNumber attribute 288
Internet
and importance of self-service 125
Internet Engineering Task Force 38, 145
and the LDIF standard 92
standard for posix account storage 137
intranets
administration 125
J
Java
comparing attribute types to variables 45
comparing classes to LDAP 50
Java Cryptography Extensions 264
Java Naming and Directory Interface. See JNDI
Java Secure Socket Extension 270
Java servlet
example displaying DSML as HTML 245
JNDI xxi, 216
and DSMLv2 252
architecture 216
basic example 11
benefits 216
binding to the directory 218
and certificate storage 265
closing a connection 218
operations 217
providers 217
searching with 220
using with DSML 235
join
metadirectory functionality 28
joining information
using multiple keys 159
without an exact key 160
jpegPhoto attribute 288
K
Kerberos 261
keytool
standard Java tool 263
L
l attribute 288
LDAP
and security 256
as authentication service 256?257
encrypting session in Java 270
use in storing digital certificates 264
LDAP Data Interchange Format. See LDIF
LDAP entries
creating in Perl 129
generating in DSML 198
LDAP Java SDK
comparison to JNDI 216
LDAP URLs 136
generating DSML output from 236
LDAPConnection
example class 220
ldapmodify
adding LDIF entries with 93
getting xx
LDAPS 270
ldapsearch
getting xx
performing an equality search 80
ldapsearch command
examples 79
greater-than-or-equal-to filter example 83
substring filter examples 82
ldapSyntaxes attribute 289
LDAPv3
emergence of 18
LDIF 91, 150
advantages and disadvantages 96
attribute representation 92
binary attribute values 93
converting from DSML 194
example 79
line wrapping 93
multiple changes 94
printing from Net::LDAP 112
representing changes 94
storing schemas 95
with PerLDAP 303
Lightweight Directory Access Protocol. See LDAP
Lightweight Directory Update Protocol 145
linking accounts
to people 141
locality object class 276
logging in
to LDAP with username 110
M
management applications
impact of design on 73?74
matching rules 41
equality matching 42
greater or less than matching 42
relevance to searching 83
retrieving from server 176
subschema matching 43
substring matching 43
using in search 86
matchingRules attribute 289
matchingRuleUse attribute 289
MAY
object class keyword 173
member attribute 289
metadirectories 27, 145
Microsoft Windows NT
retrieving account information 133
migration 152
combining data 157
to existing directory 157
from multiple sources 154
selecting an RDN 154
moddn()
in Net::LDAP 118
ModificationItem
JNDI class 230
modifiersName attribute 290
modify change type
in LDIF 94
modifyTimestamp attribute 163, 290
monitor distinguished name
retrieving from server 178
monitor entry
content example 178
polling 180
Mozilla xx
Mozilla::LDAP::Conn 302
Mozilla::LDAP::Entry 302
Mozilla::LDAP::LDIF 303
Mozilla::LDAP::Utils 303
multimaster replication 69
and bidirectional synchronization 167
multiple inheritance 48
multivalued attributes
representation in LDIF 92
MUST
object class keyword 173
N
Name
of XML element 187
name attribute 290
nameForms attribute 291
namespace 56
difference from XML namespace 56
hierarchical and flat 57
namespace translation
when doing synchronization 149
namingContext
attribute type 170, 291
NamingEnumeration 221
NamingException
on context initialization 218
Net::LDAP
adding entries from DSML 196
compared to PerLDAP 108
initializing 109
opening a connection 109
retrieving server information with 169
Net::LDAP::Entry 115
change recording 116
creating from
DSML 190, 194
Net::LDAP::LDIF 153
Netscape 17
Netscape Java SDK xxi
Network Information
Service 6, 137
and JNDI 216
NOT (!) operator 86
NO-USER-MODIFICATION
in schema definition 207
Novell
history in directories 6
O
o attribute 291
object classes 46
defining 46
inheritance 47
listing information from server 170
naming 46
representing in DSML 100
standard 38
types 48
writing as DSML 199
writing in LDIF 95
Object IDentifiers 39
for object classes 47
object modeling
