The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services that act in accordance with X.500 data and service models.
LDAP Schemas define the type of objects that can be stored in the directory. Schemas also list the attributes of each object type and whether these attributes are required or optional.
Though each server can define its own schema, for interoperability, it is expected that many common schema will be standardized (refer to RFC 2252, Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions, and RFC 2256, A Summary of the X.500(96) User Schema for use with LDAPv3).
There are times when new schema elements will be needed at a particular server or within an organization for applications. In a heterogeneous LDAP environment where multiple LDAP vendors such as IBM Tivoli® Directory Server, Sun One Directory Server and Microsoft® Active Directory exist, schema extension becomes a challenging task.
With the LDAP schema extension, the migration of directory server user data from one LDAP server to another becomes tricky and a manual task. Thus enterprise applications become tightly coupled with the LDAP server where the schema has been expanded.
The LDAP Schema Manager tool proposes a solution to the schema expansion and makes user data migration from one LDAP server to another possible even in a heterogeneous LDAP environment.
The LDAP Schema Manager provides a unique centralized view of the entire enterprise schema in a heterogeneous LDAP environment. With the tool, enterprise architects and administrators can expand user schema independent of the LDAP vendor. User applications can work seamlessly with the help of the LDAP Schema Manager tool's attribute-import functionality across independent and heterogeneous directory servers.
- The LDAP Schema Manager provides a centralized view of the schema, which can be further analyzed to identify the common and different schema elements.
- The tool has the provision to add new attributes to a Directory Server schema.
- The tool has the provision to compare and identify additional attributes among two LDAP Directories.
- The tool provides an option to import additional attributes identified during the schema comparison.
- The tool provides a graphical representation related to the schema elements.
LDAP Schema Manager tool utilization
The LDAP schema structure contains schema bindings that in turn contain attributes, object classes and so on. If these are to be extended over a command line interface (CLI), it is a painful task, but this tool provides an easy approach to extending and expanding the schema over the two servers. Now the LDAP servers can be used for other purposes to meet the requirement of the organization.
Overview of the tool
The overview of the tool explains how this tool is to be used. The Figure 1 will give more clarity on using the tool.
Figure 1: LDAP Schema Manager home panel and blocks explained
The main screen includes six blocks. Each of these blocks has a special role in the functioning of the tool.
1.1 Configuring the servers
To configure the server, you have to connect to the server to enter the server details. Click Tool Bar -> Config as shown in Figure 2.
Figure 2: Tool bar with two buttons.
A new dialog opens. Enter all the information and click Save configuration, which tests the connection and returns results if the connection was made successfully. If the connection cannot be established, the reason can be network problems or incorrect credentials.
Figure 3: Configuration dialog to connect to the server
After you have saved the configuration details successfully, users can explore, expand or extend the schema.
The unbind option provides a facility to disconnect from the LDAP servers.
1.2 Exploring the schema attributes
The home panel provides you the utility to browse the schema and explore the attribute details and other schema binding details. Select a server tab to get schema details, which would yield all the schema binding details. Select an attribute to get information about the attribute definition. The following panels provide better clarity.
Figure 4: Schema Explore tab that provides details about the attributes
1.3 Adding attributes from server1 to server2
Adding attributes from one server to the other server using the LDAP Schema Manager is simple. Select a server and click Get Attributes, which yields all the attributes that are common, cannot be added and can be added. The common attributes are displayed in green color. The attributes which cannot be added are displayed in red color and the attributes which can be added are displayed in blue color.
Select the attribute and click Add to extend the attribute to other server.
Figure 5: Server schema tab displaying attributes in common, which can be added and which cannot be added
1.4 Analysis with LDAP Schema Manager
With the help of LDAP Schema Manager, it is simple to make analysis about the server details. The LDAP Schema Manager is embedded with a statistical information panel and a pie chart panel that gives precise information about the server attribute. Like the percentage of attributes in common and other miscellaneous attributes. Figure 6 adds more clarity.
Figure 6: Statistical Information panel giving information about the attribute details in common
Figure 7: Pie chart giving information about attribute common and difference attributes between the two servers
1.5 Adding new attribute
A new schema attribute also can be defined with LDAP Schema Manager by providing required information. Click Tool Bar> New attribute. A new window opens as shown in Figure 8 to add attributes.
Figure 8: Adding new schema attributes to the LDAP server.
You can download the LDAP Schema Manager from the "LDAP schema manager download" file. The tool can be installed on the Microsoft® Windows® and Linux® operating systems.
The tool can be installed on Windows by running the batch file LDAPManager.bat. On the Linux platform, run the LDAP.sh script file.
|LDAP Schema manager Tool download||LDAP_SchemaManager.zip||8.5 MB|
- "Understanding LDAP - Design and Implementation " provides detailed description about LDAP.
- "IBM Tivoli Directory Server information center:" provides more information about LDAP features in IBM Directory Server.
- In the XML area on developerWorks, get the resources you need to advance your XML skills, including DTDs, schemas, and XSLT.
- Stay current with developerWorks technical events and webcasts focused on a variety of IBM products and IT industry topics.
- Attend a free developerWorks Live! briefing to get up-to-speed quickly on IBM products and tools as well as IT industry trends.
- Follow developerWorks on Twitter.
- Watch developerWorks on-demand demos ranging from product installation and setup demos for beginners, to advanced functionality for experienced developers.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement Service Oriented Architecture efficiently.
- Participate in the discussion forum.
- Get involved in the My developerWorks community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.