LDAP

Telecommunication companies' understanding of directory requirements were well developed after some 70 years of producing and managing telephone directories. These companies introduced the concept of directory services to information technology and computer networking, their input culminating in the comprehensive X.500 specification, a suite of protocols produced by the International Telecommunication Union (ITU) in the 1980s.

X.500 directory services were traditionally accessed via the X.500 Directory Access Protocol (DAP), which required the Open Systems Interconnection (OSI) protocol stack. LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack.

Some common examples found throughout the industry are, but not limited to:

• Machine Authentication
  
• User Authentication
  
• User/System Groups
  
• Address book
  
• Organization Representation
  
• Asset Tracking
  
• Telephony Information Store
  
• User resource management
  
• E-mail address lookups
  
• Application Configuration store
  
• PBX Configuration store
  
• etc.....
  

Reference:
http://www.openldap.org/doc/admin24/intro.html

注：LDAP的数据查询效率比较高，高于其数据修改的效率，常应用于“修改需求较少，查询频繁”的应该场景。

The basic form of a directory entry represented in LDIF is as follows:

dn: distinguished_name
objectClass: object_class
objectClass: object_class
...
attribute_type[;subtype]:attribute_value
...

Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry's DN. Think of the DN as the full file path and the RDN as its relative filename in its parent folder (e.g. if /foo/bar/myfile.txt were the DN, then myfile.txt would be the RDN).

An simple LDIF file with two entries:

dn: cn=Barbara Jensen, ou=Product Development, dc=airius, dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Barbara Jensen
cn: Barbara J Jensen
cn: Babs Jensen
sn: Jensen
uid: bjensen
telephonenumber: +1 408 555 1212
description: A big sailing fan.

dn: cn=Bjorn Jensen, ou=Accounting, dc=airius, dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: Bjorn Jensen
sn: Jensen
telephonenumber: +1 408 555 1212

OpenDS 2.2 Installation Guide: https://java.net/projects/opends/pages/2_2_InstallationGuide

Firstly, you need download and extract it.

$ wget http://java.net/downloads/opends/promoted-builds/2.2.1/OpenDS-2.2.1.zip
$ unzip OpenDS-2.2.1.zip
$ cd OpenDS-2.2.1

Type setup with the --cli option to launch the install in interactive mode.

$ ./setup --cli

OpenDS Directory Server 2.2.1
Please wait while the setup program initializes...

What would you like to use as the initial root user DN for the Directory
Server? [cn=Directory Manager]:
Please provide the password to use for the initial root user: 12345
Please re-enter the password for confirmation: 12345

On which port would you like the Directory Server to accept connections from
LDAP clients? [1389]:

On which port would you like the Administration Connector to accept
connections? [4444]: 4455

What do you wish to use as the base DN for the directory data?
[dc=example,dc=com]:
Options for populating the database:

    1)  Only create the base entry
    2)  Leave the database empty
    3)  Import data from an LDIF file
    4)  Load automatically-generated sample data

Enter choice [1]: 2

Do you want to enable SSL? (yes / no) [no]:

Do you want to enable Start TLS? (yes / no) [no]:

Do you want to start the server when the configuration is completed? (yes /
no) [yes]:


Setup Summary
=============
LDAP Listener Port:            1389
Administration Connector Port: 4455
LDAP Secure Access:            disabled
Root User DN:                  cn=Directory Manager
Directory Data:                Create New Base DN dc=example,dc=com.
                               Base DN Data: Leave Database Empty

Start Server when the configuration is completed


What would you like to do?

    1)  Setup the server with the parameters above
    2)  Provide the setup parameters again
    3)  Cancel the setup

Enter choice [1]: 1

Configuring Directory Server ..... Done.
Starting Directory Server ...... Done.

See /tmp/opends-setup-2106862444868985347.log for a detailed log of this operation.

After above, OpenDS server is started. You can run ./bin/status to check its status, run ./bin/stop-ds to stop it, run ./bin/start-ds to start it again.

LDIF file can be imported via OpenDS Control Panel (./bin/control-panel).

LDIF file can be also imported by command line utility ./bin/import-ldif.

Reference: https://java.net/projects/opends/pages/2_2_ImportingDataUsingImportLdif

OpenDS includes some standard schemas.

$ ls ./config/schema/
00-core.ldif       03-rfc2713.ldif  03-rfc3112.ldif     05-rfc4876.ldif
01-pwpolicy.ldif   03-rfc2714.ldif  03-rfc3712.ldif     05-solaris.ldif
02-config.ldif     03-rfc2739.ldif  03-uddiv3.ldif      06-compat.ldif
03-changelog.ldif  03-rfc2926.ldif  04-rfc2307bis.ldif

rfc2713: Schema for Representing Java(tm) Objects in an LDAP Directory
rfc2714: Schema for Representing CORBA Object References in an LDAP Directory
rfc2739: Calendar Attributes for vCard and LDAP
rfc2926: Conversion of LDAP Schemas to and from SLP Templates
rfc3112: LDAP Authentication Password Schema
rfc3712: Lightweight Directory Access Protocol (LDAP): Schema for Printer Services
rfc2307: An Approach for Using LDAP as a Network Information Service
rfc4876: A Configuration Profile Schema for LDAP-Based Agents

OpenDJ began after the acquisition of Sun Microsystems by Oracle. At that time, Oracle announced that Sun OpenDS Standard Edition was not seen as a strategic product, although the investment on the OpenDS source code would continue.

OpenDJ began as a fork of the OpenDS code base and is now the main trunk developed and maintained by ForgeRock.