LDAP
History
Protocol
Directory Structure
Operations
LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services
This model of directory access was borrowed from the DIXIE and Directory Assistance Service protocols
X.500 directory services were traditionally accessed via the X.500 Directory Access Protocol
Originally created by Tim Howes of the University of Michigan
LDAPv3
It was renamed with the expansion of the scope of the protocol beyond directory browsing and searching
It was known as Lightweight Directory Browsing Protocol
first published in 1997
added support for extensibility
integrated the Simple Authentication and Security Layer
better aligned the protocol to the 1993 edition of X.500
Modify
Modify DN
Search and Compare
Delete
Bind (authenticate)
Abandon
Add
Unbind
inserts a new entry into the directory-server database
If the distinguished name in the add request already exists in the directory, then the server will not add a duplicate entry
The BIND operation establishes the authentication state for a session
BIND also sets the LDAP protocol version by sending a version number in the form of an integer
To delete an entry, an LDAP client transmits a properly formed delete request to the server
A delete request must contain the distinguished name of the entry to be deleted
used to both search for and read entries
Paraemeters
to request that the LDAP server make changes to existing entries
Attempts to modify entries that do not exist will fail
An update operation is atomic
The server may support renaming of entire directory subtrees
requests that the server abort an operation named by a message ID
A similar Cancel extended operation does send responses
abandons any outstanding operations and closes the connection
Clients can abort a session by simply closing the connection
Request controls may also be attached to the delete request
baseObject
scope
filter
derefAliases
attributes
sizeLimit, timeLimit
typesOnly
A client starts an LDAP session by connecting to an LDAP server
The client then sends an operation request to the server, and the server sends responses in return
The client may request any of the operations
client does not need to wait for a response before sending the next request
the server may send the responses in any order
An entry consists of a set of attributes
An attribute has a name and one or more values
The attributes are defined in a schema
Each entry has a unique identifier
This consists of its Relative Distinguished Name
constructed from some attribute(s) in the entry
A DN may change over the lifetime of the entry
when entries are moved within a tree