• Selected database products overview
  • Selected database products overview
    • Openldap
  • Standardized protocol like HTTP, SMB and others.

  • Glue connecting an organization's applications and services.

    • Backend data for authentication / SSO, PKI, network FS etc.

    • Meta data repository for users, organisational units, network nodes.

  • Read the introductory slides at LDAP as well.

  • Selected database products overview
    • Openldap
      • ➟ Installation
docker run --detach  \ 
  --name openldap \
  -p 389:389 \ 
  --env LDAP_ORGANISATION="Betrayers heaven" \ 
  --env LDAP_TLS=false \
  --env LDAP_DOMAIN="betrayer.com" \
  --env LDAP_ADMIN_PASSWORD="secret" \
  --env LDAP_CONFIG_PASSWORD="secret" \ 
  --volume ~/OpenLdap/Data:/var/lib/ldap \
  --volume ~/OpenLdap/Config:/etc/ldap/slapd.d \
osixia/openldap:1.4.0 
version: '3.7'
  
services:
    openldap:
        image: osixia/openldap:1.4.0
        container_name: openldap
        restart: always
        environment:
            LDAP_ORGANISATION: "Betrayers heaven"
            LDAP_TLS: "false"
            LDAP_DOMAIN: "betrayer.com"
            LDAP_ADMIN_PASSWORD: "secret"
            LDAP_CONFIG_PASSWORD: "secret"
        ports:
            - 389:389
        volumes:
            - ~/OpenLdap/Data:/var/lib/ldap
            - ~/OpenLdap/Config:/etc/ldap/slapd.d
Image layer 1
Image layer 2
Image layer 3
Image layer 4
Image layer 5
Image layer 6
Image layer 7
Image layer 8
Image layer 9
Image layer 10
Image layer 1
Image layer 2
Image layer 3
Image layer 4
Image layer 5
Image layer 6
Image layer 7
Image layer 8
Image layer 9
Image layer 10
Image layer 1
Image layer 2
Image layer 3
Image layer 4
  • Selected database products overview
    • Openldap
      • ➟ Features
  • DIT:Document information tree

  • DN: An entries distinguished name. Unique identifier.

  • RDN: Relative distinguished name. Unique identifier with respect to a given context node.

  • Bind operation: Connect to an LDAP service.

    1. anonymous

    2. authenticated

  • Selected database products overview
    • Openldap
      • ➟ Features
        • ➟ CRUD
dn: uid=smith ,dc=betrayer,dc=com 
changetype: add 
objectClass: inetOrgPerson 
objectClass: organizationalPerson 
objectClass: Person 
objectClass: top 
uid: smith 
cn: Jill Smith 
sn: Smith 

Operation Result
dn: uid=smith,dc=betrayer,dc=com 
changetype: modify 
add: description 
description: New employee 
dn: uid=smith,dc=betrayer,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jill Smith
sn: Smith
uid: smith
description: New employee
Operation Result
dn: uid=smith,dc=betrayer,dc=com 
changetype: modify 
replace: description 
description: Long term employee 

dn: uid=smith,dc=betrayer,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jill Smith
sn: Smith
uid: smith
description: Long term employee
Base state Operation Result
dn: uid=smith,dc=betrayer,dc=com
...
uid: smith
commonName: Jill Smith
surname: Smith
description: Long term employee
dn: uid=smith,dc=...
changetype: modify
delete: description
dn: uid=smith,dc=betrayer,dc=com
...
uid: smith
commonName: Jill Smith
surname: Smith
Operation Result
dn: uid=smith,dc=betrayer,dc=com 
changetype: modify 
add: mail 
mail: smith@company.com 
mail: jsmith@privateaccount.org 
dn: uid=smith,dc=betrayer,dc=com
...
sn: Smith
mail: jsmith@privateaccount.org 
mail: smith@company.com 
Base state Operation
dn: uid=smith,dc=betrayer,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
uid: smith
commonName: Jill Smith
surname: Smith
dn: uid=smith,dc=betrayer,dc=com 
changetype: modify 
add: mail 
mail: smith@company.com 
mail: jsmith@privateaccount.org 
mail: smith@company.com 

