DSML (Directory Services Markup Language) is an XML dialect for directory information. A directory is a hierarchically-organised data store - in other words, a tree of data nodes. For example, a company may have organisational units, each unit will have employees, and each employee will have a name and an email address. Such hierarchically-organised data does not fit well in a database, but is much more suited to a directory.

There is a common standard for directory access in LDAP (Lightweight Directory Access Protocol), version 3 of which is defined in RFC 2251. This allows clients to connect to any directory to read information. There is also a common interchange format, called LDIF (LDAP Data Interchange Format) defined in RFC 2849. However, with the new generation of web applications being XML-aware, an XML dialect for directory information was thought necessary. Hence DSML. DSML allows the new generation of XML-aware applications to use directory information.

Here is some sample DSML:

<dsml xmlns:dsml="http://www.dsml.org/DSML">
  <directory-schema>
    <class id="..." ...>
    ...
    </class>
    <attribute-type id="..." ...>
    ...
    </attribute-type>
  </directory-schema>
  <directory-entries>
    <entry dn="...">
        <objectclass>...</objectclass>
        <attr name="...">
              <value>...</value>
              ...
        </attr>
        ...
    </entry>
    ...
  </directory-entries>
<dsml>

However, DSML is not an access protocol. In this regard, it is synergistic with LDAP. If there was software that made LDAP requests and output the results as DSML, and read in DSML and executed LDAP write requests, then an LDAP-enabled directory would become DSML-enabled.

The DSML Tools suite is that software.

LDAP2DSML LDAP2DSML has a command-line syntax much like that of the ldapsearch command. It takes all the usual LDAP search options, such as base DN, filter and scope, and returns a stream of DSML. DSML2LDAP DSML2LDAP will take the contents of a DSML file and either adds all the entries to a directory or (and this works best if the DSML file came from that directory) removes all the entries from the directory. It can do this on the basis of DN only, or checking for an exact match to avoid information loss. DSMLDiff For XML data, a standard line-based diff is pretty useless; you will get false differences if the data is rearranged, or there are formatting differences. DSMLDiff does a diff between files A and B on an XML syntactic level, and produces two output files - an “addfile” and a “subfile”. If you take file A, remove all the entries in the subfile and add all the entries in the addfile, the resulting data set will be that of file B.

The addfile also contains comments as to the contents of the subfile, meaning that a human can see all the differences between A and B merely by reading the addfile.

Potential uses of this include shipping updates to a large directory over a low-bandwidth link, or for a human to manually inspect the last week's changes to the directory. DSMLValidate XML does not allow one to specify such things as “an entry may only have the attributes permitted by its objectclass” or other directory-level restrictions. To remedy this, DSMLValidate will check your data at a directory level, and correct it if it is in error (by, for example, removing illegal attributes.)

Le DSML c'est quoi ?

Bien que le protocole LDAP soit normalisé, il est néanmoins nécessaire de disposer de format standardisé pour échanger des données. Il en existe deux principaux.

Le plus ancien est le format LDIF datant des années 1990. Ce format d'échange, défini par l'IETF dans la rfc2849 , permet de représenter le contenu d'un annuaire ainsi que différentes opérations de mise à jour à travers un fichier texte.

Dans celui-ci, les différents enregistrements de l'annuaire se présentent sous la forme d'un ensemble de groupe couple-valeur. L'exemple ci-dessous reprend un extrait d'une entrée d'un annuaire :

dn: uid=bettingers,ou=People,dc=dsmltools,dc=org
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
givenName: Sebastien
title: Mr
uid: bettingers
cn: Bettinger Sébastien
sn: Bettinger
ou: People
mail: seb0uil@...
employeeNumber: 3350006763/1128

A côté de ce format de fichier, il est également possible d'échanger des donnés via l'utilisation de fichier au format DSML (Directory Service Markup Language). Un fichier DSML est une représentation du contenu d'un annuaire avec une syntaxe XML. La version 2 a été standardisée par le consortium OASIS en 2001.

La même entrée que précédemment, présentée au format DSML est alors :

<?xml version="1.0" encoding="UTF-8"?>
<batchResponse xmlns="urn:oasis:names:tc:DSML:2:0:core">
  <searchResponse>
      <searchResultEntry dn="uid=bettingers,ou=People,dc=dsmltools,dc=org">
      <attr name="objectClass">
        <value>person</value>
        <value>organizationalPerson</value>
        <value>inetOrgPerson</value>
        <value>top</value>
        <value>sngcredentialstore</value>
      </attr>
      <attr name="givenName">        <value>Sebastien</value>      </attr>
      <attr name="title">            <value>Mr</value>             </attr>
      <attr name="uid">              <value>bettingers</value>     </attr>
      <attr name="cn">               <value>Sébastien</value>      </attr>
      <attr name="sn">               <value>Bettinger</value>      </attr>
      <attr name="mail">             <value>seb0uil@...</value>    </attr>
      <attr name="ou">               <value>People</value>         </attr>
      <attr name="employeeNumber">   <value>3350006763/1128</value></attr>
    </searchResultEntry>
    <searchResultDone>
      <resultCode code="0"/>
    </searchResultDone>
  </searchResponse>
</batchResponse>
 
about.txt · Last modified: 2010/08/30 20:05 (external edit)
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki