Introduction to LDAP Directory service protocol for CentOS 6.2

LDAP is light weight Directory access Protocol (Lightweight Directory Access Protocol), formerly known as the more ancient DAP protocol. It is based on the X.500 standard, but it is simple and can be tailored to your needs. Unlike X.500, LDAP supports TCP/IP, which is necessary for accessing the Internet. The core specification of LDAP is defined in the RfC, and in general, the LDAP protocol defines the methods for communicating with the backend database, the communication standards between the client software and the LDAP protocol, such as the latter.

LDAP client refers to a variety of software that requires authentication, such as Apache, PROFTPD, and samba. LDAP sever refers to software that implements the LDAP protocol, such as OpenLDAP. Datastorage refers to OPENLDAP data storage, such as relational database (MYSQL) or query-efficient embedded database (BERKELEYDB), or even a flat text database (a txt text file). Visible OpenLDAP software is only an implementation of the LDAP protocol, does not include background database storage, but in many cases, administrators often put ldapserver and datastorage on the same server, so that the common LDAP database, Although background databases can be varied, the LDAP protocol also prescribes how data is stored. The LDAP database is a tree-like structure, similar to DNS.

WEBLDAP Architecture

One of the biggest benefits of storing data in this way is the query speed block, the LDAP database is optimized for read operations, and OpenLDAP with Berkeley DB can greatly improve the efficiency of its read operations, Another benefit of the tree structure of the LDAP database is the ease of distributed management.

Realize the idea

The same identity authentication is to change the original authentication strategy, so that the need to authenticate the software through LDAP authentication, the following figure. After the same authentication, all of the user's information is stored in the LDAP server. End users need to authenticate with the LDAP server when they need to use the internal services of the company. Each employee simply remembers a password and can modify the information in the LDAP server directly from the Web interface provided by the administrator when the user's information needs to be modified.