What is LDAP used for?

In this tutorial, we are going to see What is LDAP used for? LDAP (Lightweight Directory Access Protocol) is a standard protocol for managing directories, i.e. accessing databases of information about users on a network via TCP/IP protocols.

The databases are generally related to users, but they are sometimes used for other purposes such as managing users in a company.

The LDAP protocol, developed in 1993 by the University of Michigan, was intended to replace the DAP protocol (used to access the X.500 directory service of the OSI), by integrating it into the TCP/IP suite. From 1995, LDAP became a native directory (standalone LDAP). LDAP is thus a lightened version of the DAP protocol.
 

 
 

What is LDAP used for?

The LDAP protocol defines the method to access data on the server, not the way the information is stored.

Thus LDAP provides the user with methods allowing him to :

• Connect
• Disconnect
• Search for information
• Compare information
• Add entries
• Edit entries
• Delete entries

On the other hand, the LDAP protocol offers encryption (SSL, …) and authentication (SASL) mechanisms to secure access to the information stored in the database.
 

 

Directory Information Tree (DIT)

LDAP presents information as a hierarchical information tree called DIT (Directory Information Tree), in which the information, called entries (or DSE, Directory Service Entry), is represented as branches.

A branch located at the root of branching is called root entry.

Each entry in the LDAP directory corresponds to an abstract or real object (e.g. a person, a material object, parameters, …).

Each entry consists of a set of key/value pairs called attributes.
 

 
 

The attributes of the entries:

Each entry is made up of a set of attributes (key/value pairs) that characterize the object that the entry defines. There are two types of attributes:

• Normal attributes: these are the usual attributes (last name, first name, …) characterizing the object
• Operational attributes: these are attributes that only the server can access in order to manipulate the data in the directory (modification dates, etc.)

An entry is indexed by a distinct name (DN) that uniquely identifies an element in the tree.

A DN is created by taking the name of the element, called the Relative Distinguished Name (RDN, i.e. the path of the entry with respect to one of its parents), and by adding to it the set of names of the parent entries.
The idea is to use a series of key/value pairs to uniquely identify an entry. Here is a series of commonly used keys:

• uid (userid), this is a unique identifier
• cn (common name), this is the name of the person
• givenname, this is the person’s first name
• sn (surname), it is the nickname of the person
• o (organization), this is the company of the person
• u (organizational unit) is the department of the company where the person works
• mail, this is the person’s e-mail address
• …

Thus a Distinguished Name will be something like :

uid=bob99,cn=babilon,givenname=bob-smith

Thus, we call schema the whole of the definitions of objects and attributes that an LDAP server can manage. This allows for example to define if an attribute can have one or more values. On the other hand, an attribute named objectclass allows defining the attributes as being obligatory or optional…
 
Computer Network MCQ – Questions and Answers – Part 1Networking MCQs questions with answers to prepare for exams, tests, and certifications. These questions are taken from a real written exam and some parts are…Read More