QUICK INTRODUCTION TO LDAP LDAP provides access to databases with simple structure using well-defined network protocols. Basically, LDAP databases are structured as a hierarchy of records, where each record can have a number of attributes. Attributes can be present, not present, or with multiple values per record. Attributes can be required, optional, or not permitted. LDAP directories have schemas. A schema applies to a record based on its objectClass attribute, which may have multiple values. An object class defines required and optional attributes, and the type of each, which defines the allowed syntax, and the meaning of match operators in searches. The tree structure comes from "distinguished names", normally seen as "dn". Every record has a dn, and the dn's define the hierarchy. A node must not be created until its parent is created. Searches are by matching conditions on sets of attributes. An attribute can be an exact match, less than, greater than, or similar (poorly-defined operator). Wildcards are allowed in match patterns. Conjunction, disjunction, and negation of conditions are supported, along with nonstandard extensions. Most matching is case-insensitive. Searches can be scoped over a single node, nodes one level below a given node, or an entire subtree. LDAP servers can be replicated, and can be distributed so that different subtrees are handled by different servers. Records in LDAP databases can also include aliases, which equate them with other records, somewhat like symlinks in a Unix file system. LDAP provides for user authentication, including SASL, and communications privacy through SSL/TLS. ========== slapd.conf ========== Default will include schema files and indexes. Default will set up a directory and database. Default will set a database type. suffix "dc=volunteermatch,dc=org" rootdn "cn=Manager,dc=volunteermatch,dc=org" rootpw v0lunteer The rootdn specifies the privileged user for this directory, and the rootpw is a simple way to bootstrap up to "real" passwords stored in the directory itself. This can also be a hash as generated by slappasswd. OpenLDAP server configuration files can set up any number of databases. Each database must have a specified suffix, which determines which nodes are to be stored n that database based on the node's dn. ============================ staffdir2ldap (shell script) ============================ #!/bin/sh # # This shell script writes to standard output in LDIF format. # The ldif first makes a top-level node, then an Addressbook node, # then nodes under the address book. # # The dn can be built from any list of attributes you like, but should # be consistent within a dataset, and each record must have a different # dn. The first component of the dn should (must?) be the same as one # of the attribute-value pairs for the node. # mysql --skip-column-names --batch \ -e 'select Email1,LastName,FirstName from Directory order by LastName;' \ impact \ | { IFS=" " cat <