# Encyclopedia

.The Lightweight Directory Access Protocol, or LDAP (pronounced /ˈɛl dæp/), is an application protocol for querying and modifying data using directory services running over TCP/IP.^ Configuring Lightweight Directory Access Protocol user registries .
• Configuring Lightweight Directory Access Protocol user registries 9 January 2010 21:38 UTC publib.boulder.ibm.com [Source type: Reference]

^ Lightweight Directory Access Protocol (v3).
• Citations: Lightweight Directory Access Protocol - Wahl, Kille, Howes (ResearchIndex) 9 January 2010 21:38 UTC citeseer.ist.psu.edu [Source type: Academic]
• Apache Directory Server v1.0 - Ldap related RFCs 9 January 2010 21:38 UTC cwiki.apache.org [Source type: Reference]

^ LDAP : Lightweight Directory Access Protocol as defined in RFC 1777.

[1]
.A directory is a set of objects with attributes organized in a logical and hierarchical manner.^ The directory uses the concepts of objects and object attributes.
• Enterprise network management directory containing network addresses of users and devices providing access lists to routers and servers - Patent 6131120 9 January 2010 21:38 UTC www.freepatentsonline.com [Source type: Reference]

^ A directory is a set of information with similar attributes organized in a logical and hierarchical manner.
• 2-2 Protocols and Standards | StudyNotes.net 9 January 2010 21:38 UTC studynotes.net [Source type: Reference]

^ A directory is a set of objects with similar attributes organized in a logical and hierarchical manner.
• Neterra 9 January 2010 21:38 UTC www.neterra.net [Source type: Academic]
• Certified Security Solutions: Glossary 9 January 2010 21:38 UTC www.css-security.com [Source type: Reference]

.A simple example is the telephone directory, which consists of a list of names (of either persons or organizations) organized alphabetically, with each name having an address and phone number associated with it.^ For example, a telephone is virtually useless without a directory to correspond names with telephone numbers.

^ For example, a person might have two common names (a formal name and a nickname) or two telephone numbers: .
• Mozilla LDAP C SDK: Chapter 2 - An Introduction to LDAP 9 January 2010 21:38 UTC www.mozilla.org [Source type: Reference]

^ For example, a white pages directory is a listing of people, their telephone numbers, and their addresses; in other words, a phone book.
• LDAP at UH 9 January 2010 21:38 UTC www.hawaii.edu [Source type: Reference]

.An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen.^ The organization of a directory is a tree structure.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen.
• 2-2 Protocols and Standards | StudyNotes.net 9 January 2010 21:38 UTC studynotes.net [Source type: Reference]

^ LDAP directories are arranged as trees .
• Important Internet Standards: LDAP 9 January 2010 21:38 UTC www.intranetjournal.com [Source type: FILTERED WITH BAYES]

.LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy.^ The structure of the LDAP hierarchy is defined by the distinguished names.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ LDAP deployments today tend to use Domain name system (DNS) names for structuring the topmost levels of the hierarchy.
• ChaserView & LDEP protocol 9 January 2010 21:38 UTC www.ipixcel.com [Source type: General]

^ DNS -- see Domain Name System .
• Active Directory Glossary : [Microsoft Windows 2000, Microsoft Windows 2000 Server, directory, Active Directory, Active Directory directory service, Active Directory Service Interfaces, ADSI, directory-enabled Networking, DEN, Lightweight Directory Access Protocol, LDAP, Domain Name System, DNS, Global Catalog, GC] 9 January 2010 21:38 UTC weisstrain.com [Source type: Reference]

.Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries).^ Entries at the higher level of hierarchy represent larger groupings or organizations.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ Below them might be entries representing people, organisational units, printers, documents, or just about anything else.
• Lightweight Directory Access Protocol from FOLDOC 9 January 2010 21:38 UTC foldoc.org [Source type: Reference]
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC burks.bton.ac.uk [Source type: Reference]

