From OpenSCADAWiki
Jump to: navigation, search
Constr.png Translation
Module Name Version License Source Languages Platforms Type Author Description
LDAP Directory by LDAP 0.1 GPL2 en,uk,ru,de x86,x86_64,ARM DB Roman Savochenko BD module. Provides support of directories by LDAP.
Sponsored by: Alexander Kolesov, 2017

1 Introduction

Module "LDAP" gives to OpenSCADA support of directories by Lightweight Directory Access Protocol (LDAP). The module is based on the OpenLDAP library on the language "C". Due conceptual difference the directory service from data bases (DB) the module allows you to perform mostly reading and modification entries represented as tables' records in the DB conception.

Directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A common use of LDAP is to provide a central place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users. The protocol provides an interface with directories that follow the 1993 edition of the X.500 model:

  • An entry consists of a set of attributes.
  • An attribute has a name (an attribute type or attribute description) and one or more values (the module is combaining their). The attributes are defined in a schema.
  • Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry's DN. Think of the DN as the full file path and the RDN as its relative filename in its parent folder.

2 Operations over the database

The module provides only opening database (represented in that sort the base DN entry) operation. In terms of the subsystem "DB" of OpenSCADA opening of DB is its registration for further using of it in the system. It also supports the operation of requesting the list of tables in the database.

LDAP database (connection) is addressed in the following format "ldap[s]://{host}[:{port}];bdn[;{adn};{pass}[;{tm}]]". Where:

  • host — hostname of the directory service;
  • port — port, default 389;
  • bdn — base DN, an entry which sub-entries means as tables of the database with RDN attribute "ou" presents;
  • adn — Distinguished Name of the authenticate user, omiting the user and next password will cause to anonymous connection;
  • pass — password of the Distinguished Name of the authenticate user;
  • tm — network and generic timeout in seconds by real number.

3 Operations over the table

The operations of opening and closing of the table (a DN entry into the base DN entry represents in that sort) only are supported. As a table means into the base DN entry only included entries with attribute "ou" presenting (typically for object class "organizationalUnit").

4 Operations over the contents of the table

  • scanning of the records of the table;
  • request the values of these records;
  • setting the values of these records;

API of subsystem "DB" suppose the access to the contents of the table on the value of key(s) fields. Thus, the operation of request of the record implies the preset of key columns of the object TConfig, which will fulfill the request.

Before any value setting the module load current values, compare their and next send changed values only.

The module doesn't differ now types of the attributes of the entries and means all their as strings.

To perform all this operations for nodes of OpenSCADA you need create, load and use the specific schemes of the nodes to the directory server. All known schemes of the nodes OpenSCADA placed to the bottom table:

OpenSCADA node Organizational Unit "ou" value (table name) Structure Scheme, auxiliaries mostly
Users group ou=Security_grp NAME, DESCR, LONGDESCR, USERS OSCADA-grp

5 Access rights

Access rights to the database are defined by the connection user's rights.