| By a long time development, network storage a great deal information in the different OS and all different application with varied format. An administrator of networks cannot manage the information and resource with expedient advantageous ways in concentrated information storage. The users must get many information and resource from many kinds of application program. So users are difficult to share the same information and cannot bear it. The technique of LDAP make information stored and visited in general formats and manners, it name, describe and specify the area of users and resource in consistent manner. So LDAP can simplify the communication and management; offer simplified search for users to find out the resource or other users; for scanning and managing in all aspect, help the administrators to collect and control the spreading information in their institution. This article discusses each characters of LDAP with the design and development for database of PKI sys'tem and offers a resolve way to store and manage the information for users and certificates which is important for bringing into effect and extend PKI system with characters of simple application, extendable, common. The main work of this article is studying, analyzing the LDAP technique and composing the PKI system.Firstly, this paper study the theory of the PKI and LDAP technology in detail, introduces the architecture and principles of PKI and LDAP, and also compares it with the X.500 directory service, To make a summary of the requirement in PKI system by LDAP based on the LDAP technique, it can afford a theory base for develop PKI system program.Secondly, put forward the LDAP protocol models and data models, and analyze the feasibility of LDAP protocol operation from a point of view of the basic elements operation rules and format. Point out the rules to select themanagement forms of the PKI system. Based on the recommend and copy of LDAP step by step circumstance and avert the performance fall of PKI whole system and the overloaded for details in its management without validating the data in the data-base or affirm of integrality, so shorten the time certification user used and optimize the performance of the whole PKI.At last, through designing the directory tree and make out servers in PKI system with LDAP techniques, realize the interface between PKI users based on LDAP with CA and database of certificate applying JNDI for searches and management of certificate and CRL. |
PDF Full Text Request