لطفا منتظر باشید ...
•
Table of Contents
•
Index
•
Reviews
•
Reader Reviews
•
Errata
LDAP System Administration
By
Gerald Carter
Publisher
: O''''Reilly
Pub Date
: March 2003
ISBN
: 1-56592-491-6
Pages
: 308
If you want to be a master of your domain, LDAP
System Administration will help you get up and
running quickly regardless of which LDAP version you use.
After reading this book, even with no previous LDAP
experience, you''''ll be able to integrate a directory server
into essential network services such as mail, DNS, HTTP, and
SMB/CIFS.
9.6 Push/Pull Agents for Directory Synchronization
Push/pull agents are
common tools for synchronizing information between directories. In
this case, a single agent manually pulls information from one
directory service and massages the data to make it acceptable for
upload to another directory server. Several directory vendors provide
synchronization agents of this type in the form of
connectors and
drivers. A connector transfers data from one directory to another
(see Figure 9-8) using a common format, often
XML-based, while a driver translates the connector's
data format to something understood by the local directory.
Figure 9-8. Using a connector/driver solution for synchronizing data among different directory services
A partial list of commercial connector/driver offerings includes:
SunOne's
XMLDAP
(http://wwws.sun.com/software/products/directory_srvr/)
Novell's
DirXML (http://www.novell.com/products/edirectory/dirxml/)
The advantage that most commercial connector/driver solutions enjoy
over in-house solutions is an inherent knowledge of when data changes
in the directory. This means that the directory can trigger the
connector upon any relevant change; in most cases, an external agent
can detect a change only by polling the directory.Despite this disadvantage, home-grown tools that act as middlemen
between directory services can be very useful. The next chapter
focuses on how to script directory operations using Perl and the
Net::LDAP module.
9.6.1 The Directory Services Markup Language
The Extensible Markup Language (XML) has been hyped as the next big
thing for several years now. Whether or not it has achieved its
promise is a question I won't get into. LDAP has not
been immune to the XML fever. The Directory Services Markup
Language (DSML) is an XML schema for representing LDAP information
using document fragments. DSML v1.0 could really only be described as
an attempt to replace LDIF. With Version 2.0, however, released in
May of 2002, DSML has grown up and gained some new and interesting
functionality.[4][4] The latest information about DSML can
be found at the OASIS Directory Services Technical
Committee's web page (http://www.oasis-open.org/committees/dsml/).
DSMLv2 is designed to provide methods for representing LDAP queries,
updates, and the responses to these operations in XML. This means
that it would be possible for small, embedded devices to access LDAP
services without relying on an LDAP client library; they only need
the ability to parse XML. Because XML-based standards such as SOAP
will only become more prevalent over time, the Oasis Directory
Service TC has included a description of how to embed DSML requests
and responses into SOAP messages.It's too early to provide concrete examples of how
to use this technology. Version 1.0 is only mildly interesting, and
Version 2.0 of DSML is still in the early adopter phase. DSMLv2 will
probably be accepted by the LDAP marketplace. Sun Microsystems will
include native support for the specification in the next release of
its SunOne Directory Server (Version 5.2). Microsoft is also
developing a DSML development kit; this product is currently
available as a beta release. Novell has also been very active in the
development of DSML. All three companies have members serving on the
DSML technical committee.
