数据加载中……

2009年7月21日

LDAP 协议简介

LDAP 协议简介

LDAP (轻量级目录访问协议,Lightweight Directory Access Protocol) 是实现提供被称为目录服务的信息服务。目录服务是一种特殊的数据库系统,其专门针对读取,浏览和搜索操作进行了特定的优化,因此它不同于常见的关系型数据库。目录一般用来包含描述性的,基于属性的信息并支持精细复杂的过滤能力。目录一般不支持通用数据库针对大量更新操作操作需要的复杂的事务管理或回卷策略。而目录服务的更新则一般都非常简单。这种目录可以存储包括个人信息、web 链结、jpeg 图像等各种信息。为了访问存储在目录中的信息,就需要使用运行在 TCP/IP 之上的访问协议 —— LDAP。

LDAP 目录中的信息是是按照树型结构组织,具体信息存储在条目 (entry) 数据结构中。条目相当于关系数据库中表的记录;条目是具有区别名 DN (Distinguished Name)的属性(Attribute),DN 是用来引用条目的,DN 相当于关系数据库表中的关键字(Primary Key)。属性由类型(Type)和一个或多个值(Values)组成,相当于关系数据库中的字段(Field)由字段名和数据类型组成,只是为了方便检索的需要,LDAP 中的 Type 可以有多个 Value,而不是关系数据库中为降低数据的冗余性要求实现的各个域必须是不相关的。LDAP 中条目的组织通常按照地理位置和组织关系进行组织,这样会非常的直观。
图 1. LDAP 信息的树型结构存储

如图 1 所示,LDAP 的信息是以树型结构存储的,在树根一般定义国家 (c=CN) 或域名 (dc=com),在其下则往往定义一个或多个组织 (organization)(o=CSDL) 或组织单元 (organizational units) (ou=Regular)。一个组织单元可能包含诸如正式雇员、合同工类型雇员等信息。

此外,LDAP 支持对条目能够和必须支持哪些属性进行控制,这是有一个特殊的称为对象类别 (objectClass) 的属性来实现的。该属性的值决定了该条目必须遵循的一些规则,其规定了该条目能够及至少应该包含哪些属性。例如: Person 对象类需要支持 sn(surname) 和 cn(common name) 属性,但也可以包含可选的如邮件 (E-mail),电话号码 (Phone) 等属性。dc:一条记录所属区域;ou:一条记录所属组织;cn/uid:一条记录的名字 /ID。

posted @ 2009-07-21 17:33 yellowstone 阅读(1058) | 评论 (0)编辑 收藏
Centralized Logins Using LDAP and RADIUS

refer http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS

 

Sponsors

Introduction

Many centralized database programs have been developed to allow users to log in on multiple computers using a single password. NIS was one of the first, but it doesn't encrypt the password transaction. It also uses the portmapper daemon, which uses an unpredictable range of TCP ports that are difficult for firewalls to track. LDAP (Lightweight Directory Access Protocol) provides an alternative based on the X.500 standard.

The X.500 standard defines how globally referenced directories of people should be structured. X.500 directories are organized under a common root directory in a tree hierarchy with different levels for each category of information, such as country, state, city, organization, organizational unit, and person. Designed to provide a simpler yet robust implementation of X.500, LDAP was originally used as the backbone of Microsoft's Active Directory Service and Novell's Novell Directory Services (NDS) products. LDAP can also interact with other login programs, such as Remote Authentication Dial-in User Service (RADIUS), which the network equipment of many ISPs uses to manage dialup Internet access.

It was later recognized that LDAP had features that could make it a desirable replacement for NIS in some scenarios. For example, it uses a single TCP port (389) for regular communication and another port (636) for encrypted transactions. LDAP also can interact with many login authentication, authorization, and accounting programs external to Linux and UNIX.

This chapter will first show you how to install and use LDAP on Fedora Linux systems, then go on to explain how LDAP interacts with RADIUS.

The LDAP Directory Structure

Like X.500, LDAP directory entries are arranged in a tree structure. Under the root, there are branches that represent countries, organizations, organizational units, and people.

In complicated LDAP deployments, in which you have to exchange information with the LDAP databases of other companies, you may want to get a formal organization number from the Internet Assigned Numbers Authority (IANA) to reduce any data conflicts. In the chapter's example this won't be necessary. Because there will be no data sharing, I'll just make up one.

Scenario

These concepts are easier to explain when working from an example, so imagine the IT department in a small organization called example.com has many Linux servers it needs to administer.

........

posted @ 2009-07-21 11:51 yellowstone 阅读(324) | 评论 (0)编辑 收藏

2009年6月2日

how to install myeclipse plugin (subversion)

插件安装的四种方法(参考了网上的文摘)

1. “帮助”->“软件更新”->“查找并安装”->“搜索要安装的新功能部件”->“新建远程站点”(此种方式用于在线更新)

2. “帮助”->“软件更新”->“查找并安装”->“搜索要安装的新功能部件”->“新建本地站点”(如果插件已经下载到了本地,请不要用第一种方法)

3. 直接拷贝plugins和features两个目录下的内容置于$Eclipse_Home$/对应的plugins和features下面

4. 用link外链接与外部插件关联

最菜的,一般用第一种方法,而大部分生手一般选择第二或者第三种方法,用得习惯的一般选择最后一种方式。此四类方法优劣势对比如下:
        前三种方法都会将插件文件拷贝至相$Eclipse_Home$/对应的plugins和features目录下,从本质上看,没多大区 别,并且插件只能安装和禁用,不能卸载(当然,如果你对插件对应的目录和文件都很熟悉的话,可以通过直接删除拷进去的文件来达到卸载插件的目的),但方法 一和方法二在安装插件的时候很容易出错或者是产生冲突,特别是当你用了Myeclipse插件、中文包的同时,又想安装 HibernateSynchronizer、Jode Compiler(Class反编译工具)、Visual Editor等插件时,及有可能导致 Myeclipse插件和中文包失效。

        所以,如果插件已经下载到了本地,请直接拷贝至$Eclipse_Home$/对应的plugins和features目录下,也就是用方法三,这样能避免冲突。

posted @ 2009-06-02 15:57 yellowstone 阅读(1192) | 评论 (0)编辑 收藏
仅列出标题