^ The basic unit of the directory is an entry.
• IMesh Toolkit - Technology Review - Protocols 9 January 2010 21:38 UTC www.imesh.org [Source type: Reference]

.Its current version is LDAPv3, which is specified in a series of Internet Engineering Task Force (IETF) Standard Track Requests for comments (RFCs) as detailed in RFC 4510.^ RFC 4783 IETF Standards Action RFC .
• IANA — Protocol Registries 9 January 2010 21:38 UTC www.iana.org [Source type: Reference]

^ RFC 4582 Standards-Track RFC .
• IANA — Protocol Registries 9 January 2010 21:38 UTC www.iana.org [Source type: Reference]

^ It does not specify an Internet standard of any kind.
• RFC 4373 on Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP) 9 January 2010 21:38 UTC www.ietf.org [Source type: FILTERED WITH BAYES]
• RFC 3384 on Lightweight Directory Access Protocol (version 3) Replication Requirements 9 January 2010 21:38 UTC www.imc.org [Source type: FILTERED WITH BAYES]

## Origin and influences

.Telecommunication companies introduced the concept of directory services to information technology and computer networking, since their understanding of directory requirements was well-developed after some 70 years of producing and managing telephone directories.^ A directory service is to a network what white pages and yellow pages are to the telephone system.
• LDAP (Lightweight Directory Access Protocol) (Linktionary term) 9 January 2010 21:38 UTC www.linktionary.com [Source type: Reference]

^ UNINETT directory services: Technical information .
• UNINETT directory services: Technical information 9 January 2010 21:38 UTC www.katalog.uninett.no [Source type: Academic]

^ A directory service is a service that provides information.
• LDAP at UH 9 January 2010 21:38 UTC www.hawaii.edu [Source type: Reference]

.The culmination of this input was the comprehensive X.500 specification[2], a suite of protocols produced by the International Telecommunication Union (ITU) in the 1980s.^ LDAP begin with the International Telecommunication Union .
• LDAP Series Part III - The Historical Secrets | Linux Journal 9 January 2010 21:38 UTC www.linuxjournal.com [Source type: General]

^ As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.
• http://tldp.org/HOWTO/LDAP-HOWTO/whatisldap.html 9 January 2010 21:38 UTC tldp.org [Source type: FILTERED WITH BAYES]

^ X.509 CERTIFICATE The certificate is the International Telecommunications Union - Telecommunication Standardization Section (ITU-T) recommendation that defines a framework for the provision of authentication services under a central control paradigm represented by a "Directory".
• Joint Interoperability Test Command 9 January 2010 21:38 UTC jitc.fhu.disa.mil [Source type: Reference]

.X.500 directory services were traditionally accessed via the X.500 Directory Access Protocol (DAP), which required the Open Systems Interconnection (OSI) protocol stack.^ Lightweight Directory Access Protocol (v3).
• Citations: Lightweight Directory Access Protocol - Wahl, Kille, Howes (ResearchIndex) 9 January 2010 21:38 UTC citeseer.ist.psu.edu [Source type: Academic]

^ Developers wanted to free clients from the Directory Access Protocol (DAP) that was in use at the time for X.500 Directory Service access.
• Learn AD in 15 Minutes a Week: Lightweight Directory Access Protocol — ServerWatch.com 9 January 2010 21:38 UTC www.serverwatch.com [Source type: FILTERED WITH BAYES]

^ This chaining is carried out via the Directory System Protocol (DSP).
• A History of Directory Standards 9 January 2010 21:38 UTC www.daasi.de [Source type: Reference]

.LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack.^ LDAP runs over TCP/IP. .
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ Configuring Lightweight Directory Access Protocol user registries .
• Configuring Lightweight Directory Access Protocol user registries 9 January 2010 21:38 UTC publib.boulder.ibm.com [Source type: Reference]

^ As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.
• http://tldp.org/HOWTO/LDAP-HOWTO/whatisldap.html 9 January 2010 21:38 UTC tldp.org [Source type: FILTERED WITH BAYES]

