320 likes | 477 Views
LDAP: LDIF & DSML. Fall 2004 Rev. 2. LDIF. Light-weight Data Interchange Format RFC 2849 Common format to exchange data entry schema. LDIF Limitations. Limited to printable text Binary values MUST be Base64 encoded Too closely tied to LDAP Either new records or changes (not both).
E N D
LDAP: LDIF & DSML Fall 2004 Rev. 2
LDIF • Light-weight Data Interchange Format • RFC 2849 • Common format to exchange data • entry • schema
LDIF Limitations • Limited to printable text • Binary values MUST be Base64 encoded • Too closely tied to LDAP • Either new records or changes (not both)
LDIF Benefits • Manipulate directory information in a text file • Easily change data sets (mass changing of object attributes) • Very simple to learn
LDIF Format <attribute type name> : <value of attribute>
LDIF Format <attribute type name> : <value of attribute> This value is the attribute name in the directory. Examples would be dn, objectClass, phone, sn
LDIF Format <attribute type name> : <value of attribute> This value is the actual value of the attribute. This should be a text string with a few exceptions. Those exceptions usually require the value to be Base64 encoded. The exceptions are NULL, LF, CR, :, < Example of Base64: <xml></xml> would need to be base64 encoded the base64 encoded value would be: PHhtbD48L3htbD4=
LDIF Operations • changetype: • modify • modrdn • add • delete • add • delete • replace
Example version: 1 # Add a new entry dn: cn=Fiona Jensen, ou=Marketing, dc=airius, dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson cn: Fiona Jensen sn: Jensen uid: fiona telephonenumber: +1 408 555 1212 jpegphoto:< file:///usr/local/directory/photos/fiona.jpg # Delete an existing entry dn: cn=Robert Jensen, ou=Marketing, dc=airius, dc=com changetype: delete # Modify an entry's relative distinguished name dn: cn=Paul Jensen, ou=Product Development, dc=airius, dc=com changetype: modrdn newrdn: cn=Paula Jensen deleteoldrdn: 1
# Modify an entry: add an additional value to the postaladdress # attribute, completely delete the description attribute, replace # the telephonenumber attribute with two values, and delete a specific # value from the facsimiletelephonenumber attribute dn: cn=Paula Jensen, ou=Product Development, dc=airius, dc=com changetype: modify add: postaladdress postaladdress: 123 Anystreet $ Sunnyvale, CA $ 94086 - delete: description - replace: telephonenumber telephonenumber: +1 408 555 1234 telephonenumber: +1 408 555 5678 - delete: facsimiletelephonenumber facsimiletelephonenumber: +1 408 555 9876 - # Modify an entry: replace the postaladdress attribute with an empty # set of values (which will cause the attribute to be removed), and # delete the entire description attribute. Note that the first will # always succeed, while the second will only succeed if at least # one value for the description attribute is present. dn: cn=Ingrid Jensen, ou=Product Support, dc=airius, dc=com changetype: modify replace: postaladdress - delete: description -
LDIF Entry Example version: 1 # # Extend user objects # dn: cn=testuser,ou=utah,o=apple changetype: modify add: objectClass objectClass: posixAccount uidNumber: 1010 gidNumber: 20 homeDirectory: /Network/Servers/engserver2.apple.com/ENG2.DATA/USERS/testuser - add: objectClass objectClass: apple-user apple-user-homeurl:: PGhvbWVfZGlyPjx1cmw+YWZwOi8vYmlncmVkLmV4YW1wbGUubmV0L0VORzIuREFUQTwvdXJsPjxwYXRoPlVTRVJTL3Rlc3R1c2VyPC9wYXRoPjwvaG9tZV9kaXI+ # apple-user-homeurl:: <home_dir><url>afp://bigred.example.net/ENG2.DATA</url><path>USERS/testuser</path></home_dir>
LDIF Schema Representation • Similar to the schema files we have made • “dn” is cn=schema • Add or delete object classes or attributes
LDIF Schema Example dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 1.3.6.1.4.1.63.1000.1.1.1.1.15 NAME 'apple-user-authenticationhint' DESC 'password hint' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # User auxiliary object class. # dn: cn=schema changetype: modify add: objectclasses objectclasses: ( 1.3.6.1.4.1.63.1000.1.1.2.1 NAME 'apple-user' SUP top AUXILIARY DESC 'user account' MAY ( apple-user-homeurl $ apple-user-class $ apple-user-homequota $ apple-user-mailattribute $ apple-user-printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-picture $ apple-user-authenticationhint ) )
DSML • Dan Sinema • CNS 4650
Why XML? • Common representation of data • Easy to transfer of data • Easy to manipulate data
DSML v1 • Represent directory entries • Represent schema • Defined in dsml.dtd, dsml.xdr, dsml.xsd • Namespace • http://dsml.org/DSML
DSML Document Types • Type 1 • contains only directory entries • does not reference schema • Type 2 • contains only directory entries • references schema in external doc • Type 3 • contains only directory schema • Type 4 • contains directory entries and schema
DSML Document Format <dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML> ... </dsml:dsml> This may also contain a XML attribute named “complete” The value can either be “true” or “false” true - if the document contains all the schema for the entries in the document false - the schema is referenced in an other document
DSML Entries Elements Object Classes <dsml:directory-entries> <dsml:entry dn=”Distinguished Name”> <dsml:objectclass> <dsml:oc-value> </dsml:oc-value> </dsml:objectclass> <dsml:entry> </dsml:directory-entries> This may also contain a XML attribute named “ref”, this points to the definition of the objectclass
