This document discusses LDAP (Lightweight Directory Access Protocol) and modeling it using VDM++ (Vienna Development Method). It begins with an introduction to LDAP and its directory information tree (DIT) structure. It then covers modeling the DIT as either a tree or forest in VDM++. The document defines the server structure in VDM++ with types for entries, attributes, and object classes. It presents invariants for the server implementation and describes common LDAP operations like add, delete, modify, search entries, and search attributes.
Scaling API-first – The story of a global engineering organization
LDAP em VDM++
1. LDAP em VDM++
Pedro Pereira Ulisses Costa
M´todos Formais em Engenharia de Software
e
12 de Fevereiro de 2009
Pedro Pereira, Ulisses Costa LDAP em VDM++
2. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
3. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
4. LDAP
LDAP vs DAP - Lightweight porque opera em TCP/IP
LDAP ´ pelo menos uma DIT
e
Uma directoria ´ uma maneira de organizar informa¸˜o
e ca
complexa, tornando f´cil a sua pesquisa.
a
Pedro Pereira, Ulisses Costa LDAP em VDM++
5. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
6. Estrutura da DIT
Fun¸˜o da DIT
ca
Guardar a hierarquia
Composta por entradas
Entradas s˜o instˆncias de ObjectClass
a a
ObjectClass’s podem ter atributos
Atributos relacionam a informa¸˜o
ca
Pedro Pereira, Ulisses Costa LDAP em VDM++
7. Estrutura das entradas
Contˆm uma instˆncia de ObjectClass
e a
Atributos obrigat´rios da ObjectClass
o
Um DN (Distinguished Name))
´
Unico em toda a ´rvore
a
Um RDN (Relative Distinguished Name)
´
Unico entre irm˜os
a
Pedro Pereira, Ulisses Costa LDAP em VDM++
8. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
9. Propriedades do LDAP
Floresta de DIT’s
DN’s s˜o unicos na DIT
a´
Um DN ´: O DN do antecessor e o seu RDN
e
Cada atributo tem pares de (identificador,valor)
Pedro Pereira, Ulisses Costa LDAP em VDM++
10. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
11. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
12. DIT - Tree?
Grafo ac´
ıclico e ligado (uma ra´
ız)
The root of the DIT is a DSA-specific Entry (DSE) and not
part of any naming context
Pedro Pereira, Ulisses Costa LDAP em VDM++
13. DIT - Forest
Grafo ac´
ıclico e n˜o ligado (m´ltiplas ra´
a u ızes)
Pedro Pereira, Ulisses Costa LDAP em VDM++
14. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
15. Servidor Estrutura
class Server
types
public String = seq of char ;
public OName = String ;
public AName = String ;
public Value = String ;
public ObjClass :: must : set of AName
may : set of AName ;
instance variables
-- entradas existentes
private entries : map nat1 to Entry ;
-- hierarquia das entradas
private dit : map nat1 to set of nat1 ;
-- objectos definidos
private def_objs : map OName to ObjClass ;
-- atributos definidos
private def_attrs : set of AName ;
inv ServerINV () ;
Pedro Pereira, Ulisses Costa LDAP em VDM++
16. Servidor Invariantes
The root of the DIT is a DSA-specific Entry (DSE) and not part of any naming
context;
Entries have names: one or more attribute values from the entry form its relative
distinguished name (RDN), which MUST be unique among all its siblings;
The concatenation of the relative distinguished names of the sequence of entries
from a particular entry to an immediate subordinate of the root of the tree
forms that entry’s Distinguished Name (DN), which is unique in the tree;
Each entry MUST have an objectClass attribute which specifies the object
classes of that entry ;
Servers MUST NOT permit clients to add attributes to an entry unless those
attributes are permitted by the object class definitions, the schema controlling
that entry ;
Entries consist of a set of attributes;
An attribute is a type with one or more associated values and is identified by a
short descriptive name (...);
Schema is the collection of attribute type definitions, object class definitions and
other information (...);
Pedro Pereira, Ulisses Costa LDAP em VDM++
17. Servidor Invariantes
public ServerINV : () == > bool
ServerINV () ==
(
return (
-- dit aciclica
( not exists e in set dom dit & e in set Tra nsi tive Clo sur e ( e ) ) and
-- todos os elementos que existem estao na dit
( forall e in set ( dom dit union rng dit ) & e in set dom entries ) and
-- objectos apenas contem atributos definidos
( forall o in set rng def_objs & ( forall a in set ( o . must union o . may
) & a in set def_attrs ) ) and
-- dn unico entre todos os elementos da floresta
( forall e1 , e2 in set rng entries & e1 . GetDN () <> e2 . GetDN () ) and
-- dn do pai contido no do filho
( forall p in set dom dit & ( forall c in set Tr ans itiv eCl osu re ( p ) & (
elems entries ( c ) . GetDN () ) subset ( elems entries ( p ) . GetDN () ) ) )
and
-- rdn unico entre irmaos
( forall p in set dom dit & ( forall c1 , c2 in set dit ( p ) & entries ( c1 ) .
