Introduction to DSML Gateway
2 Netscape Directory Server DSML Gateway • October 2004
DSML version 2.0, the basis for Directory Server’s DSML Gateway, allows
directory contents to be accessed, modified, and controlled through XML
(eXtensible Markup Language), a more flexible language than HTML that allows
customized markup languages to be created for different uses.
As a Web services protocol, DSML closely mirrors Lightweight Directory Access
Protocol (LDAP). DSML is designed to allow arbitrary Web services clients to
access directory services using the client's native protocols (
http://soap), which
allows content stored in a directory service to be easily accessed by standard Web
service applications and development tools. DSML is useful in Web applications
because it can access directories when a firewall would normally screen out an
LDAP request.
Simple Object Access Protocol (SOAP) is an XML-based protocol used in
combination with Hypertext Transfer Protocol (HTTP) to access information in a
distributed database. DSMLv2 uses SOAP to bind to a Directory Server over the
Web in such a way that LDAP directories, such as Directory Server, can be
faithfully rendered in XML.
DSML Authentication Mapping
The DSML authentication mechanism is native to http://soap, but the gateway
interacts cleanly with LDAP. Client credentials presented via
HTTP Client
Authentication
or SSL connections are mapped to a distinguished name (DN)
and then proceed as if an LDAP client had bound with that DN.
The gateway mapping is implemented essentially as follows:
1. The client's authentication credentials are obtained from the servlet container
(username/password from
http://soap or client certification DN from SSL).
2. A mapping function is applied to yield a target DN in the host Directory
Server's directory information tree.
3. The gateway attempts to verify the presented credentials by binding as the
mapped DN against the host Directory Server.
4. If the gateway binds successfully, the session is marked as “authenticated.”
5. For authenticated sessions, LDAP proxy authorization controls are sent with
every operation to the Directory Server. This ensures that operations are done
in the security context of the presented credentials (as mapped).
(112 strony)
(16 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji