Networking: A Beginner's Guide
Many of the standards on the Internet are controlled by documents called Request for
Comments (RFCs). These are documents that describe a proposed standard and are submitted to
the Internet Engineering Task Force group. You can read more about this group, as well as peruse
any of the networking RFCs you see mentioned in this book (or elsewhere) from the group's home
page at http://www.ietf.org.
An LDAP tree starts with a root, which then contains entries. Each entry can have
one or more attributes. Each of these attributes has both a type and values associated
with it. One example is the CN ("common name"), which contains at least two
attributes: FirstName and Surname. All attributes in LDAP use the text string data
type. Entries are organized into a tree and managed geographically and then within
The following four basic models describe the LDAP protocol:
This model defines the structure of the data stored in
the directory. It describes a number of aspects of the directory, including the
schema, classes, attributes, attribute syntax, and entries. The directory's schema
is the template for the directory and its entries. Classes are categories to which
all entries are attached. Attributes are items of data that describe the classes, such
as CN and OU. The syntax for the attributes specifies exactly how attributes are
named and stored, and what sort of data they are allowed to contain (such as
numbers, string text, dates and times, and so forth). Finally, entries are distinct
pieces of data; like objects, that can be either a container or a leaf.
Microsoft uses nomenclature to describe LDAP that differs from the terms defined in
the RFCs. Most notably, Microsoft calls an entry an object, and calls an attribute a property. These
names refer to the same things, and you should be aware of this when reading the RFCs or other
documents about LDAP and comparing the information to that found in documents from Microsoft.
This model describes how to reference and organize the data.
It defines the names that serve as primary keys for entries in the directory:
distinguished names (DNs), which are full names of entries, as well as relative
distinguished names (RDNs), which are components of DNs. Each component
of the DN--such as the CD, OU, or O entries--is an RDN. The following is an
example of an LDAP DN:
CN=Bruce Hallberg, OU=Networking Books, OU=Computer Books,
This model describes how to work with the data. It
defines how LDAP accomplishes three types of operations: authentication,
interrogation, and updates. Authentication is the process by which users
prove their identity to the directory. Interrogation is the process by which
the information in the directory is queried. Updates are operations that post
changes to the directory.