--- Begin Message ---
- To: Bhishm Sharma <praan_nath@yahoo.com>
- Subject: Re: LDIF, Schema confused
- From: "Kent L. Nasveschuk" <kent@wareham.k12.ma.us>
- Date: 18 Dec 2003 10:05:51 -0500
- In-reply-to: <20031218133555.13469.qmail@web40502.mail.yahoo.com>
- Organization:
- References: <20031218133555.13469.qmail@web40502.mail.yahoo.com>
Bhishm,
That's correct the LDIF file is similar to using an external file to
load table data for an SQL database. The attribute names are long and
unwieldy. I have found that it is easiest to build LDIF files from shell
scripts, then use ldapadd -xv -f user.ldif -D "cn=admin,xx=xxx,xx=xxx"
-w secretpaswswd
where the user.ldif file contains roughly 28 lines per user
(attribute:value) with the schemas I have.
You can build very large LDIF files with shell scripts for hundreds of
users. When your learning about this stuff, this has the advantage of
letting you load the database quickly and if there is a problem, stop
"slapd" delete the files that were created for the database, make your
changes that affect your users, reload using "ldapadd" and start
"slapd".
Schemas are defined by the LDAP experts and I believe RFCs. To start the
LDAP server with the attributes that you need, you point to the schema
definitions in the slapd.conf configuration file. By SQL database
standards this is inflexible. The "tables" are already defined, however
if everyone follows the standard and I believe most people do, LDAP will
work for many applications. For example:
samba.schema - defines attributes for using LDAP to authenticate (among
other things) clients to SAMBA domains. The attributes:
sambaPrimaryNTPassword
sambaHomePath
sambaHomeDrive
Windows systems understand what these are. If you create your own
attributes, standard applications like Samba will ignore them. You'll
have to write your own code.
These lines in my slapd.conf define attributes im interested in:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
If you look in the samba.schema definition file it describes the
attributes and relationships in LDAP lingo. In my eyes this is the same
as creating tables in SQL, defining the datatypes, constraints, primary
and foreign keys etc.
Good luck..
On Thu, 2003-12-18 at 08:35, Bhishm Sharma wrote:
> Hi,
>
> Thanks a lot,this really helps a lot. You put things
> in a very nice way to be understood easily.
>
> Now the question that appears in my mind and I asked
> earlier as well is like in a DB we have tables for
> that we define a schema. Eg. Username Table contains
> FirstName(String type), Last Name(String
> Type),MemberofGroup(String), Address(String),
> PhoneNumber(Numeric) etc.. Than we assign values to
> them.
>
> How can I achieve this in LDAP i.e. defining schema.
>
> Rearding adding values, what I get so far is that I
> can add values using "LDAPADD". I store the values in
> the LDIF file and tell the LDAPADD command to add it
> under the following entry say organisation
> "organisation dn".
>
> Please let me know if my understanding is wrong
> somewhere.
>
> Thanks and Regards,
> Bhishm
>
>
>
> --- Kent Nasveschuk <kent@wareham.k12.ma.us> wrote:
> > Hello,
> > I'm going to attempt an explanation about LDAP. It
> > has
> > taken me a while to learn about it and I still don't
> > have
> > all the answers.
> >
> > Since I am familiar with relational databases like
> > PostgreSQL, Oracle and MySQL I'll try to make a
> > comparrison
> > between these and LDAP.
> >
> > LDAP uses a backend database similar to SQL using a
> > particular database, MySSQL, PostgreSQL, Oracle,
> > etc.. The
> > backend for LDAP is not widely publicized. There are
> > a
> > number of database types, ldbm, bdb and gdbm that
> > support
> > OpenLDAP.
> >
> > In the relational database world nothing is defined,
> > you
> > create the database, the tables, triggers, functions
> > sequences etc. In LDAP world these are defined
> > through
> > schemas that have standard attributes. I believe
> > that the
> > standards are there to provide interoperability. You
> > can
> > create your own attributes but that would reduce the
> > interoperability of your LDAP server.
> >
> > The LDIF is just a common method get data into the
> > directory, just as SQL insert into table (column,
> > column)
> > values (val1,val2); is used in SQL. If you look at
> > it that
> > way it's just another database with a different
> > method of
> > access.
> >
> > There is very little tuning that you can do with
> > LDAP
> > unlike relational databases that have many options.
> >
> > Does this help any?
> >
> > On Wed, 17 Dec 2003 23:25:23 -0800 (PST)
> > Bhishm Sharma <praan_nath@yahoo.com> wrote:
> > > Hi,
> > >
> > > I am new to openldap so need your help and
> > guidance to
> > > move in the right path.
> > >
> > > I read the documentation and all, but in the end
> > quiet
> > > confused regarding the architecture on which it
> > > stands. I am able to configure and run. May be I
> > > missed proper guidance or may be I have taken
> > wrong
> > > direction so need your help.
> > >
> > > I read about LDIF, but don't understand why we
> > need
> > > it. What is written in documents is that its a
> > format,
> > > but why we use it in ldapadd nothing about it.
> > >
> > > In Quick start guide there is a mention of "bdb"
> > as
> > > datatbase type but on red hat 8.0 it uses "ldbm"
> > and
> > > on mentioning "bdb" it gives error while starting
> > > "Unknown Type".
> > >
> > > How to add entries. For eg. under Organization I
> > want
> > > to add a schema for Group(contains group name and
> > user
> > > info) and Users (first, last name, username,
> > password,
> > > email, phone,memberofgroup) which will be used by
> > all
> > > the entries that I add in the Groups and Users.
> > How to
> > > define that schema. So that using ldapadd I can
> > add
> > > entries.
> > >
> > > It will be great if somebody can provide a quick
> > > guidance to this strifing kid.
> > >
> > > Thanks & Best Regards
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > New Yahoo! Photos - easier uploading and sharing.
> > > http://photos.yahoo.com/
> >
> > Kent L. Nasveschuk
> > Wareham Public Schools
> > kent@wareham.k12.ma.us
> > nasve525@regis.edu
>
>
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
--
Kent L. Nasveschuk <kent@wareham.k12.ma.us>
--- End Message ---