`
chilongxph
  • 浏览: 138857 次
  • 性别: Icon_minigender_1
  • 来自: 深圳
社区版块
存档分类
最新评论
阅读更多
关于LDAP的概念随便网上有很多,我不想重复,这里只是说一下我自己的理解。
都说它是“轻量级目录协议”,太专业,我不懂,我只把它想象成“简单”的目录协议。

几个很重要的概念,以后会用到:
---------------------------------------------
dn :一条记录的位置
dc :一条记录所属区域
ou :一条记录所属组织
cn/uid:一条记录的名字/ID
---------------------------------------------

实际上更多时候我只把它看成数据库。我把它和我非常熟悉的MYSQL数据库做比较,通常会得到更好的理解:

MYSQL用“表”储存数据,LDAP用“树”
MYSQL指定一条记录要3个条件:DB、TABLE、ROW。
LDAP却更自由,为什么呢?因为LDAP数据是“树”状的,而且这棵树是可以无限延伸的,假设你要树上的一个苹果(一条记录),你怎么告诉园丁它的位置呢?当然首先要说明是哪一棵树(dc,相当于MYSQL的DB),然后是从树根到那个苹果所经过的所有“分叉”(ou,呵呵MYSQL里面好象没有这 DD),最后就是这个苹果的名字(uid,记得我们设计MYSQL或其它数据库表时,通常为了方便管理而加上一个‘id’字段吗?)。好了!这时我们可以清晰的指明这个苹果的位置了,就是那棵“歪脖树”的东边那个分叉上的靠西边那个分叉的再靠北边的分叉上的半红半绿的……,晕了!你直接爬上去吧!我还是说说LDAP里要怎么定义一个字段的位置吧,树(dc=waibo,dc=com),分叉(ou=bei,ou=xi,ou= dong),苹果(cn=honglv),好了!位置出来了:
dn:cn=honglv,ou=bei,ou=xi,ou=dong,dc=waibo,dc=com

一个有名的画家说过:“世上没有相同的2个鸡蛋”。当然也没有相同的2个苹果……,同样,在LDAP里也不可能存在2个相同的dn。


LDAP数据填充原理:
一棵树的生长,要循序渐进,如果还没有长出某个分叉,就不可能在那个分叉里长出苹果(问:FT!苹果是长在分叉上的吗?答:为了便于理解,你就当它是吧),同样,LDAP数据库也要一步步的充实,举一个学校数据库的例子,我们将要把一个庞大的学生档案放到LDAP里,大致需要这么做:
---------------------------------------------
1、建立“树根”,这是通过修改“slapd.conf”来实现的,由于现在的目的是理解,所以具体步骤就不说了,反正就是在这一步建立了一个“dc= ourschool,dc=org”这样一个“树根”。注意:我把它理解成“目录”,或者“容器”,甚至它本身也是文件(苹果)的特殊形式,熟悉LINUX文件系统的朋友会更容易理解。
2、建立18个系,分别是“dnu=computer,dc=ourschool,dc=org”、“dnu=film,dc=ourschool,dc=org”……
3、当然是在每个系里面建立专业,比如“dnu=linux,ou=computer,dc=ourschool,dc=org”……
4、(开始长苹果吧!)加学生喽——“dn:cn=stan,ou=linux,ou=computer,dc=ourschool,dc=org”……
5、已经完成了吗?对了!学生的详细信息还没有呐!不过先这样吧,反正记录是可以编辑的。
---------------------------------------------


LDAP记录的详细信息
dn:cn=stan,ou=linux,ou=computer,dc=ourschool,dc=org
objectClass:organizationalPerson
cn:stan
cn:小刀
sn:小刀
description:a good boy
(以上是一条记录的信息,如果把他保存成LDIF文件,可以导入到LDAP数据库中)
上面不是说没有学生详细信息吗?怕你着急,就马上写出来了,只是还没有导入到LDAP里,那是以后的事。这里我先就你可能会产生的疑问做回答。
---------------------------------------------
Q1:“cn”不是在“dn”里定义了吗,怎么又在后面重新定义了? 答:你要把“cn=stan,ou=linux,ou=computer,dc=ourschool,dc=org”看成是一个整体,它只是属性dn的值。
Q2:怎么后面有2个“cn”,我以哪个为准? 答:区别于普通数据库,LDAP每个属性一般可以具有多个值,这样不好吗?你在学校数据库里找我的时候,只要记得我的一个cn就可以了,用“cn=stan”或“cn=小刀”都可以找到我!
Q3:就这些属性了吗?我都不知道你是男是女。 答:先声明,偶是男地。 LDAP对记录的属性做了严格的限制(这一点我不太喜欢),也就是说,你可以用哪些属性,哪些属性不能为空,哪些属性最多只能有一个值等,他们都给你规定好了。幸好你有选择的权利,比如这次我们是储存学生信息,那么我们就定义一个“objectClass:organizationalPerson”,这样 “organizationalPerson”这个类所规定的所有属性我们都可以用了,而且确实很适合我们。虽然这个类中没有“sex”这个属性,不过你完全可以用一个“空闲”的属性来顶替。如果我们能自己建立“类”就更好了,但目前我还没有时间去研究这个东西,我也期望高手指点啊
---------------------------------------------