ERR_13207_VALUE_ALREADY_EXISTS 
 The value 'smith@company.com' already
 exists in the attribute (mail)
Base state Operation Result
dn: uid=smith,dc=betrayer,dc=com
...
cn: Jill Smith
mail: jsmith@privateaccount.org
mail: smith@company.com
mail: anonymous@keeput.org
dn: uid=smith,dc=...
changetype: modify
delete: mail
mail: smith@company.com
mail: anonymous@keeput.org
dn: uid=smith,dc=betrayer,dc=com
...
cn: Jill Smith
mail: jsmith@privateaccount.org
  • Selected database products overview
    • Openldap
      • ➟ Features
        • ➟ Query
  • Presence: (cn=*)

  • Equality: (uid=xy123)

  • Comparison: (1000 < uidNumber)

  • Substring: (surname=K*)

  • Approximate Match: (sn~=gok)

    (matches Gack, Keck, Kubiac, Goik,Kabbeck, Nguyen Quoc, Gubic , Koc)

  • Selected database products overview
    • Openldap
      • ➟ Features
        • ➟ Schema
  • Single and multivalued attributes

  • Attribute data types

  • Matching rules (Case sensitive / insensitive, string match, numeric)

  • Selected database products overview
    • Openldap
      • ➟ Features
        • ➟ Data access control
access to attrs=matrikelNr
      by dn="uid=goik,ou=userlist,dc=hdm-stuttgart,dc=de" read
      by dn="uid=kuhn,ou=userlist,dc=hdm-stuttgart,dc=de" read
      by self read
      by * none

access to attrs=userPassword,shadowLastChange,passwordClear
      by dn="uid=Administrator,ou=people,ou=MI,ou=domainlist,dc=hdm-stuttgart,dc=de" read
      by anonymous auth
      by * none
  • Selected database products overview
    • Openldap
      • ➟ Features
        • ➟ API support
  • Selected database products overview
    • Openldap
      • ➟ Exercises
  1. Work through the exercises the section called “Browse an existing LDAP Server” and the section called “Populating your DIT.” to the section called “Extending an existing entry”.

    Tip

    When logging in as a non - admin user i.e. using a bind DN like uid=petra,ou=MIB,ou=MI,dc=betrayer,dc=com you will not be able to browse your tree. This action requires a permission setting to be changed in olcDatabase={1}mdb,cn=config of your server's configuration tree. Follow these steps:

    1. Log in to your server's configuration using cn=admin,cn=config as in Figure 790, “Administrator access to your server's configuration”.

    2. Select your database backend node below cn=config.

    3. Replace:

      to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break

      By:

      to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * read
  2. Find your LDAP servers database back end. Install the lmdb-utils package and dump your back end's data.

  3. Create an application reading ldap.hdm-stuttgart.de's data and writing corresponding student entries back to your local LDAP server.

  • Selected database products overview
    • Mongodb
  • Document oriented (hierarchy support).

  • Horizontal scaling (Sharding)

  • Large user community

  • Major programming languages API support.

  • Open Source

  • Selected database products overview
    • Mongodb
      • ➟ Installation
docker run -d \
  --name localMongoDb \
  -e MONGO_INITDB_ROOT_USERNAME=admin \
  -e MONGO_INITDB_ROOT_PASSWORD=secret \
  -e MONGO_INITDB_DATABASE=admin \
  -v ~/Data/Mongo:/data/db \
  -p 27017:27017 \
  mongo:4.4.1 
docker-compose.yml mongo-init.js
version: '3.7'

services:
    mongodb:
        image: mongo:4.4.1
        container_name: mongodb
        restart: always
        environment:
            MONGO_INITDB_ROOT_USERNAME: admin
            MONGO_INITDB_ROOT_PASSWORD: secret
        ports:
            - 27017:27017
        volumes:
            - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
db.createUser(
    {
        user: "explorer",
        pwd: "secret",
        roles: [
            {
                role: "readWrite",
                db: "exploredb"
            }
        ],
        passwordDigestor: "server"
    }
);
docker-compose up --build -d
> mongo -u admin -p secret admin
...
 db.createUser(
...     {
...         user: "explorer",
...         pwd: "secret",
...         roles: [
...             {
...                 role: "readWrite",
...                 db: "exploredb"
...             }
...         ],
...         passwordDigestor: "server"
...     }
... );
Successfully added user: { "user" : "explorer"...
> mongo -u explorer -p secret admin
...
> use exploredb
switched to db exploredb

