Build a directory service for web-based services

By Deepak Vohra → More by this author

18 Feb 2008 06:02

OpenLDAP for the people

Hands on A directory service is an application that lets you store, retrieve and modify information about network-attached resources such as users.

If you want to keep a directory of company employees, for example, you would use a directory service instead of storing that information directly in a database. A directory service is created in a directory server, which is built on top of the database.

Directory servers are equally useful online, for use in web-based services like social networks.

In this article I shall create a directory service using PHP, one of the internet's most popular scripting languages, and OpenLDAP directory server - part of the ubiquitous OpenLDAP suite used in Linux distributions and vendors' software.

I have picked OpenLDAP because it's an open source package, meaning the code is easy to grab and use, and because it's easier to install and use than commercial directory servers such as Oracle Internet Directory server or IBM's Tivoli directory server.

Get up to speed

First, some basic - but essential - orientation. As I mentioned, the actual user data is stored in a database - a directory service is an abstract layer that sits on top of the database.

Lightweight Directory Access Protocol (LDAP) is a lightweight protocol for accessing directory services and that also defines operations for adding, searching, modifying and deleting directory entries. A "directory entry" is a set of attributes identified by a globally unique Distinguished Name (DN). Each of a directory entry's attributes has a type and one or more values.

Some examples of attribute types are discussed in the following table:

Attribute Type	Description
o	Organization
dc	Domain component
ou	Organizational unit
cn	Common name
uid	Userid
dn	Distinguished name
mail	Email address

The attributes in a directory entry's DN are arranged in a hierarchy from right to left, with the right-most attributes as the base entry and the left-most attributes called Relative Distinguished Name (RDN). A DN is a sequence of RDNs. An example of a DN is as follows.

cn=dvohra,dc=example,dc=com

In this example, the base entry/root is dc=example,dc=com, and the RDN is cn=dvohra.

Ok, now let's get started. First, install Apache HTTP Server 2.3.2 and PHP 5.2. Enable the PHP LDAP extension in php.ini configuration file.

extension=php_ldap.dll

Page 1 2 3 Next >

Track this type of story as a custom Atom/RSS feed or by email.

Top 20 stories All The Week’s Headlines

Whitepapers
How To Tackle Enterprise Spyware Alternate Client Architectures Creating Cost and Energy Efficiency Through Outsourcing Hosting Solutions Managing and Integrating Data in an SAP Environment