LDAP Searches Provide a Gateway to Company Data
Did you know that LDAP packs a powerful search and query engine? Savvy admins are finding that these are great tools for analyzing company data, networks, and security capabilities from your LDAP directories. In part 1 of our series, we show you how to prepare searches properly.
Thomas Dodge manages the Lightweight Directory Access Protocol (LDAP) directory support for a medium-sized insurance company. Recently, he noticed an increasing number of e-mails and calls from frustrated users complaining about slow access to their software systems.
Since he knows that the LDAP directory is used for application authentication, he quickly discovers that the LDAP searches used in the process are a major cause of the problem. Many of the applications do not provide true LDAP replication, so each user query returns all the business unit records instead of just the specific one that they need to authenticate. How can he balance directory performance while still meeting business requirements?
New graduate Bess Flint was recently hired as an IT administrator for a small Missouri service company that uses an LDAP-based corporate directory. She discovered that LDAP has a powerful query engine that would allow her to prepare a variety of valuable reports, including the number of active employees, who last modified a contractor's record and much more. What she needs now is a way to learn more about using the search tools.
Like Dodge and Flint, many network administrators have discovered LDAP is a more than just a wonderful tool for creating a variety of distributed databases. It is particularly popular as a user authentication utility, because of its flexibility and robust architecture. How many of you are aware that it also has a powerful search and query engine in the package as well? LDAP searches, if properly written, are powerful tools in analyzing your company employees, networks, and security capabilities from your LDAP directories.
This week, we will introduce you to the LDAP search capabilities and teach you to use them to deliver data reports easily and flexibly. First, you will learn the basics of the LDAP search and planning. After that, we will introduce search tips, tricks, and traps. If you do not already have a basic working knowledge of the LDAP Protocol and directory concepts, please read our previous articles on LDAP and Active Directory to orient yourself. It is time to search for that perfect LDAP query!
LDAP Search Overview and Planning
One of the reasons LDAP search is so important is because the protocol does not have a read operation. What that means for you is this is frequently the only way to find the desired information. Planning for a LDAP query is a bit like doing an online search for a library book. You need to have some idea of what you are hunting for. If you do not know what you are looking for, you are unlikely to stumble on anything useful. You need to ask yourself the following questions:
- What data am I expecting from the search? Am I limiting the number of search matches by my criteria properly?
- Which library/database am I searching?
- Which search criteria am I using? Author, Call Number, Subject, Title,
- What are the values for the search criteria? Mark Twain, 623, Business, "Lectures That Have Bored Me: Vol. 1"
Translating this example into planning an LDAP query, some of the things you need to think about include the following:
- What am I expecting to be returned? You may need to test a query of a specific record as a dry run to see what results to expect.
- Will this query take a long time? Maybe it should be run off-hours or be broken down into multiple smaller queries.
- Is another application or person running this query already? If so, maybe you do not need to duplicate the effort.