好了!看到我贴的图了吗?那是我偷别人的,差不多能用我就不自己画了

##############################################################

关于安装配置LDAP,使之储存系统用户,这里有一个非常好的网址,如果你的英文不是很差,都应该做的来,我偷个懒,就先不写这方面的东西喽:
http://www.mandrakesecure.net/en/docs/ldap-auth.php
上面的方法我已经试过,是可行的,如果兄弟们配置的时候出现问题我们可以讨论讨论。

关于LDAP+POSTFIX,POSTFIX里的“LDAP_README”中介绍的很详细,我再说就是重复了。
##############################################################
其它相关资源:
yala (很实用的数据库操作工具,简单的说,他就是MYSQL的phpmyadmin,自己找下载地址吧~)
http://www.openldap.org/ (说实话,我一直没用上它,不过它是官方网站,不提也不好)
http://ldap.akbkhome.com/ (什么‘类’下面有什么‘属性’,在这里找)






ldaptree.jpg (4.91 KB) 2005-8-14 22:59
  ldap上面的图
 



LDAP_README

--------------------------------------------------------------------------------


LDAP SUPPORT IN POSTFIX
=======================

Postfix can use an LDAP directory as a source for any of its lookups:
aliases, virtual, canonical, etc. This allows you to keep information
for your mail service in a replicated network database with fine-grained
access controls. By not storing it locally on the mail server, the
administrators can maintain it from anywhere, and the users can control
whatever bits of it you think appropriate. You can have multiple mail
servers using the same information, without the hassle and delay of
having to copy it to each.

BUILDING WITH LDAP SUPPORT
==========================

Note: Postfix no longer supports the LDAP version 1 interface.

You need to have LDAP libraries and include files installed somewhere
on your system, and you need to configure the Postfix Makefiles
accordingly.

For example, to build the OpenLDAP libraries for use with Postfix
(i.e. LDAP client code only), you could use the following command:

% ./configure --without-kerberos --without-cyrus-sasl --without-tls \
--without-threads --disable-slapd --disable-slurpd \
--disable-debug --disable-shared

If you're using the libraries from the UM distribution
(http://www.umich.edu/~dirsvcs/ldap/ldap.html) or OpenLDAP
(http://www.openldap.org), something like this in the top level of your
Postfix source tree should work:

% make tidy
% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber"

On Solaris 2.x you may have to specify run-time link information,
otherwise ld.so will not find some of the shared libraries:

% make tidy
% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lldap \
-L/usr/local/lib -R/usr/local/lib -llber"

The 'make tidy' command is needed only if you have previously built
Postfix without LDAP support.

Instead of '/usr/local' specify the actual locations of your LDAP
include files and libraries. Be sure to not mix LDAP include files
and LDAP libraries of different versions!!

If your LDAP libraries were built with Kerberos support, you'll also
need to include your Kerberos libraries in this line. Note that the KTH
Kerberos IV libraries might conflict with Postfix's lib/libdns.a, which
defines dns_lookup. If that happens, you'll probably want to link with
LDAP libraries that lack Kerberos support just to build Postfix, as it
doesn't support Kerberos binds to the LDAP server anyway. Sorry about
the bother.

If you're using one of the Netscape LDAP SDKs, you'll need to change the
AUXLIBS line to point to libldap10.so or libldapssl30.so or whatever you
have, and you may need to use the appropriate linker option (e.g. '-R')
so the executables can find it at runtime.

