Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
61626364656667686970
3 LDAP Integration Overview
This chapter presents a few very basic directory-service concepts, introduces the tasks required
to integrate the Neoview platform with an external directory, and characterizes Neoview platform
support for integration with openLDAP and Microsoft Active Directory.
LDAP Conceptual Overview
An electronic directory-service is a database normally used to hold identifying information about
the employees and resources of a corporation. It is somewhat analogous to a paper telephone
directory, but whereas an entry in a telephone directory contains only a name, an address, and
a telephone number, an electronic directory is highly flexible with respect to the attributes that
can be defined for an entry (in the directory “schema”). In addition, whereas the organization
of a paper directory is predominantly sequential, with entries organized in alphabetical order,
an electronic directory has a tree structure optimized for browsing and searching.
Figure 3-1 is a simplified view of part of an electronic directory. At the highest level on the
diagram is the organization (o). Subordinate to the organization are two nodes labeled as
organizational units (ou), one for employees and the other for applications. Subordinate to the
application node are nodes for individual applications, each distinguished by a common name
(cn). Subordinate to the employees node are nodes for individual employees, each distinguished
by a user ID (uid).
Figure 3-1 Tree-structured Directory
The unique name that identifies an entry by specifying the path to that entry is called the
Distinguished Name (DN). The format of a distinguished name consists of a list of components
in hierarchical order, as in the following examples. Note that the form of a distinguished name
can vary according to the type of entity.
cn=CrmGui,ou=Applications,o=REScorp.com
uid=Ray Evert,ou=Employees,o=REScorp.com
The schema dictating the structure of an electronic directory can be very complex, and not many
of its elements concern us here, but one important one is the notion of a group. A group is a
directory object consisting of a collection of names. One familiar example of a group is a
distribution list for electronic mail. Some directory services also implement authorization groups,
which are used to specify a set of users for purposes such as applying access permissions to
members of the group.
An electronic directory is usually partitioned, with each partition having its own server. Partitions
might be regionally or organizationally based, on the assumption that most requests to look up
LDAP Conceptual Overview 63