Directory Service, LDAP

Analyzes Directory Service and LDAP (Lightweight Directory Access Protocol) used in Directory Service.

1. Directory Service

The first Directory Service was a Data storage that stored information such as location, specifications, and administrators of Network Resources to manage physical Network Resources owned by enterprises. However, as enterprise requirements expanded, its functionality expanded to a Data storage that manages not only Network Resources but also various physical Resources that enterprises need to manage, such as equipment, organizations, and employees. Since employee authentication information can also be stored and managed in Directory Service, authentication services within the company can be built through Directory Service.

Since Directory Service is often used to manage physical Resources where changes rarely occur, it is generally designed to focus on Data Read rather than Data Write. Also, to store various characteristics of physical Resources, it is generally designed to be able to store various Attributes. A representative implementation of Directory Service is LDAP (Lightweight Directory Access Protocol).

2. LDAP (Lightweight Directory Access Protocol)

LDAP is literally a lightweight Protocol for Directory Service. LDAP Server manages Data in Tree form. [Figure 1] shows the Schema of LDAP in Tree form. You can see that each Node of the Tree stores one attribute. Available attributes can be checked at this link. Commonly used attributes are as follows.

uid : User ID
cn : Common Name
l : Location
ou : Organisational Unit
o : Organisation
dc : Domain Component
st : State
c : Country

LDAP does not support Transaction or Rollback. LDAP is specialized for Data Read rather than Data Write. Data held by LDAP Server is generally stored in Binary format, but can be converted to a human-readable format through LDIF (LDAP Data Interchange Format).

3. References

Digital Signature Docker Component