What Is LDAP?
(An excerpt from Understanding
and Deploying LDAP Directory Services)
At its core, LDAP is a standard, extensible directory access protocol—a
common language that LDAP clients and servers use to communicate with
each other. Standardization of the protocol has the benefit that client
and server software from different vendors can interoperate. When you
buy an LDAP-enabled program, you can expect that it will work with any
standards-compatible LDAP server. This has many advantages.
LDAP is a “lightweight” protocol, which means that it is efficient,
straight-forward, and easy to implement, while still being highly functional.
Contrast this with a “heavyweight” protocol, such as the X.500 Directory
Access Protocol (DAP). X.500 DAP uses complex encoding methods and requires
use of the OSI network protocol stack—a networking system that has failed
to gain wide acceptance.
LDAP, on the other hand, uses a simplified set of encoding methods
and runs directly on top of TCP/IP. Every major desktop and server computing
platform currently available (Microsoft Windows, DOS, UNIX, and the Apple
Macintosh) either ships with a TCP/IP implementation or can be easily
equipped with one. OSI networking, on the other hand, is not universally
available, and it is almost always an extra-cost option. LDAP, by virtue
of its light weight, removes significant barriers to implementation and
deployment.
There have been two major revisions of the LDAP protocol. The first
widely available version was LDAP version 2, defined in RFCs 1777
and 1778.
As of this writing, LDAP version 3 is a Proposed Internet Standard, defined
in RFCs 2251
through 2256.
Because it is so new, not all vendors completely support LDAPv3 yet. As
we discuss LDAP, we will focus our discussion on LDAPv3. However, we will
point out new features found only in LDAPv3 so that you can understand
the limitations you will encounter if you are using LDAPv2.
In addition to its role as a network protocol, the LDAP standards
also define four models that guide you in your use of the directory. These
models promote interoperability between directory installations while
still allowing you the flexibility to tailor the directory to your specific
needs. The models borrow con-cepts from X.500, but they generally lack
many of the restrictions that the X.500 models include. The four LDAP
models are as follows:
• The LDAP information model, which defines the kind of data you can
put into the directory.
• The LDAP naming model, which defines how you organize and refer to your
directory data. • The LDAP functional model, which defines how you access
and update the information in your directory.
• The LDAP security model, which defines how information in the directory
can be protected from unauthorized access.
In addition to guiding you in the use of your directory, the LDAP
models guide directory developers when designing and implementing LDAP
server and client software.
There are several LDAP APIs, the oldest of which is for the C programming
language. The C API is supported by several freely available software
development kits (SDKs), including one available in binary and source
code format from Netscape Communications Corporation. In addition to the
C API, Netscape’s freely available Java SDK (also available in binary
and source code formats) supports all LDAPv3 features. Netscape also provides
PerLDAP, a toolkit for the Perl language that allows you to access LDAP
directories.
SunSoft’s JNDI is a proprietary, unified directory access API that
supports access to multiple types of directory services (NIS+, LDAP, and
others). Microsoft offers its own proprietary unified directory access
API, known as Active Directory Services Interface (ADSI).
LDAP also defines the LDAP Data Interchange Format (LDIF), a common,
text-based format for describing directory information. LDIF can describe
a set of directory entries or a set of updates to be applied to a directory.
Directory data can also be exported from one directory and into another
using LDIF. Most of the commonly available command-line utilities also
read and write LDIF.
Click here
for more information on ordering this book or click here
to continue reading on this subject.
Papers:
Vendors:
Organizational Bodies (Get Involved):
Case Studies:
Useful RFCs:
| A Naming Scheme for c=US |
RFC
1255 |
| Universal Resource Identifiers in WWW |
RFC
1630 |
| A Revised Catalog of Available X.500 Implementations |
RFC
1632 |
| Uniform Resource Locators (URL) |
RFC
1738 |
| Lightweight Directory Access Protocol (v2) |
RFC
1777 |
| The String Representation of Standard Attribute Syntaxes
(v2) |
RFC
1778 |
| A String Representation of Distinguished Names |
RFC
1779 |
| The LDAP Application Program Interface |
RFC
1823 |
| Building an X.500 Directory Service in the US |
RFC
1943 |
| An LDAP URL Format |
RFC
1959 |
| A String Representation of LDAP Search Filters |
RFC
1960 |
| Use of an X.500/LDAP directory to support MIXER address
mapping |
RFC
2164 |
| Using Domains in LDAP/X.500 Distinguished Names |
RFC
2247 |
| Lightweight Directory Access Protocol (v3) |
RFC
2251 |
| Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions |
RFC
2252 |
| Lightweight Directory Access Protocol (v3): UTF-8 String
Representation of Distinguished Names |
RFC
2253 |
| The String Representation of LDAP Search Filters |
RFC
2254 |
| The LDAP URL Format |
RFC
2255 |
| A Summary of the X.500(96) User Schema for use with
LDAPv3 |
RFC
2256 |
| An Approach for Using LDAP as a Network Information
Service |
RFC
2307 |
| Definition of the inetOrgPerson LDAP Object Class |
RFC
2798 |
|
|
Useful Resources:
Other useful books from Amazon.com:
|
