中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeLDAP: Lightweighted Directory Access Protocol

LDAP: Lightweighted Directory Access Protocol

Lightweight Directory Access Protocol (LDAP) is designed to provide access to the X.500 Directory while not incurring the resource requirements of the Directory Access Protocol (DAP). LDAP provides access to distributed directory services that act in accordance with X.500 data and service models. These protocol elements are based on those described in the X.500 Directory Access Protocol (DAP). LDAP is specifically targeted at simple management applications and browser applications that provide simple read/write interactive access to the X.500 Directory, and is intended to be a complement to the DAP itself.

Key aspects of LDAP are:

  • The protocol is carried directly over TCP or other transport, bypassing much of the session/presentation overhead of X.500 DAP.
  • Most protocol data elements can be encoded as ordinary strings.
  • Referrals to other servers may be returned.
  • SASL mechanisms may be used with LDAP to provide association security services.
  • Attribute values and Distinguished Names have been internationalized through the use of the ISO 10646 character set.
  • The protocol can be extended to support new operations, and controls may be used to extend existing operations.
  • Schema is published in the directory for use by clients.

The general model adopted by LDAP is one of clients performing protocol operations against servers. In this model, a client transmits a protocol request describing the operation to be performed to a server. The server is then responsible for performing the necessary operation(s) in the directory. Upon completion of the operation(s), the server returns a response containing any results or errors to the requesting client.

Protocol operations are generally independent of one another. Each operation is processed as an atomic action, leaving the directory in a consistent state.

Although servers are required to return responses whenever such responses are defined in the protocol, there is no requirement for synchronous behavior on the part of either clients or servers. Requests and responses for multiple operations generally may be exchanged between a client and server in any order. If required, synchronous behavior may be controlled by client applications.

Protocol Structure

LDAP is described using Abstract Syntax Notation One ([ASN.1]) and is transferred using a subset of ASN.1 Basic Encoding Rules ([BER]). LADP messages are PDUs mapped directly onto the TCP byte stream and use port 389. For the purposes of protocol exchanges, all protocol operations are encapsulated in a common envelope, the LDAPMessage, The function of the LDAPMessage is to provide an envelope containing common fields required in all protocol exchanges. At this time the only common fields are the message ID and the controls.

The LDAPMessage is defined as follows:
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse },
controls [0] Controls OPTIONAL }
MessageID ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --

Related Terms: IP, IPv6, TCP, X.500, DAP, ASN.1

Sponsor Source: LDAP is defined by IETF (http://www.ietf.org).

Reference:
http://www.javvin.com/protocol/rfc4510.pdf: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
http://www.javvin.com/protocol/rfc4511.pdf: Lightweight Directory Access Protocol (LDAP): The Protocol
http://www.javvin.com/protocol/rfc4512.pdf: Lightweight Directory Access Protocol (LDAP): Directory Information Models
http://www.javvin.com/protocol/rfc4513.pdf: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
http://www.javvin.com/protocol/rfc4514.pdf:Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
http://www.javvin.com/protocol/rfc4517.pdf: Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
http://www.javvin.com/protocol/rfc4518.pdf:Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation
http://www.javvin.com/protocol/rfc4519.pdf:Lightweight Directory Access Protocol (LDAP): Schema for User Applications
http://www.javvin.com/protocol/rfc4521.pdf: Considerations for Lightweight Directory Access Protocol (LDAP) Extensions
http://www.javvin.com/protocol/rfc4523.pdf: Lightweight Directory Access Protocol (LDAP)Schema Definitions for X.509 Certificates

‹ IRCP (IRC): Internet Relay Chat ProtocolupMIME: Multipurpose Internet Mail Extensions ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
7 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.