LDAP

2/15/2003

LDAP (Lightweight Directory Access Protocol): A software package that provides simple global databases (directories) that are accessible over TCP/IP networks including the Internet. LDAP was originally designed as a simple front end for X.500 Directories. LDAP is used primarily for identifying, managing and controlling access to networked resources. LDAP is a hierarchical structure of 'entries' containing other entries or "attributes". The entries correspond roughly to database tables, the attributes roughly to columns within the tables. LDAP is optimized for reading rather than writing. LDAP is straightforward and flexible. There are predefined entries and attributes. LDAP is extensible in that users are not locked into a set of predefined items and attributes. There is a security model for protecting information. LDAP lacks capabilities like locking of entries for maintenance, multilevel commit and roll-back, and sophisticated SQL like searches. Details are specified in RFC1777.

LDAP supports nine client functions -- add, delete, modify data; bind and unbind for access control; Search; Modify DN (element names) and abandoning an operation. The Linux server implementation of LDAP is slurpd. LDAP clients are available for most OSes.

Return To Index Copyright 1994-2002 by Donald Kenney.