You can use Lightweight Directory Access Protocol (LDAP) to access X.500-based directory services. LDAP defines a method to access and update information in a directory.
LDAP defines the communication protocol and content of the messages exchanged between an LDAP client and an LDAP directory server. The messages specify the operations requested by the client, the responses from the server, and the format of the data carried in the messages. An LDAP client can request operations, such as search, add, modify, and delete entires in the LDAP directory. LDAP carries the messages over TCP/IP.
An LDAP directory server is a specialized database that stores typed and ordered information about objects. A directory contains a set of objects with similar attributes organized in a logical and hierarchical manner. For example, a telephone directory consists of a series of names organized alphabetically. Each name in the telephone directory has an associated address and a phone number.
Each entry in an LDAP directory tree consists of a set of attributes that define that entry. Each attribute has a name and contains one or more values. The attributes are defined in a schema. Every directory entry has an objectClass attribute that lists the schema describing the entry. Each entry has a unique identifier called the distinguished name (DN). A DN consists of its Relative Distinguished Name (RDN) constructed from the attributes in the entry, followed by the parent entry DN.
The following table describes the entry details for a person in the LDAP directory:
Attribute/Entries
Attribute Name
Description
Example
dn
Distinguished Name
Name of the entry.
-
cn
Common Name
RDN of the entry.
John Doe
dc
Domain Component
DN of the parent entry.
example, com
sn
Surname
Surname of the common name.
Doe
mail
Email Address
Email address of the common name.
john@example.com
The following example shows the entries in the LDAP directory:
dn: cn=John Doe,dc=example,dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6789 telephoneNumber: +1 888 555 1234 mail: john@example.com manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top
You can use the directories to find resources with the characteristics required for a particular task. LDAP searches the directory for data to satisfy the specified criteria. You need to specify the part of the directory to search and the information to return. A search filter that uses Boolean conditions displays data based on the specified condition.
For example, a directory can list information about printers that consists of typed information, such as location, speed in pages for each minute, and supported print streams. You can access the data based on the privileges set for the LDAP directory server or the user. You can also add new entries, update existing entries, and remove entries.