Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
919293949596979899100
OmniAccess Reference: AOS-W System Reference
78 Part 031652-00 May 2005
FIGURE 5-13 LDAP Directory Structure
An entry at a given level in the directory’s tree structure is identified by a
Relative Distinguished Name (or RDN). For example, the RDN of a user “John
Doe” in an NIS based organization is “uid=jdoe” or “cn=John Doe”. The
attribute that is used to specify the Login ID in the RDN is called the key
attribute. The Distinguished Name is used to identify an entry uniquely in a
global namespace. It identifies an entry in the entire tree. It is built by
incorporating the names in the tree along the path that lead up to the entry. For
example, the DN for the entry corresponding to user “John Doe”, in our
example, would be: “uid=jdoe, ou=People, dc=Alcatelnetworks, dc=com”. There
is usually one entry in the directory that has special privileges: the root/admin
entry. This entry usually has read/write/search privileges over all the entries in
the directory.
LDAP provides an API for interrogating and updating the directory. Although
LDAP supports operations to add, delete and update an entry, it is primarily
used to search for information in the directory. The LDAP search operation
allows the user to specify the portion of the directory that should be searched.
In addition, a search filter¸ can be used to specify the criteria that should be
looked for in the entries that are being searched for.
In addition to the above operations, LDAP supports access control by
providing a mechanism for a client to authenticate itself to the server. Typically,
a root or admin entry in the directory has access privileges to all the entries in the
directory. Some implementations, like Active Directory for example, do not
allow even the root entry to read the password attribute of another entry in
order to protect the privacy of an entry. During client authentication, the client
should supply the distinguished name of the entry that it is trying to connect
as, and the password for the entry. Since the connection between the client
ou=People
dc=Alcatelnetworks,dc=com
ou=Printers
uid=guest,cn=Guest
ou=People
uid=jdoe,cn=John Doe