Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 477 — #503
i
i
i
i
i
i
i
i
21
Linux in the Network
This notably reduces the administration effort for the information. The use
of an open and standardized protocol like LDAP (lightweight directory ac-
cess protocol) ensures that as many different client applications as possible
can access such information.
A directory in this context is a type of database optimized for quick and
effective reading and searching:
To make numerous (concurrent) reading accesses possible, write ac-
cess is limited to a small number of updates by the administrator.
Conventional databases are optimized for accepting the largest possi-
ble data volume in a short time.
Because write accesses can only be executed in a restricted fashion, a
directory service is employed for administering mostly unchanging,
static information. Data in a conventional database typically changes
very often (dynamic data). Phone numbers in a company directory do
not change nearly as often as, for example, the figures administered
in accounting.
When static data is administered, updates of the existing data sets are
very rare. When working with dynamic data, especially when data
sets like bank accounts or accounting are concerned, the consistency
of the data is of primary importance. If an amount should be sub-
tracted from one place to be added to another, both operations must
happen concurrently, within a transaction, to ensure the balance over
the whole data stock. Databases support such transactions. Directo-
ries do not. Short-term inconsistencies of the data are quite acceptable
in directories.
The design of a directory service like LDAP is not laid out to support com-
plex update or query mechanisms. All applications accessing this service
should gain access quickly and easily.
Many directory services have previously existed and still exist both in Unix
and outside it. Novell NDS, Microsoft ADS, Banyan’s Street Talk, and the
OSI standard X.500 are just a few examples. LDAP was originally planned
as a lean flavor of DAP, the directory access protocol, which was developed
for accessing X.500. The X.500 standard regulates the hierarchical organiza-
tion of directory entries.
LDAP is a trimmed down version of the DAP. Without losing the X.500 en-
try hierarchy, profit from LDAP’s cross-platform capabilities and save re-
sources. The use of TCP/IP makes it substantially easier to establish inter-
faces between a docking application and the LDAP service.
477SUSE LINUX Enterprise Server