> db.user.insert(
...     { cname: "Eve Gardener",
...         uid: "gardener",
...         email: "gardener@betrayer.com"
...     }
... )
WriteResult({ "nInserted" : 1 })
> 
> db.user.find()
{ "_id" : ObjectId("5fa1c79d661a55242658f135"), 
  "cname" : "Eve Gardener", "uid" : "gardener", "email" : "gardener@betrayer.com" }
  • View --> Tool Windows --> Database

  • Data Source --> MongoDB

Image layer 1
Image layer 2
Image layer 3
Image layer 4
  • Selected database products overview
    • Mongodb
      • ➟ Features
  • MongoDB Server

    • Database

      • Collection : Similar to tables in SQL.

        • Document: Similar to records in SQL.

> mongo -u explorer -p secret admin

> use exploredb

> db.user.insert(
    { cname: "Eve Gardener",
       uid: "gardener",
       email: "gardener@betrayer.com"
    }
 )
  • Selected database products overview
    • Mongodb
      • ➟ Features
        • ➟ CRUD
Code Result
db.group.insert(
    {
        cname: "All users",
        gid: "users",
    }
)
db.group.find()

[
  {
    "_id": {"$oid": "5fa3035932b87a0c60a6ed1a"},
    "cname": "New users",
    "gid": "users"
  }
]
Code Result
db.group.update(
 {_id: ObjectId(
    "5fa3035932b87a0c60a6ed1a")},
 { $set:

     {
       cname: "New users" ,
       gidNumber: 1000 
     }
 }
)
db.group.find()

[
  {
    "_id": {"$oid": 
     "5fa3035932b87a0c60a6ed1a"},
    cname: "New users" ,
    "gid": "users",
    "gidNumber": 1000 
  }
]
Code Result
db.group.deleteOne( {"_id": ObjectId(
   "5fa3035932b87a0c60a6ed1a")});
[
  {
    "acknowledged": true,
    "deletedCount": 1
  }
]
Code Result
db.group.deleteMany({});
[
  {
    "acknowledged": true,
    "deletedCount": 23
  }
]
Code Result
db.group.update(
    {_id: ObjectId(
    "5fa3035932b87a0c60a6ed1a")},

    { $unset:
            {
                gidNumber: 42 
            }
    }
)
db.group.find()

[
  {
    "_id": {"$oid": 
     "5fa3035932b87a0c60a6ed1a"},
    "cname": "My users",
    "gid": "users"
  }
]
  • Selected database products overview
    • Mongodb
      • ➟ Features
        • ➟ Query
  • Selected database products overview
    • Mongodb
      • ➟ Features
        • ➟ Schema
db.runCommand( {
  collMod: "group",
  validator: { $jsonSchema: {
     bsonType: "object",
     required: [ "cname", "gid" ],
        properties: {
          cname: {
              bsonType: "string",
              description: 
              "A group's common name"
          },                
          gid: {
             bsonType: "string",
             description: 
             "A group's short name"
          }
       }
     } 
  },
  validationLevel: "moderate"
})
db.group.insert(
 {
   cname: "Extra users"
 }          
... Bulk write operation error on server localhost:27017. 
Write errors: [BulkWriteError{index=0, code=121,
    message='Document failed validation', details={}}].

See BSON Types for reference.

db.group.createIndex({ 
   "cname": 1
  },
  {
      unique: true
})

db.group.insert({cname: "Extra users",
  ...
  }
)
com.mongodb.MongoBulkWriteException:
Bulk write operation error on server localhost:27017.
Write errors: [BulkWriteError{index=0, code=11000, 
message='E11000 duplicate key error collection: 
exploredb.group index: cname_1 dup key: 
  { cname: "Extra users" }', details={}}].
  • No way to enforce referential integrity rules.

  • Selected database products overview
    • Mongodb
      • ➟ Features
        • ➟ Data access control
  • Selected database products overview
    • Mongodb
      • ➟ Features
        • ➟ API support
  • Selected database products overview
    • Mongodb
      • ➟ High performance sharding cluster
  • Problem: Large datasets / high throughput

  • Two alternatives:

    • Vertical scaling: RAM, cpu,...

    • Horizontal scaling: Load distribution by multiple nodes.

See sharded-cluster for details.

  • Selected database products overview
    • Mongodb
      • ➟ Exercises