.This model of directory access was borrowed from the DIXIE and Directory Assistance Service protocols.^ Lightweight Directory Access Protocol (v3).
• Citations: Lightweight Directory Access Protocol - Wahl, Kille, Howes (ResearchIndex) 9 January 2010 21:38 UTC citeseer.ist.psu.edu [Source type: Academic]

^ Directory Assistance Service – Rose - 1991 .
• CiteSeerX — Lightweight directory access protocol (v3 9 January 2010 21:38 UTC citeseerx.ist.psu.edu [Source type: Academic]

^ (LDAP) A protocol for accessing on-line directory services.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC burks.bton.ac.uk [Source type: Reference]

.Standalone LDAP directory servers soon followed, as did directory servers supporting both DAP and LDAP. The latter has become popular in enterprises, as LDAP removed any need to deploy an OSI network.^ LDAP is included in EIMS directory server.
• EIMS Glossary of Terms 9 January 2010 21:38 UTC www.eudora.com [Source type: Reference]

^ Netscape Directory Server Netscape Directory Server is an LDAP directory server.
• LDAP directory service 9 January 2010 21:38 UTC developers.sun.com [Source type: General]

^ Pure LDAP directory servers (e.g.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

Today, X.500 directory protocols including DAP can also be used directly over TCP/IP.
.The protocol was originally created by Tim Howes of the University of Michigan, Steve Kille of Isode Limited, and Wengyik Yeong of Performance Systems International, circa 1993. Further development has come through the Internet Engineering Task Force.^ Developed at the University of Michigan at Ann Arbor in conjunction with the Internet Engineering Task Force, LDAP is a protocol for accessing and managing directory services.
• Mozilla LDAP C SDK: Chapter 2 - An Introduction to LDAP 9 January 2010 21:38 UTC www.mozilla.org [Source type: Reference]

^ The protocol suite originally developed for the Internet.
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

^ LDAP was designed by a group of individuals at the University of Michigan, with help from the ISODE (ISO Development Requirement) Consortium, to simplify DAP, the protocol used for the complex enterprise directory system called X.500.
• Smart Computing Encyclopedia Entry - Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC www.smartcomputing.com [Source type: Reference]

.In the early engineering stages of LDAP, it was known as Lightweight Directory Browsing Protocol, or LDBP.^ Lightweight Directory Access Protocol (v3).
• Citations: Lightweight Directory Access Protocol - Wahl, Kille, Howes (ResearchIndex) 9 January 2010 21:38 UTC citeseer.ist.psu.edu [Source type: Academic]

^ CITES email ldap LDAP (Lightweight Directory Access Protocol) .
• CITES :: LDAP (Lightweight Directory Access Protocol) - U of I 9 January 2010 21:38 UTC www.cites.illinois.edu [Source type: Reference]

^ Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to access information directories.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

.It was renamed with the expansion of the scope of the protocol to include beyond directory browsing and searching functions, also directory update functions.^ Searching the directory: The -> search function is used to search the LDAP directory: .
• Installation and Development of LDAP (Lightweight Directory Access Protocol) | uCertify Articles 9 January 2010 21:38 UTC www.ucertify.com [Source type: Reference]

^ Now a directory is a specialized database designed for searching and browsing and normally has added support for basic lookup and update functions.
• Light Weight Directory Access Protocol 9 January 2010 21:38 UTC www.myzips.com [Source type: General]

^ LDAP defines operations for interrogating,adding,renaming and deleting entries and updating the directory.The LDAP search operation allows certain parts of the directory to be searched for entries matching some required criteria.
• Light Weight Directory Access Protocol 9 January 2010 21:38 UTC www.myzips.com [Source type: General]

.It was given its Lightweight name because it was not as network intensive as its DAP predecessor and thus was more easily implemented over the internet due to its lightweight bandwidth usage.^ LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.
• What is LDAP: Lightweight Directory Access Protocol? 9 January 2010 21:38 UTC www.tech-faq.com [Source type: General]

