Thursday, November 23rd, 2017

LDAP – Lightweight Directory Access Protocol

0

LDAP – Lightweight Directory Access Protocol

Lightweight Directory Access Protocol (LDAP) is an Internet protocol that email and other programs use to look up information from a server. LDAP shows a set of objects with attributes organized in a logical and hierarchical manner. In early stage LDAP is known as Lightweight Directory Browsing Protocol. It was renamed with the expansion of the range and scope of the protocol to include beyond directory browsing and searching functions also directory update functions.

fromX500toLDAP

For example: Telephone Directory consist of list of names arranged in an alphabetically manner with each name having an phone number and address associated with it.

Originally the protocol was created by Tim Howes of the University of Michigan, Wengyik Yeong of Performance Systems International, circa 1993 and Steve Kille of Isode Limited. LDAP current version is LDAPv3 specified in a series of Internet Engineering Task Force. Further development has come through the IETF.

Protocol Overview

A client starts an LDAP session by connecting to an LDAP server default on TCP port 389 called a Directory System Agent. The client then sends an operation request to the server, and the server sends response in return.

The client may request the following operations:

  • Start Transport Layer Security (TLS) use the LDAPv3 for a secure connection
  • Bind – authenticate and specify LDAP protocol version
  • Search and retrieve directory entries
  • Compare -test the entry contain a given attribute value in the named entry
  • Add a new entry
  • Delete an entry
  • Modify an entry
  • Modify Distinguished Name – move or rename an entry
  • Abandon – abort a previous request
  • Extended operation – generic operation used to define other operations
  • Unbind – close the connection.

Directory structure

  • A directory is a tree of directory entries
  • An entry consists of a set of attributes
  • An attributes or schema has a name and one or more values.
  • Each entry has a unique identifier.

Representation in LDAP Data Interchange Format, an entry can look like this:

dn: cn=John Doe,dc=example,dc=com

cn: John Doe

givenName: John

sn: Doe

telephoneNumber: +1 888 555 6789

telephoneNumber: +1 888 555 1232

mail: john@example.com

manager: cn=Barbara Doe,dc=example,dc=com

objectClass: inetOrgPerson

objectClass: organizationalPerson

objectClass: person

objectClass: top

LDAP URLs format:

ldap://host:port/DN?attributes?scope?filter?extensions

For example, “ldap://ldap.example.com/cn=John%20Doe,dc=example,dc=com” refers to all user attributes in John Doe’s entry in ldap.example.com, while “ldap:///dc=example,dc=com??sub?(givenName=John)” searches for the entry in the default server.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • RSS
  • Technorati
  • Twitter

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

Secure Linux Web Hosting