17. LDAP Server Structure


Entries of a LDAP server consist of one or more attributes and have unique names, or DNs (DN stands for Distinguished Name). The DN can look somewhat like this: "cn=John Glower,ou=Employee,dc=example,dc=com".

The DN consists of one or more relative distinguished names (RDN), separated by commas. The RDN syntax is "AttributeName=value". There cannot be two entries with the same RDN on one directory level. This structure makes it possible to see the directory as a tree, with entries as branches and entry attributes as leaves. The root branch is the entry all other entries depend upon, while it does not depend on any.

General description of LDAP structure on a Calculate server

The root branch "dc = calculate contains the following entries (or "branches"):


contains the DN and the password for connecting to the LDAP server with full rights.

contains the DN and the password for connecting to the LDAP server with a read permission; there will be no access to some fields, such as userPassword, etc.

contains the branches of the services installed with Calculate 2 utilities.

Thus the branch "ou=Services" contains a set of description branches for the services ou=Unix, ou=Mail, ou=Samba, ou=Ftp and ou=Jabber. Each service branch is a DN, can store the password for connecting to the LDAP server with access to their data and may contain sub-branches: "OU = Users" (for accounts), "OU = groups" (for groups), "OU = computers" (for computers).

Viewing LDAP structure

You can use any LDAP browser to view the structure of your LDAP server.

To connect to the database with full rights you need the LDAP administrator password. It is stored in the /var/lib/calculate/calculate.ldap file on the server. This file is divided in sections, each of which is named after the service it describes. Each section has a DN entry and the password. The Administrator account is located in the [admin] section.

Example: viewing the structure of LDAP with Luma

When you launch Luma, a window is opened, shown below:

To create a connection to the LDAP-based server with full access, do the following steps:
  • choose Settings->Edit Server List or hit Ctrl+E: a window will be opened for managing connections to an LDAP server:

  • press Add and type the connection name in the new window, e.g. proxy@newserver
  • press on the name that has appeared in the list of servers, and you will see the setup branches for the LDAP connection
  • click in the Network options branch and enter the server Hostname in the corresponding setting field
  • go to the Authentification branch and put the Anonymous bind flag off
  • keep Mechanism set to the Simple value
  • set Bind as to DN - "cn=ldapadmin,dc=calculate", and put the contents of the PASS field from /var/lib/calculate/calculate.ldap as Password, then press OK

Select the Browser plugin, and you will see the structure of the LDAP server:

Thank you!