CONFIGURING LDAP LOOKUPS
========================

In order to use LDAP lookups, define at least one LDAP source as a table
lookup in main.cf, for example:

alias_maps = hash:/etc/aliases, ldap:ldapsource

Each LDAP source can have the following parameters, which should be
prefixed in main.cf with the name you've given the source in its
definition and an underscore. To continue the example, the first
parameter below, "server_host", would be defined in main.cf as
"ldapsource_server_host". Defaults are given in parentheses:

server_host (localhost)
The name of the host running the LDAP server, e.g.
ldapsource_server_host = ldap.your.com
It should be possible with all the libraries mentioned above to
specify multiple servers separated by spaces, with the libraries
trying them in order should the first one fail. It should also
be possible to give each server in the list a different port, by
naming them like "ldap.your.com:1444".

server_port (389)
The port the LDAP server listens on, e.g.
ldapsource_server_port = 778

search_base (No default; you must configure this.)
The base at which to conduct the search, e.g.
ldapsource_search_base = dc=your, dc=com

timeout (10 seconds)
The number of seconds a search can take before timing out, e.g.
ldapsource_timeout = 5

query_filter (mailacceptinggeneralid=%s)
The RFC2254 filter used to search the directory, where %s is a
substitute for the address Postfix is trying to resolve, e.g.
ldapsource_query_filter = (&(mail=%s)(paid_up=true))

result_filter (%s)
Filter applied to result attributes. Supports the same expansions
as the query_filter, and can be easily used to append (or prepend)
text.

domain (Default is to ignore this.)
This is a list of domain names, paths to files, or dictionaries.
If specified, only lookups for the domains on this list will be
performed. This means that the LDAP map won't get searched for
'user', nor will it get searched for any domain not listed. This
can significantly reduce the query load on the LDAP server.
ldapsource_domain = postfix.org, hash:/etc/postfix/searchdomains

result_attribute (maildrop)
The attribute(s) Postfix will read from any directory entries
returned by the lookup, to be resolved to an email address.
ldapsource_result_attribute = mailbox,maildrop

special_result_attribute (No default)
The attribute(s) of directory entries that can contain DNs or URLs.
If found, a recursive subsequent search is done using their values.
ldapsource_special_result_attribute = member

scope (sub)
The LDAP search scope: sub, base, or one. These translate into
LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL.

bind (yes)
Whether or not to bind to the LDAP server. Newer LDAP
implementations don't require clients to bind, which saves
time. Example:
ldapsource_bind = no

If you do need to bind, you might consider configuring Postfix
to connect to the local machine on a port that's an SSL tunnel
to your LDAP server. If your LDAP server doesn't natively
support SSL, put a tunnel (wrapper, proxy, whatever you want to
call it) on that system too. This should prevent the password
from traversing the network in the clear.

bind_dn (""
If you do have to bind, do it with this distinguished name.
Example:
ldapsource_bind_dn = uid=postfix, dc=your, dc=com

bind_pw (""
The password for the distinguished name above. If you have to
use this, you probably want to make main.cf readable only by
the Postfix user. Example:
ldapsource_bind_pw = postfixpw

cache (no)
Whether to use a client-side cache for the LDAP connection. See
ldap_enable_cache(3). It's off by default.

cache_expiry (30 seconds)
If the client-side cache is enabled, cached results will expire
after this many seconds.

cache_size (32768 bytes)
If the client-side cache is enabled, this is its size in bytes.

dereference (0)
When to dereference LDAP aliases. (Note that this has nothing
do with Postfix aliases.) The permitted values are those
legal for the OpenLDAP/UM LDAP implementations:

0 never
1 when searching
2 when locating the base object for the search
3 always

See ldap.h or the ldap_open(3) or ldapsearch(1) man pages for
more information. And if you're using an LDAP package that has
other possible values, please bring it to the attention of the
postfix-users@postfix.org mailing list.

chase_referrals (0)
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version 3
support.

version (2)
Specifies the LDAP protocol version to use.

debuglevel (0)
What level to set for debugging in the OpenLDAP libraries.

Don't use quotes in these variables; at least, not until the Postfix
configuration routines understand how to deal with quoted strings.

EXAMPLES
========

ALIASES
-------

Here's a basic example for using LDAP to look up aliases. Assume that in
main.cf, you have these configuration parameters defined:

alias_maps = hash:/etc/aliases, ldap:ldapsource
ldapsource_server_host = ldap.my.com
ldapsource_search_base = dc=my, dc=com

Upon receiving mail for a local address "ldapuser" that isn't found in
the /etc/aliases database, Postfix will search the LDAP server listening
at port 389 on ldap.my.com. It will bind anonymously, search for any
directory entries whose mailacceptinggeneralid attribute is "ldapuser",
read the "maildrop" attributes of those found, and build a list of their
maildrops, which will be treated as RFC822 addresses to which the
message will be delivered.

