Implementing an LDAP-type database

Question

I'm interested to know what kind of physical structure is used to store LDAP databases like Active Directory.

The database is expressed as a tree structure, where each node has a set of attributes and optional children. A node has a class type which defines which set of attributes apply. I suppose it's analogous to an XML document in that respect.

Attributes number in the hundreds, if not thousands. These attributes aren't necessarily fixed-size either, there's the MultiSz type, for example; and crucially, the attributes and classes are extensible.

I also noticed the database is relational, with two-way referential integrity maintained between the memberOf attribute and Groups, for example.

Obviously you can't store this in an RDBMS - the row-length limit (and need to run ALTER TABLE) means the attribute system doesn't fit, but then how do you structure a database like this on-disk?

Answer 1

LDAP is a protocol that has no specification upon how the data is stored.

A database, should have hierarchical methods. LDAP also needs to be able to do indexes such as value, substring and presence.

Entries, contain attributes which contain values.

There is NO referential integrity provided by LDAP. Some LDAP server implementation may provide a value for memberOf and member, usually a background service of the LDAP server implementation (AD for example) that creates the pseudo value of memberOf. (It is NOT really in the underlying database).

And yes, you can store the data within a relational database. The attribute value(s) could be done as a key relationship to the attribute name on the entry.

As for AD specifically, this may provide a place to start .