DSML Entries Example Object Classes <dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML> <dsml:directory-entries> <dsml:entry dn=”cn=dsinema, ou=dev, o=company”> <dsml:objectclass> <dsml:oc-value>person</dsml:oc-value> <dsml:oc-value>top</dsml:oc-value> <dsml:oc-value>organizationalPerson</dsml:oc-value> </dsml:objectclass> <dsml:entry> </dsml:directory-entries> </dsml:dsml>
DSML Entries Example Object Classes <dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML> <dsml:directory-entries> <dsml:entry dn=”cn=dsinema, ou=dev, o=company”> <dsml:objectclass> <dsml:oc-value>person</dsml:oc-value> <dsml:oc-value>top</dsml:oc-value> <dsml:oc-value>organizationalPerson</dsml:oc-value> </dsml:objectclass> <dsml:entry> </dsml:directory-entries> </dsml:dsml>
DSML Entries Elements Attributes <dsml:directory-entries> <dsml:entry dn=”Distinguished Name”> <dsml:attr name=”Attribute Name”> <dsml:value> </dsml:value> </dsml:attr> <dsml:entry> </dsml:directory-entries> This may also contain a XML attribute named “ref”, this points to the definition of the objectclass
DSML Entries Example Attributes <dsml:dsml xmlns:dsml=”http://www.dsml.org/DSML> <dsml:directory-entries> <dsml:entry dn=”cn=dsinema, ou=dev, o=company”> <dsml:attr name=”email”> <dsml:value>dsinema@company.com</dsml:value> <dsml:value>dan@company.com</dsml:value> </dsml:attr> <dsml:entry> </dsml:directory-entries> </dsml:dsml>
DSML Entries Example Attributes <dsml:attr name=”certifcate”> <dsml:value encoding=”base64”> XZKiASLiWNDAL92jJ= </dsml:value> </dsml:attr> Binary values must still be encoded. At this point still in Base64, this limitation is because of LDAP. NOTE: that values in LDIF that were not binary that had to be base64 encoded DO NOT need to be encoded (example is a string starting with a : or <)
DSML Entries Elements Schema <dsml:directory-schema> <dsml:class id=”Class Name”> </dsml:class> <dsml:attribute-type> </dsml:attribute-type> </dsml:directory-schema>
DSML Entries Elements Schema - ObjectClass <dsml:directory-schema> <dsml:class id=”Class Name” superior=” ” type=” ”> <dsml:name></dsml:name> <dsml:description></dsml:description> <dsml:object-indentifier></dsml:object-indentifier> <dsml:attribute ref=”” required=””> </dsml:attribute> </dsml:class> </dsml:directory-schema> <dsml:class> can have one more attribute “obsolete” the value is either true or false the default is false
DSML Entries Elements Schema - Attributes <dsml:directory-schema> <dsml:attribute id=”Attr Name”> <dsml:name></dsml:name> <dsml:description></dsml:description> <dsml:object-indentifier></dsml:object-indentifier> <dsml:syntax> </dsml:syntax> <dsml:equality> </dsml:equality> </dsml:attribute> </dsml:directory-schema> <dsml:class> can have a couple more attributes “obsolete”, “single-value”, “user-modification”
Schema Example ObjectClass ( 1.3.6.1.4.1.17946.1.2.1 NAME 'cartoon-character' SUP top STRUCTURAL DESC 'Cartoon character and all his/her attributes' MUST ( cartoon-catchPhrase $ cartoon-homeNetwork ) MAY ( cartoon-biography ) ) Attribute ( 1.3.6.1.4.1.17946.1.1.1 NAME 'cartoon-catchPhrase' DESC 'Each cartoon character MUST have a catch phrase, an example would be D'oh' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ( 1.3.6.1.4.1.17946.1.1.2 NAME 'cartoon-homeNetwork' DESC 'Each cartoon character must have a home network, and example would be Fox Channel, Disney Channel' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) ( 1.3.6.1.4.1.17946.1.1.3 NAME 'cartoon-biography' DESC 'This is a URL that should point to a web page that contains this characters biography' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
DSML Schema <dsml:directory-schema> <dsml:class id="cartoon-character" superior="top" type="structural"> <dsml:name>cartoon-character</dsml:name> <dsml:description>Cartoon character and all his/her attributes</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.2.1</dsml:object-identifier> <dsml:attribute ref="cartoon-catchPhrase" required="true"></dsml:attribute> <dsml:attribute ref="cartoon-homeNetwork" required="true"></dsml:attribute> <dsml:attribute ref="cartoon-biography" required="false"></dsml:attribute> </dsml:class> <dsml:attribute-type id="cartoon-catchPhrase"> <dsml:name>cartoon-catchPhrase</dsml:name> <dsml:description>Each cartoon character MUST have a catch phrase, an example would be D'oh</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.1.1</dsml:object-identifier> <dsml:syntax>1.3.6.1.4.1.1466.115.121.1.15</dsml:syntax> <dsml:equality>2.5.13.2</dsml:equality> </dsml:attribute-type> <dsml:attribute-type id="cartoon-homeNetwork" single-value="true"> <dsml:name>cartoon-homeNetwork</dsml:name> <dsml:description>Each cartoon character must have a home network example Fox Channel</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.1.2</dsml:object-identifier> <dsml:syntax>1.3.6.1.4.1.1466.115.121.1.15</dsml:syntax> <dsml:equality>2.5.13.2</dsml:equality> </dsml:attribute-type> <dsml:attribute-type id="cartoon-biography"> <dsml:name>cartoon-biography</dsml:name> <dsml:description>This is a URL</dsml:description> <dsml:object-identifier>1.3.6.1.4.1.17946.1.1.2</dsml:object-identifier> <dsml:syntax>1.3.6.1.4.1.1466.115.121.1.15</dsml:syntax> <dsml:equality>2.5.13.2</dsml:equality> </dsml:attribute-type> <dsml:directory-schema>