classes 51
instances 53
of LDAP schema 51
relationships 51
objectClass attribute 36, 46,
49, 291
using to match any entry 77
objectclasses 46
retrieving in Perl 172
special schema attribute 95
OID 39
one-level scope
using in Net::LDAP 114
Online Certificate Status Protocol 268
Open Database Connectivity (ODBC)
performance vs. LDAP 7
opening a connection
in Perl 175
OpenLDAP xx
operational attributes 87
OR (|) operator 85
ordering matches 83
Organization for the Advancement of Structured Information Standards (OASIS) 98
organization object class 38, 276
organizational boundaries
crossing with DSML 196
organizationalPerson object class 38, 277
organizationalRole object class 277
organizationalUnit object class 278
ou attribute 292
owner
attribute 292
group attribute type 135
P
parentheses
use in search filters 79
when combining search filters 85
parse()
method on PerlSAX 189
parser
instantiating 195
parser handler
for XML in Perl 186
passwd file 133
See also Unix passwd file
passwords
comparing 119
handling over the network 119
initializing via migration 157
people entries
creating 126
performance
for different filter types 81
increasing for searches 88
read vs. write 9
substring searches 83
Perl
comparing attribute types to variables 45
Perl modules
getting xx
Perl XS
and PerLDAP 108
PerLDAP 108, 302
adding and removing DN values 314
copying and moving attributes 314
forcing changes 315
Perl-LDAP module
getting xx
PerlSAX 186
automatic error checking 189
instantiating parser 189
person object class 38, 278
definition 199
personalization 14
physicalDeliveryOfficeName attribute 292
policy information
management in LDAP 142
polling the monitor entry 180
posixAccount
object class 138
postalAddress attribute 293
postalCode attribute 293
postOfficeBox attribute 293
pre-existing data
using to populate directory 126
preferredDeliveryMethod attribute 294
preferredLanguage attribute 294
presentationAddress attribute 294
printLDIF()
method on Net 195
privacy 27, 254
private key 261
protocolInformation attribute 294
provisioning tools 125
public key cryptography
256, 261
Public Key Infrastructure (PKI) 14
public keys
issues with validation 261
R
RDBMS
comparison to 7
differences from LDAP model 88
RDN 59
reading a specific entry 77
rebinding
using PerLDAP 313
reference bind 110
referential integrity
lack of and implication on design 67
referrals
automatic handling in Net::LDAP 116
registeredAddress attribute 295
regular expressions
alternatives when parsing XML 186
and substring filters 82
using to parse RFC-style schema 201
using to parse schema 172
relational database. See RDBMS
relational integrity 118, 232
and groups 135
relative distinguished name
changing in Net 118
defined 59
generating 61
meaning of 60
multivalued attributes in 61
selecting 60
using multiple attributes in 61
why common names shouldn't be used 60
remote procedure calls
with DSMLv2 248
renaming
difficulty with must LDAP servers 117
renaming an entry
in Net::LDAP 117
with JNDI 231
replication 145
LDUP 20
relevance to directory tree design 69
standardization 19
testing 181
reporting languages
LDAP?s lack of 9
residentialPerson object class 278
Revoking compromised certificates 267
RFC 2252, standard schema definition 199
roaming profiles 14
roleOccupant attribute 295
Root Directory Server Entry 76
root entry
using to find monitor entry 178
root naming context
Active Directory restrictions 65
defined 64
listing via LDAP 169
traditional X.500 style 64
using domain components 65
S
SASL. See Simple Authentication and Security Layer
SAX. See Simple API for XML
scalability
of management 58
schema 37
and LDIF 92
converting to DSML from RFC-style 199
importance in information sharing 142
in DSML with SAX and Java 238
standard 37
using in DSML 237
schema changes
using LDIF 95
schema discovery
detecting server capability 175
retrieving from server 170
schema mapping 147
schema storage
in LDIF 95
search base 76
