Talk:Lightweight Directory Access Protocol
|
|
| Contents |
Active Directory?
Is it correct that Active Directory is Microsoft's implementation of the Lightweight Directory Access Protocol?
-I believe that's correct; at least in terms of Microsoft's "Embrace and Extend" (aka Steal and Bastardize) strategy.
- Yes. No. LDAP is not a directory, it is an access protocol. Active Directory, surprisingly enough, is a directory. Yes, Active Directory is accessible by LDAP, as was Exchange Server before it. AD is also accessible by other methods, including ADSI, Kerberos, and NTLM. So AD isn't MS's implementation of LDAP, but it includes an MS implementation of LDAP. (For what it is worth, I'm not a fan of MS, but they do occaisionally implement something right without "extending" it. They didn't "extend" LDAP in AD like they did with Kerberos in AD.) -- Amillar 03:28 May 12, 2003 (UTC)
-Have you considered giving examples of coding LDAP using Perl or Javascript, for example.
Seperate article?
Does OpenLDAP really need a separate article? Any info is best gained from the external link. JohnCastle 12:44 27 Jul 2003 (UTC)
Recursive?
Can an LDAP attribute be an LDAP object recursively? Does the unique-name restriction apply only to items on the same leaf? Is there a master/template describing the structure or is it freeform? Roger.wernersson 16:54, 2 Jul 2004 (UTC)
The typical approach is to have an LDAP attribute be DN-valued: the values point to other entries. See the object class groupOfNames or groupOfUniqueNames. It is rare to contain an LDAP entry as an attribute value, see the changes attribute of the changelog object class. All entries in a single directory tree must have unique Distinguished Names. Any further restrictions, such as you can only have one person with a name of Joe Bloggs anywhere in the organization, even if you have more than one branch of the directory tree (e.g. having both uid=jbloggs,ou=Europe,o=mycompany and uid=jbloggs,ou=Asia,o=mycompany is legal in LDAP), is an implementation or deployment choice. The structure of the LDAP directory may be constrained by X.500 structure and DIT content rules, implementation restrictions (e.g. AD might only allow user entries in a particular part of the tree), or by deployment policy (e.g. entries for users are to be stored in a branch ou=People). --MarkWahl 16:03, 28 Sep 2004 (UTC)
If you like...
You can consider adding the external project that works on adding LDAP into squid! more info: http://group-ldap-auth.sourceforge.net (no I'm not affiliated with this site, it's just for completion) [edit] I went ahead and at least added the info of Apache supporting LDAP in his proxy functionality (mod_proxy), since this comes by default and doesn't require a third-party module like squid (still) does. 217.2.59.30 02:01, 20 Jun 2005 (UTC) -andy