|"Projet de Spécialité 2010"||Deployment of VoIP platform|
|Team||Ouakkadi Mohamed Yassine, Rafiq Oualid, Legras-Lecarpentier Matthieu,Piton Benjamin, Torre Luc-Alexandre|
|Professors||Franck Rousseau |
LIG laboratory, Drakkar group
|Location||Grenoble INP Ensimag|
LDAP uses a client/server approach, by connected mode with the TCP protocol, on the port 389 (default port). The transcription uses the BER (Basic Encoding Rule) codage for fast transfers on the network. It can accept TLS (Transport Layer Security) for the transfers confidentiallity (with the port 636). The standard allows many operations (control and extents operation) defined by RFC (Request For Comment).
Naming of entities
The entries of the LDAP directory are organized by the DIT (Directory Information Tree). Each entry is a tree's node with different types. It can be nammed by the DN (Distinguished name) like ou=Recherche,ou=France,dc=ensimag,dc=fr or by the RDN (Relative Distinguished Name) like ou=Recherche. The complete name (DN) contains all the tree's hierarchy, which must be read from right to left. Example of DIT: Media:dit.png
LDAP protocol has defined a file's format LDIF (LDAP Interchange Format), which can contain:
- description's entries of the directory.
- attribut's value for the directory's entries.
- instructions of treatments for the server.
Example of .ldif:
dn: ou=people, dc=abdomain, dc=org objectclass: top objectclass: organizationalUnit ou: people description: Branche gens
dn: ou=etudiants, ou=people, dc=abdomain, dc=org objectclass: top objectclass: organizationalUnit ou: etudiants description: Branche etudiants
dn: ou=personnel, ou=people, dc=abdomain, dc=org objectclass: top objectclass: organizationalUnit ou: personnel description: Branche personnel
Stockage of informations in the directory
Each entry of the directory contains a pair of attribut-value at least. Some attributs are obligatory like objectClass (which defines the type of the entry). Each attribut is defined by:
- a description
- a name
- a egality's rule
- a numeric value (called OID Object Identifier)
- that it can contain.
The set of attribut and classes of a directory is called schema.
Acces and operations on the directory's data
It is possible to realize many operations in the directory:
- added, removed or modified an entry
- added, removed or modified an attribut
- added, removed or modified a value
- requests of research.
These operations can be realized with softwares (like phpLDAPadmin) in order to facilitate the maintenance of the data.
A LDAP directory contains informations which must be protected. The standard LDAP plans 2 types of authentification: simple (maked by the server) and SASL (Simple Authentification and Security Layer). The acces control depends on the server LDAP. It doesn't exist a normalization in the standard LDAP. About the encoding of the transactions, the LDAP server uses SSL (Secure Sockets Layer) or StartTLS (Transport Layer Security).
A LDAP server must assure 3 functions:
- answer at requests LDAP of the client
- assure the data coherence of the directory by relationship schema
- assure the permanent data stockage.