search criteria
defined 76
selecting attributes to return 87
search filters
approximate 84
defined 78
exact equality 80
extensible 86
greater-than or equal to 83
less-than or equal to 83
negating 86
ordered matching 83
presence 79
substring 81
using multiple 84
search results
handling in Net::LDAP 115
search scope 77
base 77
handling in JNDI 225
one-level 77
subtree 78
search()
in Net::LDAP 111
method on DirContext 221
SearchControls
JNDI class 221
searchGuide attribute 295
searching
with Net::LDAP 111
secret keys 259
problems with 260
Secure Sockets Layer 119, 257
security
and self-service 126
centralized user administration 123
defined 254
using groups to facilitate 135
in relation to directory tree 58
relationship to directories 254
risk assessment 255
SECURITY_CREDENTIALS 219
SECURITY_PRINCIPAL 219
seeAlso attribute 295
self-administration 125
self-service 125
serialNumber attribute 296
server
configuration xx
vendors xix
server information
retrieving via LDAP 169
setSearchScope()
on SearchControls class 221
Simple API for XML 185?186
invoking in Perl 194
using to read schemas 238
simple authentication 257
Simple Authentication and
Security Layer (SASL) 20, 119, 257
Simple Object Access Protocol 249
request printing contents 252
single sign-on
and LDAP management 142
SINGLE-VALUE
in schema definition 207
sn attribute 296
Soundex
and approximate matching 84
spreadsheets
migrating to LDAP 152
SQL JOIN
lack of similar concept in LDAP 88
SQL queries
in relation to LDAP searches 87
SQL SELECT 88
st attribute 296
start_element() 187, 193
street attribute 296
strongAuthenticationUser object class 279
structural
object class type 49, 202
stylesheets
and DSML 102
subschema object class 279
subschemaSubentry attribute 297
subtree scope
using in Net::LDAP 114
subtrees, renaming 117
Sun LDAP provider for JNDI 217
Sun One
relational integrity 135
supportedAlgorithms attribute 297
supportedApplicationContext attribute 297
supportedControl attribute 297
supportedExtension attribute 298
supportedLDAPVersion attribute 298
supportedSASLMechanisms attribute 298
synchronization 26
and authoritative sources 147
detecting deletions 162
from LDAP 163
handling namespace differences 149
to LDAP 162
using file import/export 146
using scripting 146
SYNTAX
attribute type definition keyword 177
syntax 51
of attribute types 40
bounds 41
getting supported list from server 176
synthetic transaction, creating to test replication 181
T
telephoneNumber
attribute 298
attribute type definition 199
defined in DSML 101
syntax defined 40
teletexTerminalIdentifier attribute 299
telexNumber attribute 299
time stamp
LDAP standard 164
when testing replication 183
title attribute 299
top object class 279
definition in DSML 204
transformation, planning 148
trust, and secret keys 260
U
UML
aggregations 52
associations and LDAP 51
composition associations 52
inheritance 53
multiplicity 52
Unified Modeling Language.
See UML
uniqueMember attribute 135, 299
Universal Resource Locators 136
Universal Time Coordinate 164
Unix passwd file
LDAP objectclass equivalent 138
user credentials
storage in LDAP 259
userCertificate attribute 265, 300
userPassword
alternative to comparing 257
attribute 300
userPKCS12 attribute 300
userSMIMECertificate attribute 300
V
virtual directories 30, 145
W
web services 96
relation to DSMLv2 100
white pages
defined 10
use of search filters 81
using DSML and XSLT 102
WHOIS 6
wildcard matching
and substring filters 82
write_entry(), method on Net::LDAP::LDIF 153
X
X.500 5, 56
history 15
standard schemas based on 38
X.509v3 264
x121Address attribute 301
x500UniqueIdentifier attribute 301
XML
attributes 189
and directory data interchange 91
storing directory information in 22
storing in LDAP 8
stylesheets 245
XML::Parser
perl module 186
XML::XSLT
Perl module 210
XML4J
ability to check syntax 190
XSL Transformations. See XSLT
XSLT 97
and DSML in Java 244
transforming DSML 102
using in Perl 208