^ Because LDAP is not typically tightly integrated with the host operating system, information can be kept in both LDAP and in a name service such as Network Information Service.
• Exchange Server Frequently Asked Questions : LDAP or Lightweight Directory Access Protocol 9 January 2010 21:38 UTC blogs.msdn.com [Source type: General]

^ On TCP/IP networks (including the Internet), the domain name system ( DNS ) is the directory system used to relate the domain name to a specific network address (a unique location on the network).
• What is LDAP? - Definition from Whatis.com - see also: Lightweight Directory Access Protocol 9 January 2010 21:38 UTC searchmobilecomputing.techtarget.com [Source type: Reference]

.LDAP has influenced subsequent Internet protocols, including later versions of X.500, XML Enabled Directory (XED), Directory Service Markup Language (DSML), Service Provisioning Markup Language (SPML), and the Service Location Protocol (SLP).^ X.500 will have a role, and possibly a very significant role in the provision of directory services.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ LDAP is included in EIMS directory server.
• EIMS Glossary of Terms 9 January 2010 21:38 UTC www.eudora.com [Source type: Reference]

^ Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to access information directories.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

## Protocol overview

.A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port 389. The client then sends an operation request to the server, and the server sends responses in return.^ The LDAP client then contacts LDAP Server 2 (3).

^ A Directory System Agent (DSA) is the database in which the directory information is stored.
• X.500: Directory Access Protocol (DAP) | NetworkDictionary 9 January 2010 21:38 UTC www.networkdictionary.com [Source type: Academic]

^ LDAP is included in EIMS directory server.
• EIMS Glossary of Terms 9 January 2010 21:38 UTC www.eudora.com [Source type: Reference]

.With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order.^ The client may send any operation request prior ...
• LDAP - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms [RFC-Ref] 9 January 2010 21:38 UTC www.rfc-ref.org [Source type: Reference]

^ If the server does not support the method, it responds no\n and waits for the client to request another.
• Chirp Protocol Version 2 9 January 2010 21:38 UTC www.cse.nd.edu [Source type: Reference]

^ An LDAP client requests information from LDAP Server 1 (1).

The client may request the following operations:
• Start TLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
• Bind — authenticate and specify LDAP protocol version
• Search — search for and/or retrieve directory entries
• Compare — test if a named entry contains a given attribute value
• Delete an entry
• Modify an entry
• Modify Distinguished Name (DN) — move or rename an entry
• Abandon — abort a previous request
• Extended Operation — generic operation used to define other operations
• Unbind — close the connection (not the inverse of Bind)
.In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g.^ The LDAP server sends a return code to indicate that it has accepted the lookup request (the return code is not the actual query, update, or create result).
• Cisco Network Registrar (CNR) Failure Detection Using Lightweight Directory Access Protocol (LDAP) - Cisco Systems 9 January 2010 21:38 UTC www.cisco.com [Source type: Reference]

^ During the communication, the client transmits one or more requests to the server which gives the equivalent response .
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

^ Response times for a gateway are slightly higher compared to a native Directory Server session because each request must be forwarded through the gateway.

before it times out a connection.
.A common alternate method of securing LDAP communication is using an SSL tunnel.^ It is a common language that LDAP clients and servers use to communicate.
• Introduction to LDAP and Oracle Internet Directory, 3 of 6 9 January 2010 21:38 UTC download-west.oracle.com [Source type: Reference]
• 2 Introduction to LDAP and Oracle Internet Directory 9 January 2010 21:38 UTC download.oracle.com [Source type: Reference]

^ LDAP is not a piece of software, it is a method of communicating.
• Why use a Lightweight Directory Access Protocol (LDAP) server? 9 January 2010 21:38 UTC www.mentata.com [Source type: FILTERED WITH BAYES]

^ A few can write or update information, but LDAP does not include security or encryption, so updates usually requre additional protection such as an encrypted SSL connection to the LDAP server.
• What is LDAP? 9 January 2010 21:38 UTC www.gracion.com [Source type: FILTERED WITH BAYES]