VIRTUAL DOMAINS/ADDRESSES
-------------------------

If you want to keep information for virtual lookups in your directory,
it's only a little more complicated. First you need to make sure Postfix
knows about the virtual domain. An easy way to do that is to add the
domain to the mailacceptinggeneralid attribute of some entry in the
directory. Next you'll want to make sure all of your virtual recipients'
mailacceptinggeneralid attributes are fully qualified with their virtual
domains. Finally, if you want to designate a directory entry as the
default user for a virtual domain, just give it an additional
mailacceptinggeneralid (or the equivalent in your directory) of
"@virtual.dom". That's right, no user part. If you don't want a catchall
user, omit this step and mail to unknown users in the domain will simply
bounce.

If you're using a version of Postfix newer than 19991226, that should do
it. If not, you also need to add your virtual domains to relay_domains.
Simply add "$virtual_maps" to your relay_domains line. Then you can use
the same map you use to find virtual recipients to determine if a domain
is a valid virtual domain and should be allowed to relay.

In summary, you might have a catchall user for a virtual domain that
looks like this:

dn: cn=defaultrecipient, dc=fake, dc=dom
objectclass: top
objectclass: virtualaccount
cn: defaultrecipient
owner: uid=root, dc=someserver, dc=isp, dc=dom
1 ->; mailacceptinggeneralid: fake.dom
2 ->; mailacceptinggeneralid: @fake.dom
3 ->; maildrop: realuser@real.dom

1: Postfix knows fake.dom is a valid virtual domain when it looks for
this and gets something (the maildrop) back.

2: This causes any mail for unknown users in fake.dom to go to this entry ...

3: ... and then to its maildrop.

Normal users might simply have one mailacceptinggeneralid and maildrop,
e.g. "normaluser@fake.dom" and "normaluser@real.dom".

OTHER USES
----------

Other common uses for LDAP lookups include rewriting senders and
recipients with Postfix' canonical lookups, for example in order to make
mail leaving your site appear to be coming from "First.Last@site.dom"
instead of "userid@site.dom".

NOTES AND THINGS TO THINK ABOUT
===============================

- The bits of schema and attribute names used in this document are just
examples. There's nothing special about them, other than that some are
the defaults in the LDAP configuration parameters. You can use
whatever schema you like, and configure Postfix accordingly.

- You probably want to make sure that mailacceptinggeneralids are
unique, and that not just anyone can specify theirs as postmaster or
root, say.

- An entry can have an arbitrary number of mailacceptinggeneralids or
maildrops. Maildrops can also be comma-separated lists of addresses.
They will all be found and returned by the lookups. For example, you
could define an entry intended for use as a mailing list that looks
like this (Warning! Schema made up just for this example):

dn: cn=Accounting Staff List, dc=my, dc=com
cn: Accounting Staff List
o: my.com
objectclass: maillist
mailacceptinggeneralid: accountingstaff
mailacceptinggeneralid: accounting-staff
maildrop: mylist-owner
maildrop: an-accountant
maildrop: some-other-accountant
maildrop: this, that, theother

- If you use an LDAP map for lookups other than aliases, you may have to
make sure the lookup makes sense. In the case of virtual lookups,
maildrops other than mail addresses are pretty useless, because
Postfix can't know how to set the ownership for program or file
delivery. Your query_filter should probably look something like this:

virtual_query_filter = (&(mailacceptinggeneralid=%s)(!(|(maildrop="*|*"(maildrop="*:*"(maildrop="*/*")))

- And for that matter, even for aliases, you may not want users able to
specify their maildrops as programs, includes, etc. This might be
particularly pertinent on a "sealed" server where they don't have
local UNIX accounts, but exist only in LDAP and Cyrus. You might allow
the fun stuff only for directory entries owned by an administrative
account:

local_query_filter = (&(mailacceptinggeneralid=%s)(|(!(maildrop="*|*"(maildrop="*:*"(maildrop="*/*")(owner=cn=root, dc=your, dc=com)))

So that if the object had a program as its maildrop and weren't owned
by "cn=root" it wouldn't be returned as a valid local user. This will
require some thought on your part to implement safely, considering the
ramifications of this type of delivery. You may decide it's not worth
the bother to allow any of that nonsense in LDAP lookups, ban it in
the query_filter, and keep things like majordomo lists in local alias
databases.

