Introduction to DSML Gateway
2 Red Hat Directory Server DSML Gateway • February 2005
DSML version 2.0, the basis for Directory Server’s DSML Gateway, allows directory
contents to be accessed, modified, and controlled through XML (eXtensible Markup
Language), a more flexible language than HTML that allows customized markup
languages to be created for different uses.
As a Web services protocol, DSML closely mirrors Lightweight Directory Access
Protocol (LDAP). DSML is designed to allow arbitrary Web services clients to access
directory services using the client's native protocols (
http://soap), which allows
content stored in a directory service to be easily accessed by standard Web service
applications and development tools. DSML is useful in Web applications because it can
access directories when a firewall would normally screen out an LDAP request.
Simple Object Access Protocol (SOAP) is an XML-based protocol used in combination
with Hypertext Transfer Protocol (HTTP) to access information in a distributed database.
DSMLv2 uses SOAP to bind to a Directory Server over the Web in such a way that LDAP
directories, such as Directory Server, can be faithfully rendered in XML.
DSML Authentication Mapping
The DSML authentication mechanism is native to http://soap, but the gateway
interacts cleanly with LDAP. Client credentials presented via
HTTP Client
Authentication
or SSL connections are mapped to a distinguished name (DN) and
then proceed as if an LDAP client had bound with that DN.
The gateway mapping is implemented essentially as follows:
1. The client's authentication credentials are obtained from the servlet container
(username/password from
http://soap or client certification DN from SSL).
2. A mapping function is applied to yield a target DN in the host Directory Server's
directory information tree.
3. The gateway attempts to verify the presented credentials by binding as the mapped
DN against the host Directory Server.
4. If the gateway binds successfully, the session is marked as “authenticated.”
5. For authenticated sessions, LDAP proxy authorization controls are sent with every
operation to the Directory Server. This ensures that operations are done in the security
context of the presented credentials (as mapped).
(148 paginas)
(42 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales