The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services that act in accordance with X.500 data and service models.
LDAP Schemas define the type of objects that can be stored in the directory. Schemas also list the attributes of each object type and whether these attributes are required or optional.
Though each server can define its own schema, for interoperability, it is expected that many common schema will be standardized (refer to RFC 2252, Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions, and RFC 2256, A Summary of the X.500(96) User Schema for use with LDAPv3).
There are times when new schema elements will be needed at a particular server or within an organization for applications. In a heterogeneous LDAP environment where multiple LDAP vendors such as IBM Tivoli® Directory Server, Sun One Directory Server and Microsoft® Active Directory exist, schema extension becomes a challenging task.
With the LDAP schema extension, the migration of directory server user data from one LDAP server to another becomes tricky and a manual task. Thus enterprise applications become tightly coupled with the LDAP server where the schema has been expanded.
The LDAP Schema Manager tool proposes a solution to the schema expansion and makes user data migration from one LDAP server to another possible even in a heterogeneous LDAP environment.
The LDAP Schema Manager provides a unique centralized view of the entire enterprise schema in a heterogeneous LDAP environment. With the tool, enterprise architects and administrators can expand user schema independent of the LDAP vendor. User applications can work seamlessly with the help of the LDAP Schema Manager tool's attribute-import functionality across independent and heterogeneous directory servers.
- The LDAP Schema Manager provides a centralized view of the schema, which can be further analyzed to identify the common and different schema elements.
- The tool has the provision to add new attributes to a Directory Server schema.
- The tool has the provision to compare and identify additional attributes among two LDAP Directories.
- The tool provides an option to import additional attributes identified during the schema comparison.
- The tool provides a graphical representation related to the schema elements.
The LDAP schema structure contains schema bindings that in turn contain attributes, object classes and so on. If these are to be extended over a command line interface (CLI), it is a painful task, but this tool provides an easy approach to extending and expanding the schema over the two servers. Now the LDAP servers can be used for other purposes to meet the requirement of the organization.
The overview of the tool explains how this tool is to be used. The Figure 1 will give more clarity on using the tool.
Figure 1: LDAP Schema Manager home panel and blocks explained
The main screen includes six blocks. Each of these blocks has a special role in the functioning of the tool.
To configure the server, you have to connect to the server to enter the server details. Click Tool Bar -> Config as shown in Figure 2.
Figure 2: Tool bar with two buttons.
A new dialog opens. Enter all the information and click Save configuration, which tests the connection and returns results if the connection was made successfully. If the connection cannot be established, the reason can be network problems or incorrect credentials.
Figure 3: Configuration dialog to connect to the server
After you have saved the configuration details successfully, users can explore, expand or extend the schema.
The unbind option provides a facility to disconnect from the LDAP servers.
The home panel provides you the utility to browse the schema and explore the attribute details and other schema binding details. Select a server tab to get schema details, which would yield all the schema binding details. Select an attribute to get information about the attribute definition. The following panels provide better clarity.
Figure 4: Schema Explore tab that provides details about the attributes
Adding attributes from one server to the other server using the LDAP Schema Manager is simple. Select a server and click Get Attributes, which yields all the attributes that are common, cannot be added and can be added. The common attributes are displayed in green color. The attributes which cannot be added are displayed in red color and the attributes which can be added are displayed in blue color.
Select the attribute and click Add to extend the attribute to other server.
Figure 5: Server schema tab displaying attributes in common, which can be added and which cannot be added
With the help of LDAP Schema Manager, it is simple to make analysis about the server details. The LDAP Schema Manager is embedded with a statistical information panel and a pie chart panel that gives precise information about the server attribute. Like the percentage of attributes in common and other miscellaneous attributes. Figure 6 adds more clarity.
Figure 6: Statistical Information panel giving information about the attribute details in common
Figure 7: Pie chart giving information about attribute common and difference attributes between the two servers
A new schema attribute also can be defined with LDAP Schema Manager by providing required information. Click Tool Bar> New attribute. A new window opens as shown in Figure 8 to add attributes.
Figure 8: Adding new schema attributes to the LDAP server.
You can download the LDAP Schema Manager from the "LDAP schema manager download" file. The tool can be installed on the Microsoft® Windows® and Linux® operating systems.
The tool can be installed on Windows by running the batch file LDAPManager.bat. On the Linux platform, run the LDAP.sh script file.
|LDAP Schema manager Tool download||LDAP_SchemaManager.zip||8.5 MB||HTTP|
- "Understanding LDAP - Design and Implementation " provides detailed description about LDAP.
- "IBM Tivoli Directory Server information center:" provides more information about LDAP features in IBM Directory Server.
- In the XML area on
developerWorks, get the resources you need to advance your XML
skills, including DTDs, schemas, and XSLT.
- Stay current with developerWorks technical events
and webcasts focused on a variety of IBM products and IT industry
- Attend a free developerWorks Live!
briefing to get up-to-speed quickly on IBM products and tools as
well as IT industry trends.
- Follow developerWorks on
- Watch developerWorks on-demand demos
ranging from product installation and setup demos for beginners, to
advanced functionality for experienced developers.
Get products and technologies
Evaluate IBM products in the
way that suits you best: Download a product trial, try a product online,
use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to
implement Service Oriented Architecture efficiently.
- Participate in the discussion forum.
- Get involved in the My developerWorks community.
Connect with other developerWorks users while exploring the
developer-driven blogs, forums, groups, and wikis.
Uma M. Chandolu works as a security development support specialist on AIX. He has a baccalaureate in engineering and more than seven years of IT experience with expertise in security and various subsystems on AIX environments. Chandolu is also an IBM developer Works contributing author. You can reach him at email@example.com.
George M Koikara is a senior programmer in IBM AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1. You can reach him at firstname.lastname@example.org
Sujay S Shinde, works as a development lead on Tivoli Directory Server. He holds a master's degree in Computer Science from BITS Pilani and Pune University and has worked in IBM Identity and Access Management for around 10 years. You can reach him at email@example.com.
Ajay Kini works for AIX development team and holds a master's degree in Computer Applications. You can reach him at firstname.lastname@example.org.