Alcatel-Lucent 6850-48 Guida Di Rete
LDAP Servers
Managing Authentication Servers
page 35-20
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
In addition to managing attributes in directory entries, LDAP makes the descriptive information stored in
the entries accessible to other applications. The general structure of entries in a directory tree is shown in
the following illustration. It also includes example entries at various branches in the tree.
the entries accessible to other applications. The general structure of entries in a directory tree is shown in
the following illustration. It also includes example entries at various branches in the tree.
Directory Searches
DNs are always the starting point for searches unless indicated otherwise in the directory schema.
Searches involve the use of various criteria including scopes and filters which must be predefined, and
utility routines, such as Sort. Searches should be limited in scope to specific durations and areas of the
directory. Some other parameters used to control LDAP searches include the size of the search and
whether to include attributes associated with name searches.
utility routines, such as Sort. Searches should be limited in scope to specific durations and areas of the
directory. Some other parameters used to control LDAP searches include the size of the search and
whether to include attributes associated with name searches.
Base objects and scopes are specified in the searches, and indicate where to search in the directory. Filters
are used to specify entries to select in a given scope. The filters are used to test the existence of object
class attributes, and enable LDAP to emulate a “read” of entry listings during the searches. All search pref-
erences are implemented by means of a filter in the search. Filtered searches are based on some compo-
nent of the DN.
are used to specify entries to select in a given scope. The filters are used to test the existence of object
class attributes, and enable LDAP to emulate a “read” of entry listings during the searches. All search pref-
erences are implemented by means of a filter in the search. Filtered searches are based on some compo-
nent of the DN.
Retrieving Directory Search Results
Results of directory searches are individually delivered to the LDAP client. LDAP referrals to other serv-
ers are not returned to the LDAP client, only results or errors. If referrals are issued, the server is responsi-
ble for them, although the LDAP client will retrieve results of asynchronous operations.
ers are not returned to the LDAP client, only results or errors. If referrals are issued, the server is responsi-
ble for them, although the LDAP client will retrieve results of asynchronous operations.
Directory Modifications
Modifications to directory entries contain changes to DN entry attribute values, and are submitted to the
server by an LDAP client application. The LDAP-enabled directory server uses the DNs to find the entries
to either add or modify their attribute values.
server by an LDAP client application. The LDAP-enabled directory server uses the DNs to find the entries
to either add or modify their attribute values.
Attributes are automatically created for requests to add values if the attributes are not already contained in
the entries.
the entries.
ROOT
c=Canada
c=US
st=Arizona
st=California
o=your company
ou=function
ou=section
ou=department
cn=your full name
cn=co-worker full nam
e
dn=c=US
dn=o=your company,c=US
cn=your full name, ou=your function, o=your company, c=US
Directory Information Tree