You would be MUCH better served visiting Wikipedia, Michael Donnelly's Introduction to LDAP, and Michael DOnnelly's Designing an LDAP Directory Tree which do a MUCH better job introducing and explaining the basics of LDAP. I consider it required reading. Go read each of those links to get a better foundation.

A very basic "briefest of brief" LDAP primer.

My documentation below -- Presented mostly for my own benefit. "To teach something one must first have understanding." My notes below reveal my grasp on the subject matter at hand. I had a difficult time at learning LDAP. Perhaps it will help others if I share the way that I came to an understanding of LDAP

LDAP - is a computer protocol used to mimic the functionality of an old "Rolodex" Information stored in "LDAP" can include names, phone numbers, login account names and passwords, and even network group information.
DIT - is the Directory Information Tree which is the structure of your LDAP directory. Entries on entities such as People, Groups, and Computers can be organized into containers to allow searching for this information in a specific location. This organizes the LDAP database, provides for faster searches and reduces the load on the LDAP service.

Creating your LDAP tree

Designing your LDAP tree.

An entry in an LDAP directory is very similar to DNS in that an LDAP directory record's Distinguished Name (DN for short) is read from the individual entry, backwards through the tree, up to the top level.
File paths use a forward location starting at the highest, topmost(or root) entry as in
/widgets-data/atlanta/sales/spreadsheet-4-jim.odt
but an ldap entry for an entity would be start at the lowest entry and work its way to the root of the LDAP tree as in
"dn=jim,ou=sales,ou=atlanta,dc=widgets,dc=com"
The construction of a LDAP tree is usually determined by the organization of a network.
For instance, Widgets International has Sales and Accounting offices in Atlanta, Paris and Rome. They plan on expanding to New York, Avignon, and Napoli. They have a variety of naming structures which may include a geographical approach such as:
ou=Sales,l=Atlanta,c=US,o=WidgetsInternational
or an approach that uses a base DN derived from the company's DNS domain components
ou=sales,ou=Atlanta,dc=WidgetsInternational,dc=com

{insert additional notes here about designing a tree to span geographical locations or locations based on keeping data local to the users.}


Page last modified by March 22, 2007, at 08:01 AM