If you work in the computer industry, you may have heard about LDAP. Do you want to learn more about LDAP? You can read this article carefully. This introductory article is the first article on how to design, implement, and integrate the LDAP environment in an enterprise. It is mainly to familiarize you with the basic concepts of LDAP. The difficult details will be discussed later. In this article, we will introduce:
What is LDAP?
When should I use LDAP to store data?
Now, LDAP technology is not only developing fast but also exciting. Implementing LDAP within the enterprise scope allows all applications running on almost all computer platforms to obtain information from the LDAP directory. The LDAP directory can store various types of data: email addresses, mail routing information, HR data, public keys, contact lists, and so on. By using the LDAP directory as an important part of system integration, You can simplify the steps for employees to query information within the enterprise, and even store the main data sources anywhere. If similar data has been stored in Oracle, Sybase, Informix, or Microsoft SQL databases, what is the difference between LDAP and these databases? What makes it more advantageous? Continue reading!
What is LDAP?
The full name of LDAP is Lightweight Directory Access Protocol, which is generally referred to as LDAP. It is based on the X.500 standard, but it is much simpler and can be customized as needed. Unlike X.500, LDAP supports TCP/IP, which is required for Internet access. LDAP core specifications are defined in RFC. All LDAP-related RFC can be found in the RFC column ldapchina.com.
How can I use the term LDAP?
In daily conversations, you may hear some people say, "Do we want to store those things in LDAP ?", Or "retrieve the data from the LDAP database !", Or, "How do we integrate LDAP with relational databases ?". Strictly speaking, LDAP is not a database, but used to access information stored in the information directory (that is, the LDAP directory ).Protocol. The more accurate and formal statement should be like this: "By Using LDAP, you can read (or store) data in the correct location of the information directory ". However, there is no need to be picky. Even though the expression is not accurate enough, we all know what the other party is talking about.
Is the LDAP directory a database?
Just as Sybase, Oracle, Informix, or Microsoft's database management system (DBMS) is used to process queries and update relational databases, the LDAP server is also used to process queries and update LDAP directories. In other words, the LDAP directory is also a type of database, but it is not a relational database. Unlike databases designed to process hundreds of thousands of data changes per minute, such as online transaction processing (OLTP) systems that are frequently used in e-commerce, LDAP mainly optimizes Data Reading performance.
Advantages of LDAP directory
Now let's talk about the advantages of the LDAP directory. The prevalence of LDAP is the result of many factors. What I am talking about here is just some basic reasons. Please note that this is only a small part of the reason.
Perhaps the biggest advantage of LDAP is that it can access the LDAP directory with an easy-to-obtain and increasing number of LDAP client programs on any computer platform. It is also easy to customize the application to add LDAP support to it.
LDAP is a cross-platform and standard protocol. Therefore, applications do not have to worry about the servers on which the LDAP directory is stored. In fact, LDAP is widely recognized in the industry because it is the internet standard. Developers are willing to add LDAP support to their products because they do not have to consider what the other end (client or server) is like. The LDAP server can be any development source code or commercial LDAP directory server (or a relational database with an LDAP interface ), because you can use the same protocol, client connection software package, and query commands to interact with the LDAP server. Different from LDAP, if software vendors want to integrate DBMS support in software products, they usually have to customize each database server separately.
Unlike many commercial relational databases, you do not have to pay for each LDAP Client connection or protocol.
Most LDAP servers are easy to install and are easy to maintain and optimize.
The LDAP server can copy part or all of the data by means of "push" or "pull". For example, it can "push" the data to a remote office to increase data security. Replication Technology is built into the LDAP server and is easy to configure. If you want to use the same replication function in the DBMS, the database producer will have to pay additional fees and it is difficult to manage them.
LDAP allows you to use ACI (generally called ACL or access control list) as needed to control the read and write permissions on data. For example, the device administrator can change the employee's work location and office number, but cannot change other domains in the record. ACI can control data access based on who accesses the data, what data is accessed, where the data exists, and others. Because these are all completed by the LDAP directory server, you do not have to worry about whether to perform security checks on the client applications.
LDAP is most useful for storing the following information, that is, data needs to be read from different locations, but it does not need to be updated frequently. For example, the information stored in the LDAP directory is very effective:
- Telephone number book and organization structure of company employees
- Customer Contact Information
- Information required for computer management, including NIS ing, email Kana, and so on
- Configuration information of the software package
- Public certificate and Security Key
When should I use LDAP to store data?
Most LDAP servers are specially optimized for read-intensive operations. Therefore, reading data from an LDAP Server is an order of magnitude faster than reading data from a relational database specially optimized for OLTP. This is also because it is specially optimized for read performance. Most LDAP directory servers are not suitable for storing data that needs to be changed frequently. For example, using an LDAP server to store phone numbers is a good choice, but it cannot be used as a database server for e-commerce sites.
If the answer to each of the following questions is "yes", it is a good idea to store data in LDAP.
- Do I need to read data on any platform?
- Is each individual record item slightly changed every day?
- Can I store data in flat databases instead of relational databases? In other words, no matter what paradigm is not normal, put everything in a record (almost as long as the first paradigm is satisfied ).
The last problem may be confusing. In fact, it is common to use a flat database to store relational data. For example, a company employee's record can contain the manager's login name. It is convenient to use LDAP to store such information. A simple judgment method: If you can save the data in a card, you can easily store it in the LDAP directory.