Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
S-Lang
Irrational Games
SCORM
Stephen C. Johnson
NBName
Icairns/archive2
Apache Jakarta POI
recommendation
compare webbrowser
Freenet DSL
Who's Online
10 user(s) are online (8 user(s) are browsing encyclopedia)

Members: 0
Guests: 10

more...
browser tip
Unix Befehle
manual of unix befehle
recommendation!
Sponsored
partner

Lightweight Directory Access Protocol

In computer networking, the Lightweight Directory Access Protocol, or LDAP, is a standardized networking protocol designed for querying and modifying directory services.

=Origin and influences=

The IETF designed and specified LDAP as a better way to make use of X.500 directories - having found the original Directory Access Protocol (DAP) too complex for simple Internet clients to use. LDAP defines a relatively simple protocol for updating and searching directories running over Internet protocol suite.

The protocol was authored by Tim Howes of Netscape, Steve Kille of ISODE and Mark Wahl of Critical Angle Inc.

LDAP has influenced subsequent Internet protocols, including later versions of X.500, Directory Services Markup Language (DSML), Service Provisioning Markup Language (SPML) and the Service Location Protocol.

=LDAP directories=

The common term LDAP directory can mislead. No specific type of directory is an LDAP directory . One could reasonably use the term to describe any directory accessible using LDAP and which can identify objects in the directory with X.500 identifiers. Directories such as OpenLDAP and its predecessors from the University of Michigan, though primarily designed as native repositories optimized for access by LDAP rather than as a gateway to X.500 protocols as was provided in ISODE, are nevertheless no more LDAP directories than any other directory accessible by the LDAP protocol.

An LDAP directory entry consists of a collection of attributes and is referenced unambiguously with a name, called a distinguished name (DN). For example, a DN might be the value cn=John Doe,ou=people,dc=wikipedia,dc=org . Each of the entry s attributes are defined as part of an object class and are grouped together into schema; those schemas for representing individual people within organizations are termed white pages schema. Each entry in the database is associated with one or more of these object classes, which define whether an attribute is optional or mandatory, and what type of information it stores. The attribute names are typically mnemonic strings, like cn for common name, or mail for e-mail address. The values depend on the type, and most non-binary values in LDAPv3 use UTF-8 string syntax. For example, a mail attribute might contain the value . A jpegPhoto attribute would contain a photograph in binary JPEG/JFIF format.

LDAP directory entries feature a hierarchical structure that reflects political, geographic, and/or organizational boundaries. In the original X.500 model, entries representing countries appear at the top of the tree; below them come entries representing states or national organizations. Typical LDAP deployments use Domain Name System names for structuring the top levels of the hierarchy. Further below might appear entries representing people, organizational units, printers, documents, or just about anything else...

=Supporting vendors=

LDAP has gained wide support from vendors such as:

  • Apache_Software_Foundation (through Apache Directory Server)
  • Apple_Computer (through Open Directory/OpenLDAP)
  • AT&T
  • Banyan (company)
  • Hewlett-Packard
  • International Business Machines/Lotus Development
  • ISODE (through M-Vault server)
  • Microsoft (through Active Directory)
  • Netscape (now in Sun Microsystems and Red Hat products)
  • Novell (through Novell_eDirectory)
  • OctetString (through VDE server)
  • Oracle Corporation (through Oracle Internet Directory)
  • Radiant Logic (through RadiantOne Virtual Directory Server)
  • Red Hat (through Red Hat Directory Server)
  • Siemens_AG (through DirX server)
  • Silicon Graphics and
  • Sun Microsystems (through the iPlanet and Sun ONE directory servers)
  • Symlabs (through Directory Extender)
    • as well as in open source/free software implementations such as OpenLDAP and Fedora_Directory_Server. Also the Apache_HTTP_Server used as a Proxy (by the module mod_proxy) supports LDAP.

    =RFCs=

    LDAP is defined by a series of Request for comments documents:

  • RFC 1777 - LDAPv2
  • RFC 1778 - LDAPv2 String Representation of Standard Attribute Syntaxes
  • RFC 2254 - String Representation of LDAP Search Filters
  • RFC 1823 - LDAP API (in C)
  • RFC 2247 - Use of Domain Name System domains in distinguished names
  • RFC 2251 - LDAPv3: The specification of the LDAP on-the-wire protocol
  • RFC 2252 - LDAPv3: Attribute Syntax Definitions
  • RFC 2253 - LDAPv3: UTF-8 String Representation of Distinguished Names
  • RFC 2254 - LDAPv3: The String Representation of LDAP Search Filters
  • RFC 2255 - LDAPv3: The LDAP URL Format
  • RFC 2256 - LDAPv3: A Summary of the X.500(96) User Schema for use with LDAPv3
  • RFC 2829 - LDAPv3: Authentication Methods for LDAP
  • RFC 2830 - LDAPv3: Extension for Transport Layer Security
  • RFC 3377 - LDAPv3: Technical Specification
  • RFC 2307 - Using LDAP as a Network Information Service

    • =References=

    =See also=

  • LDAP Data Interchange Format

    • =External links=

    *LDAP Servers
  • [http://directory.fedora.redhat.com Fedora Directory Server]
  • [http://www.redhat.com/software/rha/directory/ Red Hat Directory Server]
  • [http://www.openldap.org OpenLDAP]
  • [http://www.novell.com/products/edirectory/ Novell eDirectory]
  • [http://www.sun.com/software/products/directory_srvr/home_directory.xml Sun Directory Server]
  • IBM SecureWay Directory
  • [http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx Windows Server 2003 Active Directory]
    • *LDAP Software
  • [http://edsadmin.sourceforge.net/ EDS Admin tool]
  • [http://www.softerra.com/products/ldapbrowser.php Freeware Win32 LDAP Client]
  • [http://www.jxplorer.org JXplorer java OSS LDAP Client]
  • GQ (software) ([http://sourceforge.net/projects/gqclient Homepage])
  • Luma (Software) ([http://luma.sourceforge.net/ Homepage])
    • *[http://www.tldp.org/HOWTO/LDAP-HOWTO/ Linux LDAP HOWTO] *[http://www.bind9.net/ldap/ LDAP Articles, Links, Whitepapers] *[http://www.bind9.net/ldap-tools LDAP Software, Tools & Utilities] *[http://www.ietf.org/html.charters/ldapbis-charter.html LDAP (v3) Revision (ldapbis) Working Group] *[http://www.gracion.com/server/whatldap.html What is LDAP ] *[http://twistedmatrix.com/users/tv/ldap-intro/ldap-intro.html Nice Neat Introduction To LDAP with examples ] *[http://www.metaconsultancy.com/whitepapers/ldap.htm Using OpenLDAP - Installing OpenLDAP under Debian GNU/Linux] *[http://www.metaconsultancy.com/whitepapers/ldap-linux.htm LDAP Authentication for Linux - Integrating LDAP into PAM] *[http://forge.novell.com/modules/xfmod/project/showfiles.phpgroup_id=1318 LDAP Libraries for C#]. *[http://www.zytrax.com/books/ldap/ LDAP for Rocket Scientists] *[http://www.perldap.org LDAP implemention for PerLDAP 1.4] *[http://www.freesoftwaremagazine.com/free_issues/issue_03/ldap/ The importance of LDAP] A commentary by Tom Jackiewicz about LDAP *[http://nermus.its.ac.id/show/main.phptrack0=3&track1=0&&howto=central-auth&xml=no HOWTO on LDAP + SASL + KERBEROS Master/Slave Central Authentication] A Complex Howto By Danang Wijanarko