JSI Tip 2718. What is LDAP?

The information in this article applies to:

SUMMARY

To understand Lightweight Directory Access Protocol (LDAP) better, let'sdiscuss X.500 and Directory Access Protocol (DAP).

In X.500, the Directory System Agent (DSA) is the database in whichdirectory information is stored. This database is hierarchical in form,designed to provide fast and efficient search and retrieval.

The Directory User Agent (DUA) provides functionality that can beimplemented in all sorts of user interfaces through dedicated DUA clients,Web server gateways, or e-mail applications.

The Directory Access Protocol (DAP) is a protocol used in X.500 DirectoryServices for controlling communications between the DUA and DSA agents. Theagents represent the user or program and the directory, respectively.

The X.500 Directory Services are application-layer processes. Directoryservices can be used to provide global, unified naming service for allelements in a network, translate between network names and addresses,provide descriptions of objects in a directory, and provide unique namesfor all objects in the Directory. These X.500 objects are hierarchical withdifferent levels for each category of information, such as country, state,and city, organization.

These objects may be files (as in a file system directory listing), networkentities (as in a network naming services such as Novell's NDS), or othertypes of entities.

A lightweight protocol is any of a class of protocols designed for use onhigh-speed internetworks. High-Speed Transport Protocol (HSTP), XpressTransfer Protocol (XTP), and Lightweight Directory Access Protocol (LDAP)are examples.

Lightweight protocols combine routing and transport services in a morestreamlined fashion than do traditional network and transport layerprotocols. This makes it possible to transmit more efficiently over high-speed networks, such as ATM or FDDI, and media, such as fiber-optic cable.

Lightweight protocols use various measures and refinements to streamlineand speed up transmissions, such as using connection-orientedtransmissions, such as (TCP/IP) and a fixed header and trailer size to savethe overhead of transmitting a destination address with each packet.

Lightweight Directory Access Protocol (LDAP) is a subset of the X.500protocol. LDAP clients are, therefore, smaller, faster, and easier toimplement than are X.500 clients. LDAP is vendor-independent and workswith, but does not require, X.500.

Contrary to X.500, LDAP supports TCP/IP, which is necessary for any type ofInternet access. LDAP is an open protocol, and applications are independentof the of server platform hosting the directory.

The Active Directory is not an X.500 directory. Instead, it uses LDAP asthe access protocol and supports the X.500 information model withoutrequiring systems to host the entire X.500 overhead. The result is the highlevel of interoperability required for administering real-world,heterogeneous networks.

The Active Directory supports access via the LDAP protocol from any LDAP-enabled client. LDAP names are less intuitive than Internet names, but thecomplexity of LDAP naming is usually hidden within an application. LDAPnames use the X.500 naming convention called "Attributed Naming."

An LDAP URL names the server holding Active Directory services and theAttributed Name of the object. For example:

LDAP://SomeServer.Myco.Com/CN=jamessmith,OU=Sys,OU=Product,OU=Division,O=myco,C=US

LDAP C API (RFC 1823) is an informational RFC that is the de facto standard in C programming for LDAP applications.

By combining the best of the DNS and X.500 naming standards, LDAP, otherkey protocols and a rich set of APIs, the Active Directory allows a singlepoint of administration for all resources, including: files, peripheraldevices, host connections, databases, Web access, users, arbitrary otherobjects, services, and network resources.