Introduction to LDAP
You can use Lightweight Directory Access Protocol (LDAP) to access X.500-based directory services. LDAP defines a method to access and update information in a directory.
LDAP defines the communication protocol and content of the messages exchanged between an LDAP client and an LDAP directory server. The messages specify the operations requested by the client, the responses from the server, and the format of the data carried in the messages. An LDAP client can request operations, such as search, add, modify, and delete entires in the LDAP directory. LDAP carries the messages over TCP/IP.
An LDAP directory server is a specialized database that stores typed and ordered information about objects. A directory contains a set of objects with similar attributes organized in a logical and hierarchical manner. For example, a telephone directory consists of a series of names organized alphabetically. Each name in the telephone directory has an associated address and a phone number.
Each entry in an LDAP directory tree consists of a set of attributes that define that entry. Each attribute has a name and contains one or more values. The attributes are defined in a schema. Every directory entry has an objectClass attribute that lists the schema describing the entry. Each entry has a unique identifier called the distinguished name (DN). A DN consists of its Relative Distinguished Name (RDN) constructed from the attributes in the entry, followed by the parent entry DN.
The following table describes the entry details for a person in the LDAP directory:
Attribute/Entries | Attribute Name | Description | Example |
|---|
dn | Distinguished Name | Name of the entry. | - |
cn | Common Name | RDN of the entry. | John Doe |
dc | Domain Component | DN of the parent entry. | example, com |
sn | Surname | Surname of the common name. | Doe |
mail | Email Address | Email address of the common name. | john@example.com |
The following example shows the entries in the LDAP directory:
dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1234
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
You can use the directories to find resources with the characteristics required for a particular task. LDAP searches the directory for data to satisfy the specified criteria. You need to specify the part of the directory to search and the information to return. A search filter that uses Boolean conditions displays data based on the specified condition.
For example, a directory can list information about printers that consists of typed information, such as location, speed in pages for each minute, and supported print streams. You can access the data based on the privileges set for the LDAP directory server or the user. You can also add new entries, update existing entries, and remove entries.