- LDAP lookups are slower than local DB or DBM lookups. For most sites
they won't be a bottleneck, but it's a good idea to know how to tune
your directory service.

FEEDBACK
========

If you have questions, send them to postfix-users@postfix.org. Please
include relevant information about your Postfix setup: LDAP-related
output from postconf, which LDAP libraries you built with, and which
directory server you're using. If your question involves your directory
contents, please include the applicable bits of some directory entries.

CREDITS
=======

Manuel Guesdon: Spotted a bug with the ldapsource_timeout attribute.
John Hensley: Multiple LDAP sources with more configurable attributes.
Carsten Hoeger: Search scope handling.
LaMont Jones: Domain restriction, URL and DN searches, multiple result
attributes.
Mike Mattice: Alias dereferencing control.
Hery Rakotoarisoa: Patches for LDAPv3 updating.
Prabhat K Singh: Wrote the initial Postfix LDAP lookups and connection caching.
Keith Stevenson: RFC 2254 escaping in queries.
Samuel Tardieu: Noticed that searches could include wildcards, prompting
the work on RFC 2254 escaping in queries. Spotted a bug
in binding.
Sami Haahtinen: Referral chasing and v3 support.

And of course Wietse.



关于LDAP的补充

--------------------------------------------------------------------------------


LDAP就是 light DAP, 轻量级目录访问协议, 可以想象 还有一个DAP,
70年代诞生的DAP协议基于 X.400目录访问协议。主要用于 大型主机,因为有大量不常用的功能而且这些不用的功能消耗了过多的系统资源,虽然极强大,但是应用不广, 所以出现了LDAP.

这是一个开放的协议, 具体的实现有 Netscape LDAP, Novell NDS, MS AD等等,这3个是使用最广,影响最大的。
Netscape LDAP server主要使用在unix或类unix系统上, MS AD自然只能在windows上, NDS是唯一一个跨平台的产品。注意: LDAP本身是平台无关的。

工作原因,比较熟悉NDS, AD最熟。我个人最喜欢NDS,AD当然最简单,但是最不稳定,最乱,而且比较耗资源。

楼主说的类似数据库,完全正确,因为它原本就是数据库,只是不是关系型的数据库,它是链式数据库,详细细节可以找本数据库原理,很详细的。

和关系数据库一样, LDAP内能够定义哪些对象,每个对象可以有什么属性,每个属性可以取什么样的值,这样一个框架结构被称为Schema,它是类,对象,属性的集合。类又分为抽象类(只能做父类,不能实例化)和结构类(可以实例化),编程的朋友会发现和面向对象的编程的概念完全一样。

举例: LDAP内必须先有user类, 然后用user类创建user对象(一般缺省有的),我们才能创建具体的用户账号(实例化), schema中user对象被指定了有哪些属性,我们创建账号的时候才能给账号哪些属性,例如 schema中user对象没有别名属性,我们就不能给账号起别名。

Schema的扩展:
缺省的schema一般预先创建有足够的类,对象和属性,例如 MS 的AD 缺省有 170个类和833个对象和属性。但是如果不能满足需要的话,我们就可以扩展Schema, 一般是使用 LDAP API, 例如 MS的 ADSI, NDS有专门的工具,当然也可以直接使用LDAP查询语言,来直接操作整个LDAP目录树。




原文地址 http://www.chinaunix.net 
分享到:
评论

相关推荐

    LDAP学习笔记相关资料

    LDAP学习笔记 LDAP,全称为轻量级目录访问协议,是一种用于访问和管理分布式目录服务的网络协议。它源于X.500标准,但在设计上更为轻便且可定制,支持TCP/IP通信,这对于互联网访问至关重要。目录服务主要用于快速...

    Ldap学习手册pdf版

    根据提供的文件信息,我们可以从这份名为“Ldap学习手册pdf版”的文档中提炼出与LDAP相关的知识点。以下是对这些知识点的详细阐述: ### LDAP基础知识 #### 1. LDAP简介 - **LDAP**(Lightweight Directory Access ...

    关于ldap学习资料,感兴趣的看看,ldap5.2管理手册.pdf

    ### LDAP学习资料与Sun Java System Directory Server 5.2管理手册解析 #### 一、LDAP基础知识 LDAP(Lightweight Directory Access Protocol),即轻量级目录访问协议,是一种应用层协议,用于访问和维护分布式...