GetRDN () <> entries ( c2 ) . GetRDN () ) ) and
-- rdn faz parte do dn
( forall e in set rng entries & e . GetRDN () in set elems e . GetDN () ) and
-- rdn composto por um atributo
( forall e in set rng entries & e . GetRDN () in set dom e . GetAttrs () ) ) ) ;
Pedro Pereira, Ulisses Costa LDAP em VDM++
18. Sum´rio
a
1 LDAP
O que ´ o LDAP e a DIT
e
Estrutura do LDAP
Propriedades do LDAP
2 VDM
DIT - Tree? & Forest
Servidor
3 Opera¸˜es do Servidor
co
Pedro Pereira, Ulisses Costa LDAP em VDM++
19. Servidor Opera¸oes
c˜
CRUD
Create Read Update Delete
Add Entry
Del Entry
Modify DN
Search Entry
Search Attributes
Pedro Pereira, Ulisses Costa LDAP em VDM++
20. Modify DN
public ModDN : seq of AName * AName == > ()
ModDN ( old_dn , new_rdn ) ==
(
dcl new_dn : seq of AName := [];
dcl pos : nat1 := len old_dn - 1;
dcl e : nat1 := GetID ( old_dn ) ;
for i = 1 to pos do
new_dn := new_dn ^ [ old_dn ( i ) ];
new_dn := new_dn ^ [ new_rdn ];
entries ( e ) . SetDN ( new_dn ) ;
for all c in set Tra nsi tiv eCl osur e ( e ) do
(
new_dn := [];
for i = 1 to ( len entries ( c ) . GetDN () ) do
if i = pos
then new_dn := new_dn ^ [ new_rdn ]
else new_dn := new_dn ^ entries ( c ) . GetDN () ( i ) ;
entries ( c ) . SetDN ( new_dn ) ;
);
)
pre ( exists i in set dom entries & entries ( i ) . GetDN () = old_dn )
post ( exists i in set dom entries & forall c in set Tran sit ive Clo sure ( i ) &
new_rdn in set elems entries ( i ) . GetDN () and new_rdn in set elems entries ( c )
. GetDN () ) ;
Pedro Pereira, Ulisses Costa LDAP em VDM++
21. GetID
public GetID : seq of AName == > nat
GetID ( dn ) ==
(
for all i in set dom entries do
if entries ( i ) . GetDN () = dn
then return i ;
return 0;
)
post ( not exists i in set dom entries & entries ( i ) . GetDN () = dn = > RESULT = 0 )
or
( exists i in set dom entries & entries ( i ) . GetDN () = dn = > RESULT = i ) ;
Pedro Pereira, Ulisses Costa LDAP em VDM++
22. Transitive Closure
public T r ans iti veCl osu re : nat1 == > set of nat1
T r a n s i t i v eCl osu re ( origem ) ==
(
dcl res : set of nat1 := {};
dcl childs : set of nat1 := dit ( origem ) ;
while childs <> {} do
(
for all c in set childs do
(
childs := childs union dit ( c ) ;
res := res union { c };
);
childs := childs res ;
);
return res ;
)
pre origem in set dom entries
post forall e in set RESULT & ( elems entries ( origem ) . GetDN () ) subset ( elems
entries ( e ) . GetDN () ) ;
Pedro Pereira, Ulisses Costa LDAP em VDM++