• Main Menu
  • LDAP (Lightweight Directory Access Protocol)


    LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients. LDAP servers store "directories" which are access by LDAP clients.

    LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.

    LDAP servers store a hierarchical directory of information. In LDAP parlance, a fully-qualified name for a directory entry is called a Distinguished Name. Unlike DNS (Domain Name Service) FQDN's (Fully Qualified Domain Names), LDAP DN's store the most significant data to the right.

    The Four Models of LDAP

    LDAP is defined by four models:

    Model Description
    Information Describes the structure of information stored in an LDAP directory
    Naming Describes how information in an LDAP directory is organized and identified
    Functional Describes what operations can be performed on the information stored in an LDAP directory
    Security Describes how the information in an LDAP directory can be protected from unauthorized access

    LDAP is extensible and can be used to store any type of data. Most interesting is that LDAP is being used as a core technology for most Single Sign On (SSO) implementations.

    Additional Sources of Information on LDAP

    For more information on LDAP, read RFC 3377 – Lightweight Directory Access Protocol (v3): Technical Specification or the IBM Redbook Understanding LDAP.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    Network Security
    174 queries in 0.533 seconds.