Lightweight Directory Access Protocol


Lightweight Directory Access Protocol

(protocol)(LDAP) A protocol for accessing on-linedirectory services.

LDAP was defined by the IETF in order to encourage adoptionof X.500 directories. The Directory Access Protocol (DAP)was seen as too complex for simple internet clients to use.LDAP defines a relatively simple protocol for updating andsearching directories running over TCP/IP.

LDAP is gaining support from vendors such as Netscape,Novell, Sun, HP, IBM/Lotus, SGI, AT&T, andBanyan

An LDAP directory entry is a collection of attributes with aname, called a distinguished name (DN). The DN refers to theentry unambiguously. Each of the entry's attributes has atype and one or more values. The types are typicallymnemonic strings, like "cn" for common name, or "mail" fore-mail address. The values depend on the type. Forexample, a mail attribute might contain the value"donald.duck@disney.com". A jpegPhoto attribute would containa photograph in binary JPEG/JFIF format.

LDAP directory entries are arranged in a hierarchicalstructure that reflects political, geographic, and/ororganisational boundaries. Entries representing countriesappear at the top of the tree. Below them are entriesrepresenting states or national organisations. Below themmight be entries representing people, organisational units,printers, documents, or just about anything else.

RFC 1777, RFC 1778, RFC 1959, RFC 1960, RFC 1823.

LDAP v3.