    LDAP学习资料

    **LDAP学习资料** LDAP(Lightweight Directory Access Protocol)是一种轻量级目录访问协议,用于存储和检索分布式目录信息。在IT行业中,LDAP被广泛应用于身份验证、授权和信息管理,尤其是在大型企业网络环境中...

    LDAP技术,LDAP学习大全

    LDAP技术资源包括了各种文档、工具和社区论坛,这些资源对于学习和掌握LDAP技术非常有帮助。 以上总结了关于LDAP技术的基本概念、原理、工具、访问技术和实际应用等方面的知识点。通过这些内容的学习,读者可以更...

    很好的LDAP学习资料

    在开始学习LDAP之前,我们需要了解它的基本构成和工作原理。LDAP目录服务是基于树形结构的,其中每个节点代表一个对象,如用户、组、计算机、打印机等。这些对象都有唯一的标识符,称为DN(Distinguished Name),并...

    ldap 学习指南

    ldap 学习指南,60大洋买的,学习下,很不错,希望支持。

    LDAP中文学习手册.pdf

    LDAP,即轻量级目录访问协议,是用于访问和维护分布式目录信息服务的协议。它为X.500目录访问协议的简化版本,尽管它来源于X.500标准,但其设计更加易于在互联网上实现。LDAP适用于那些需要快速访问少量数据的场景,...

    ldap openldap

    **LDAP与OpenLDAP** LDAP(轻量级目录访问协议)是一种开放的标准,用于在互联网上存储和检索目录信息。它允许用户和应用程序通过统一的接口访问分布式目录服务,支持多种认证方式,包括简单的密码、证书等。LDAP...

    ldap学习文档

    【LDAP协议详解】 LDAP(Lightweight Directory Access Protocol)是一种用于访问和管理分布式目录服务的协议。它的设计目标是为了提供高效、轻量级的查询服务,特别适用于需要快速查找和浏览大量信息的情况。目录...

    LDAP中文学习手册

    **LDAP中文学习手册** LDAP(轻量级目录访问协议,Lightweight Directory Access Protocol)是一种用于存储和检索分布式信息目录的标准网络协议。它主要用于管理和查询组织的用户账户、资源和配置信息。LDAP目录...

    LDAP.zip_ldap

    总之,这个“LDAP.zip_ldap”压缩包包含了一个初级的LDAP学习教程,通过图文并茂的方式帮助初学者理解这一重要的身份管理和访问控制协议。配合目录服务、认证与授权的概念,以及服务器实现的介绍,读者可以逐步掌握...

    Ldap学习资料

    学习LDAP比较好的资料

    LDAP中文学习手册.doc

    LDAP 中文学习手册 LDAP(Lightweight Directory Access Protocol)是一种轻量级目录访问协议,用于访问目录服务。它是 X.500 目录访问协议的移植,但是简化了实现方法。 目录服务与关系数据库之间的区别 LDAP 与...

    LDAP详解,初学习者可以看看

    **LDAP详解** LDAP,全称轻量级目录访问协议(Lightweight Directory Access Protocol),是一种用于访问和管理分布式目录...通过深入学习,可以掌握如何在各种环境中有效地利用LDAP来提升组织的管理效率和安全性。

    对LDAP的基本操作(Spring-ldap)+Ext实现显示LDAP的树状结构

    由于这些我也是才入门的时候写的,进行测试等用的,所以比较适合新手,对学习LDAP,extjs会有一定的帮助。 (需要改正的是extjs里那个节点的id要加上前面的id才行,比如ou=mail; 那它的子节点cn=wang的id应该是...

    LdapBrowser282.zip

    - **学习LDIF格式**:LDIF(LDAP Data Interchange Format)是交换和导入导出LDAP数据的标准格式,熟悉它的结构有助于数据管理。 总结,LdapBrowser作为一款强大的LDAP工具,提供了全面的目录管理功能,无论是对...

    java连接和验证ldap文档

    Java 连接和验证 LDAP 文档是一份关于 Java 语言连接和验证 LDAP 服务器的学习文档。LDAP(Lightweight Directory Access Protocol)是一种目录访问协议,用于管理和访问目录服务中的数据。 一、LDAP 概述 LDAP 是...

    ldap-master.zip

    - **API集成**:学习如何使用Java JNDI、Python LDAP库或其他语言的API与LDAP服务器通信。 通过这个"ldap-master.zip"压缩包,你将有机会亲手实践,加深对LDAP的理解,提升你在企业级目录服务领域的技能。无论是...

Global site tag (gtag.js) - Google Analytics