Great Circle Associates Majordomo-Workers
(April 1999) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: A little bit on LDAP and Majordomo2
From: Russ Allbery <rra @ stanford . edu>
Date: 26 Apr 1999 22:10:49 -0700
To: majordomo-workers @ GreatCircle . COM
Cc: Jason L Tibbitts III <tibbs @ math . uh . edu>
In-reply-to: Peter Galbavy's message of "Mon, 26 Apr 1999 09:19:09 +0100"
References: <ufaaevw5kpz.fsf@epithumia.math.uh.edu> <19990426053331.4047.qmail@lindy.softhome.net> <19990426091909.A2643@office.knowledge.com> 
Peter Galbavy <Peter.Galbavy@knowledge.com> writes:

> And then what about LDAP ? (Note: I know very little personally about
> LDAP, with no direct experience except as an occasional public directory
> user).  People keep mentioning it though. It can be thought of as a DB
> backend.

LDAP can most usefully be thought of as a network-accessible hash table,
with a little twist.  Each entry has a bunch of key/value pairs, and the
standard search is for a given value in a given key.  LDAP then returns
all key/value pairs in each "entry" that contains the key/value pair you
searched for.

For example, if I do:

        ldapsearch userid=rra

I get all key/value pairs in every entry that contains the key/value pair
"userid=rra".  I can limit this further if I just want one particular bit
of information, like surname:

windlord:~> ldapsearch userid=rra sn
cn=Richard Russell Allbery, ou=People, o=Stanford University, c=US
sn=Allbery

The first line is the identifier of the whole entry (this particular LDAP
server is still using the old organizational scheme; this has been changed
in our newer server) and the second is the particular attribute (sn,
surname) that I was asking for.

The problem with doing anything with LDAP is that the names of the keys
vary from one site to another.  I believe there's some rudimentary
standardization underway, but it's not gotten very far.  In the meantime,
you have to know the schema that a site is using in order to get anything
useful out of it.

There is a Perl module that lets you do LDAP queries, so you don't have to
use the command line client, at least in theory.  For Majordomo work, I
think what you'd have to do is, for each piece of information you wanted
to get out of LDAP, specify how to search (what key and what value) and
what key contains the value you're looking for.

There are more complicated searches than simple matches allowed, by the
way.  There's wildcard support and some fuzzy matching support and other
stuff.  This is all a simplification of something that I personally find
horribly complicated and very difficult to understand.

-- 
Russ Allbery (rra@stanford.edu)         <URL:http://www.eyrie.org/~eagle/>
References:
Indexed By Date Previous: Re: Which header gives the "user address"?
From: Bob Snyder <rsnyder@toontown.erial.nj.us>
Next: Re: Which header gives the "user address"?
From: John Orthoefer <jco@bbnplanet.com>
Indexed By Thread Previous: Re: mysql db backend (was Re: DB backend to MD?)
From: Jason L Tibbitts III <tibbs@math.uh.edu>
Next: Re: mysql db backend (was Re: DB backend to MD?)
From: Brian Grossman <brian@SoftHome.net>
Google
 
Search Internet Search www.greatcircle.com