LDAP: Lightweight Directory Access Protocol
LDAP, or Lightweight Directory Access Protocol, is a widely used protocol designed for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Here's an overview:
History
- X.500 was the original standard for directory services, developed in the late 1980s. It was quite complex and resource-intensive.
- In the early 1990s, University of Michigan developed LDAP as a simpler alternative to DAP (Directory Access Protocol), which was part of the X.500 suite. LDAP aimed to provide a lightweight, yet functionally rich, directory service protocol.
- The first version of LDAP (v1) was released in 1993. LDAP v2 was released in 1995, and LDAP v3, which is the current standard, was published as an IETF standard in 1997.
Key Features
- Directory Structure: LDAP organizes information in a hierarchical tree-like structure. Each entry in this tree is uniquely identified by a Distinguished Name (DN).
- Query Capability: LDAP supports complex search capabilities allowing clients to query for information using various filters and criteria.
- Security: LDAP v3 introduced support for SSL and TLS for secure communication, along with simple authentication and stronger authentication methods.
- Extensibility: LDAP allows for schema extensions, meaning new object classes and attributes can be added to the directory without altering the core protocol.
Usage and Applications
- User Authentication: LDAP is commonly used for user authentication in network services, allowing single sign-on (SSO) across different applications.
- Directory Services: It's used to store and manage organizational information like employee details, organizational structure, and network resources.
- Email Systems: LDAP is integral to email systems for address book lookups and directory services like Microsoft's Active Directory.
- Access Control: LDAP can be used to manage access control lists (ACLs) for various network resources.
Protocol Details
- Communication: LDAP uses a client-server model where the client sends requests to the server to perform operations like adding, updating, deleting, or searching entries.
- Operations: Key operations include:
- Bind: Authentication
- Search: Querying the directory
- Add/Modify/Delete: Managing directory entries
- Unbind: Terminating the connection
Resources
Related Topics