LDAP stands for Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service. This video gives you a high level overview of LDAP and some examples of software that utilize LDAP, such as Active Directory.
For more help with technical or help desk related topics, visit us at:
to learn more about Help Desk Premier, please visit us at:
What is LDAP?
LDAP stands for Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service. The primary purpose of a directory service is to provide a systematic set of records, usually organized in a hierarchical structure. It's similar to a telephone directory that contains a list of subscribers with their contact number and address.
Overview of LDAP and Role of a Specialized Server
In order to commence an LDAP session, a client needs to connect to the server known as the Directory System Agent, which is set by default to use TCP port 389. After the connection is established, the client and server exchange packets of data. Basic encoding rules are used to transfer information between the server and client.
Structure of LDAP
Although the structure of LDAP seems relatively complex, it is fairly simple to understand. The basic structure is as follows:
• A set of attributes is contained in any entry.
• Each attribute accommodates one or more values, and has a name.
• Each entry in the directory is assigned a unique identifier that consists of a Relative Distinguished Name.
The server is capable of holding a sub-tree and it's children, beginning from a particular entry. In addition, they may also hold brief references to other remote servers. A client has the option of contacting other servers too.
Operations on LDAP
There are a plethora of operations that can be performed on the Lightweight Directory Access Protocol. Here are some of the most prominent ones:
• Add -- This is used to insert a new entry into the directory-to-server database. If the name entered by a user already exists, the server fails to add a duplicate entry and instead shows an "entryAlreadyExists" message.
• Bind -- On connection with the LDAP server, the default authentication state of the session is anonymous. There are basically two types of LDAP authentication methods - the simple authentication method and the SASL authentication method.
• Delete -- As the name suggests, this operation is used to delete an entry from the directory. In order to do this, the LDAP client has to transmit a perfectly composed delete request to the server.
• Compare and search -- Various parameters such as baseObject, filter, scope, attributes, typesOnly, derefAliasis, timeLimit and sizeLimit are used to perform both search and read operations, in addition to performing comparison functions.
• Modify -- This operation is used by LDAP clients to make a request for making changes to the already existing database. The change to be made must be one of the following operations
1. Add (including a new value).
2. Delete (deleting an already existing value).
3. Replace (Overwriting an existing value with a new one).
• Unbind -- This is the inverse of the bind operation. Unbind aborts any existing operations and terminates the connection, leaving no response in the end.
Real-time applications of LDAP
Email clients such as Microsoft Outlook employ some form of the LDAP database, although LDAP isn't used in its original form. Infospace and ICANN are the most popular search-related services built on the LDAP platform.