new blog 2.0


0x00. [LPIC-301] Terms and definitions

Before we start, it is a good idea to explain, at least briefly, some of the terms and definitions we need to know while preparing for LPI 301 examination. What you will find below is an extract from LPI 301 Detailed Objectives from the LPI website. I will put some more extensive explanations for the terms below as we go along with the material and also I will most likely modify this post a couple of times in order to extend the information included (or a total lack of information).

LDAP and X.500 concepts
The LPI 301 exam will require from us comprehensive knowledge about LDAP. Let's start with one frequently asked question: What is a "directory" and what's the difference between a directory and a database? In fact a directory is a specialized type of a database. Its main characteristic is that a directory is much more often read from or searched through rather than updated (written to). This allows a directory to specialize and optimize the search process. On the other hand a database can mostly hold an arbitrary data format, whereas a directory consists of objects, which are specialized data units. Classic examples of a directory are a phone book, an internal list of employees with all their personal data, or a book index in a library. Now, make sure you are also familiar with the following terms salad:

Directory service is a software solution which stores and organizes information about network users and resources and helps administrators manage them, e.g. by controlling these users' access to the resources.
Meta-Directory is a concept of a centralized directory containing all sorts of information, starting with personal data, authentication credentials, hardware listings, printer addresses, etc. By employing Metadirectories enterprises possibly save money and improve access control to resources. This article is a good reading if you are looking for more info.
X.500 standard is a set of protocols supporting directory services. It was invented in 1984 by International Telecommunication Union (CCITT). It consists of the following protocols: Directory Access Protocol, Directory System Protocol, Directory Information Shadowing Protocol, Directory Operational Bindings Managment Protocol. It was developed with 7-layer OSI model in mind, although it's possible nowadays to run it on TCP/IP as well.
LDAP stands for Lightweight Directory Access Protocol, because it's the 'lightweight' alternative to X.500 directory services. LDAP is based on the TCP/IP protocol. According to Wikipedia Tim Howes, Steve Kille and Wengyik Yeong started to work on LDAP in 1993. LDAP and X.500 are constructed on Directory Information Tree skeleton.
Directory Information Tree - is the fundamental data skeleton for both the X.500 and LDAP implementations. Like many other data structures in computing world this one is also represented as a tree. An example of such can be found here. LDAP information model in a tree is built of entries.
LDAP Entry - a directory entry that is a collection of attributes and has a unique Distinguished Name (DN)
Distinguished Name - a directory entry name in it's absolute form. DN consist of RDN (Relative Distinguished Names) and the parents entry distinguished name, e.g.
green = RDN (it is distinguished within the organizational unit 'People')
green + cyan = DN (it is uniquely distinguished within the whole directory)
LDAP Attribute - a basic data structue, consisting of two parts, namely a pair of a type and value.
objectClass - is a special attribute that defines how a particular entry should look like, what attributes is it allowed to have and what syntax should be used in them. objectClasses are defined in schema files.
Schema Files are skeleton for LDAP entries. They contain object classes and attributes requirements used by different DNs. Schema files normally reside in the /etc/openldap/schema directory.
White Pages schema is a data model describing the organization of entries in a directory service. The name comes from the white pages in a telephone book which contain information about individuals, as opposed to yellow pages revealing information about companies. The entries are sorted according to individuals location, alphabetical order of their names, etc.

Capacity planning
Pretty Damn Quick (PDQ) is an open source version of performance diagnostics and capacity planing software. It's freely available for download from and CPAN as (PERL::PDQ). The software can predict the programs performance when under heavy load based on mathematical models.

No comments: