How it Works
Redhat
Loading...
Directory Server DSML
User Manual
10 pgs40.93 Kb0

Redhat Directory Server DSML User Manual

Red Hat Directory Server DSML
Gateway
Directory Server provides a Java gateway application based on Directory Service Markup Language (DSML) version 2.0. The following sections contain background on DSML, information on how to use the DSML gateway with Directory Server and Web servers, and how to configure your DSML gateway:
Introducti on to DSML Gateway
Activating the Gateway
Configuring the DSML Gateway For information on im plementing and configur ing the Default and Director y Express LDAP
gateways that come with Directory Server, refer to the Red Hat Directory Server Gateway Customization Guide.
Introduction to DSML Gateway
Introduction to DSML
DSML Authentication Mapping
Java Implementation
Introduction to DSML
Directory Service Markup Language (DSML) is an open, extensible format that allows directories to exchange information across directory server types. The flexibility of DSML enables clients to interact with customers, partners, and remote locations, regardless of the type of directory service used.
1
Introduction to DSML Gateway
DSML version 2.0, the basis for Directory Server’s DSML Gateway, allows directory contents to be accessed, modified, and controlled through XML (eXtensible Markup Language), a more flexible language than HTML that allows customized markup languages to be created for different uses.
As a Web services protocol, DSML closely mirrors Lightweight Directory Access Protocol (LDAP). DSML is designed to allow arbitrary Web services clients to access directory services using the client's native protocols ( content stored in a directory service to be easily accessed by standard Web service applications and development tools. DSML is useful in Web applications because it can access directories when a firewall would normally screen out an LDAP request.
Simple Object Access Protocol (SOAP) is an XML-based protocol used in combination with Hypertext Transfer Protocol (HTTP) to access information in a distributed database. DSMLv2 uses SOAP to bind to a Directory Server over the Web in such a way that LDAP directories, such as Directory Server, can be faithfully rendered in XML.
DSML Authentication Mapping
The DSML authentication mechanism is native to http://soap, but the gateway interacts cleanly with LDAP. Client credentials presented via
Authentication
then proceed as if an LDAP client had bound with that DN.
http://soap), which allows
HTTP Client
or SSL connections are mapped to a distinguished name (DN) and
The gateway mapping is implemented essentially as follows:
1. The client's authentication credentials are obtained from the servlet container
(username/password from
2. A mapping function is applied to yield a target DN in the host Directory Server's
directory information tree.
3. The gateway attempts to verify the presented credentials by binding as the mapped
DN against the host Directory Server.
4. If the gateway binds successfully, the session is marked as “authenticated.”
5. For authenticated sessions, LDAP proxy authorization controls are sent with every
operation to the Directory Server. Th is ensures that operations are do ne in the security context of the presented credentials (as mapped).
2 Red Hat Directory Server DSML Gateway • February 2005
http://soap or client certification DN from SSL).
DSML Gateway with Directory Server
NOTE Since the bindDN and password for a user in the DSML gateway is the
same bindDN and password used to access the Directory Server, proxy authorization is the same proxy right that is determined by access control rules. This is an extremely powerful right, and there is not way to limit as whom a user with proxy rights may bind. Proxy rights should be limited to privileged users, such as
root.
Java Implementation
The DSML gateway is implemented as a Java application. Imp lementation as a g ateway, as opposed to natively within the Directory Server, offers the following benefits:
Improved throughput since XML-parsing, which is CPU-intensive, can be done on a different CPU than the server uses.
Integration with emerging Web services protocols can be added without affecting Directory Server performance.
The gateway architecture does increase response times slightly in relation to a native Directory Server implementation because each request must be forwarded through the gateway.
Implementation in Java offers the following benefits:
Execution in a wide range of operating system and hardware environments, including those that do not support Directory Server.
Leverage of existing Java Web services implementations.
Deployment within the execution environment of your choice. Installation will be easy even without experience using Java Web services.
DSML Gateway with Directory Server
To use the DSML Gateway application as part of your Directory Server deployment, you must:
1. Ensure prerequisites are met.
Since the DSML gateway natively runs via that uses the gateway must be SOAP compatible.
http://soap, the machine or application
Red Hat Directory Server DSML Gateway 3
Loading...
+ 7 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use