基于LDAP目录服务的研究与应用

详细信息    本馆镜像全文|  推荐本文 |  |   获取CNKI官网全文

作者：朱强 论文级别：硕士 学科专业名称：计算机应用技术 中文关键词：目录 ; 目录服务 ; X.500 ; LDAP ; SASL ; ADSI ; JNDI 英文关键词：Directory ; Directory Sevice ; X.500 ; LDAP ; SASL ; ADSI ; JNDI 学位年度：2002 导师：黄文学 学科代码：081203 学位授予单位：河海大学 论文提交日期：2002-03-01

摘要

不同网络操作系统和不同应用程序分散存储着大量信息，信息无法集中存储在一个中心数据库中，加重了管理员管理和维护的负担，目录服务则通过信息的集中存储解决了现实中面临的管理和维护的困难。本文介绍了目录服务技术的发展历史，并由此引出LDAP作为目录服务访问协议的原因。目录服务访问协议本身在不断发展，通过对LDAPv1、LDAPv2和LDAPv3的比较，体现LDAPv3在保持和以前版本兼容性的同时，具有的分布式特性和可扩展性，以及在安全性上的增强和对国际化的支持。随着LDAPv3的出现以及LDAP API的标准化进程的开始，LDAP的应用开始深入到网络操作系统、电子商务和应用服务器等各个领域。为了在实际中应用和部署LDAP，本文讨论了LDAP应用部署的详细过程，并简要介绍了三种LDAP编程模型LDAP C API、ADSI、JNDI。文章的后面是LDAP应用方案实例：河海大学电子邮件系统。其从一个侧面体现了LDAP和目录服务的应用前景。
Because different network operating systems and applications store their own information in different location, Information can't store in a center database, which make administration and maintenance more difficult. It is directory service that resolved this sort of difficulty by means of information's centralized storage. This paper introduces evolution history of directory service technology, and hereby clarifies why LDAP can be selected as directory service access protocol (DAP). DAP itself is developing continuously. By the comparison of LDAPvl LDAPv2 and LDAPvS, it embodies that LDAPvS keeps compatibility with previous versions, hi the meantime it has its own features such as distribution and extensibility exclusively, and enhancement on security and support of internationalization as well. With the emergence of LDAPvS and the beginning of LDAP API's standardization process, LDAP application have already penetrated into many fields including NOS, e-business and application servers etc. For the purpose o
    f application and deployment of LDAP hi real-life, this paper also describes the entire process of deploying LDAP in detail, and introduces three distinct LDAP programming models: LDAP C API, ADSI and JNDI briefly. The latter part of this paper is one example concerned with LDAP application: Ho Hai University Electronic Mail System. In a sense, it reflects the broad perspective of LDAP and directory service.

引文

[1] . IETF RFC1274 "The COSINE and Internet X. 500 Schema" November 1991
    [2] . IETF RFC1279 "X. 500 and Domains" November 1991
    [3] . IETF RFC1308 "Executive Introduction to Directory Services" March 1992
    [4] . IETF RFC1309 "Technical Overview of Directory Services Using the X. 500 Protocol" March 1992
    [5] . IETF RFC1487 "X. 500 Lightweight Directory Access Protocol"
    [6] . IETF RFC1617 "Naming and Structuring Guidelines for X. 500 Directory Pilots" May 1994
    [7] . IETF RFC1823 "The LDAP Application Program Interface" August 1995
    [8] . IETF RFC2079 "Definition of an X. 500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)" January 1997
    [9] . IETF RFC2218 "A Common Schema for the Internet White Pages Service" October 1997
    [10] . IETF RFC2222 "Simple Authentication and Security Layer (SASL) " October 1997
    [11] . IETF RFC2247 "Using Domains in LDAP/X. 500 Distinguished Names" January 1998
    [12] . IETF RFC2251 "Lightweight Directory Access Protocol (v3) " December 1997
    [13] . IETF RFC2252 "Lightweight Directory Access Protocol (v3) : Attribute Syntax Definitions" December 1997
    [14] . IETF RFC2253 "Lightweight Directory Access Protocol (v3) : UTF-8 String Representation of Distinguished Names" December 1997
    [15] . IETF RFC2254 " The String Representation of LDAP Search Filters" December 1997
    [16] . IETF RFC2255 "The LDAP URL Format" December 1997
    [17] . IETF RFC2256 "A Summary of the X. 500(96) User Schema for use with LDAPv3" December 1997
    [18] . IETF RFC2279 "UTF-8, a transformation format of ISO 10646" January 1998
    [19] . IETF RFC2307 "An Approach for Using LDAP as a Network Information Service" March 1998
    [20] . IETF RFC2377 "Naming Plan for Internet Directory-Enabled Applications" September 1998
    [21] . IETF RFC2596 "Use of Language Codes in LDAP" May 1999
    [22] . IETF RFC2696 "LDAP Control Extension for Simple Paged Results Manipulation" September 1999
    
    
    [23] . IETF RFC2713 "Schema for Representing Java(tm) Objects in an LDAP Directory" October 1999
    [24] . IETF RFC2714 "Schema for Representing CORBA Object References in an LDAP Directory" October 1999
    [25] . IETF RFC2798 "Definition of the inetOrgPerson LDAP Object Class" April 2000
    [26] . IETF RFC2828 "Internet Security Glossary"
    [27] . IETF RFC2829 "Authentication Methods for LDAP" May 2000
    [28] . IETF RFC2830 "Lightweight Directory Access Protocol (v3) : Extension for Transport Layer Security" May 2000
    [29] . IETF RFC2831 "Using Digest Authentication as a SASL Mechanism" May 2000
    [30] . IETF RFC2849 " The LDAP Data Interchange Format (LDIF) Technical Specification" June 2000
    [31] . IETF RFC2891 "LDAP Control Extension for Server Side Sorting of Search Results" August 2000
    [32] . IETF RFC3062 "LDAP Password Modify Extended Operation" February 2001
    [33] . IETF RFC3088 "OpenLDAP Root Service An experimental LDAP referral service" April 2001
    [34] . IETF RFC3112 "LDAP Authentication Password Schema" May 2001
    [35] . Gil Kirkpatrick 著 活动目录编程指南 清华大学出版社
    [36] . Andrew S. Tanenbaum著 Computer Networks 清华大学出版社
    [37] . Richard Sigle "Building a Secure RedHat Apache Server HOWTO" 2000． 2
    [38] . Heinz Johner, Michel Melot, Harri Stranden, Permana Widhiasta "LDAP Implementation Cookbook"
    [39] . Heinz Johner, Michel Melot, Harri Stranden, Permana fidhiasta "Understanding LDAP"
    [40] . The OpenLDAP Project "OpenLDAP 2． 0 Administrator's Guide"
    [41] . Sun Microsystem "iPlanet Directory Server Deployment Guide"
    [42] . Roel van Meer "LDAP Implementation HOWTO"
    [43] . Luiz Ernesto Pinheiro Malere "LDAP Linux HOWTO"
    [44] . Mikey Williams "Programming Microsoft Windows 2000 Unleashed