.This is denoted in LDAP URLs by using the URL scheme "ldaps". The default port for LDAP over SSL is 636. The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification.^ If port was not specified in the URI, the default is either 389 or 636 for 'LDAP' and 'LDAPS' schemes respectively.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ Note the default value for 'sslversion' for LDAPS is 'sslv2/3', and the default port for LDAPS is 636.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ The default TCP port for LDAP is 389.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

This usage has been deprecated along with LDAPv2, which was officially retired in 2003.
.LDAP is defined in terms of ASN.1, and protocol messages are encoded in the binary format BER.^ The LDAP protocol is message-based.
• IMesh Toolkit - Technology Review - Protocols 9 January 2010 21:38 UTC www.imesh.org [Source type: Reference]

^ The LDAP protocol is defined in the following RFC's .
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

^ LDAP is a connection-oriented, message-based protocol developed to support email directories on the Internet.
• LDAP - Lightweight Directory Access Protocol enabled NTP Time Server 9 January 2010 21:38 UTC www.spectracomcorp.com [Source type: General]

.It uses textual representations for a number of ASN.1 fields/types, however.^ However, this data store can also be used in a read/write manner to keep track of the last sign-on, the number of invalid sign-on attempts, and so on.

^ If the server chooses not to return a textual diagnostic, the errorMessage field of the LDAPResult type should contain a zero length string.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

^ The errorMessage field of this construct may, at the servers option, be used to return an ASCII string containing a textual, human-readable error diagnostic.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

## Directory structure

The protocol accesses LDAP directories, which follow the 1993 edition of the X.500 model:
.
• A directory is a tree of directory entries.
• An entry consists of a set of attributes.
• An attribute has a name (an attribute type or attribute description) and one or more values.^ In addition, one or more attributes in an entry can be used as the name of the entry itself.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ An LDAP directory is a collection of entries, which consist of one or more attributes each.
• About Lightweight Directory Access Protocol 9 January 2010 21:38 UTC msdn.microsoft.com [Source type: Reference]

^ Compare a value against the attribute values in a directory entry.
• Netscape LDAP C SDK: Preface 9 January 2010 21:38 UTC www.mozilla.org [Source type: Reference]

.The attributes are defined in a schema (see below).
• Each entry has a unique identifier: its Distinguished Name (DN).^ An entry has a globally-unique Distinguished Name, used to refer to the entry unambiguously.
• IMesh Toolkit - Technology Review - Protocols 9 January 2010 21:38 UTC www.imesh.org [Source type: Reference]

^ An entry is composed of a Distinguished Name (DN) and any number of attribute/value pairs.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ Each entry is uniquely identified by a distinguished name.
• Mozilla LDAP C SDK: Chapter 2 - An Introduction to LDAP 9 January 2010 21:38 UTC www.mozilla.org [Source type: Reference]

.This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry's DN. Think of the DN as the full file path and the RDN as its relative filename in its parent folder (e.g.^ An entry is composed of a Distinguished Name (DN) and any number of attribute/value pairs.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ Each entry is uniquely identified by a distinguished name.
• Mozilla LDAP C SDK: Chapter 2 - An Introduction to LDAP 9 January 2010 21:38 UTC www.mozilla.org [Source type: Reference]

^ This name is called a Distinguished Name, or DN. Each object contains a number of attributes.
• Directory Overview, Office of Information Technology - University of Maryland- Office of Information Technology (OIT) 9 January 2010 21:38 UTC www.oit.umd.edu [Source type: Reference]

if C:\foo\bar\myfile.txt were the DN, then myfile.txt would be the RDN).
.Be aware that a DN may change over the lifetime of the entry, for instance, when entries are moved within a tree.^ Some attributes may occur more than once within an entry (single or multi valued, e.g.
• Apache Directory Server v1.0 - 1.2. Some Background. Directories, directory services and LDAP 9 January 2010 21:38 UTC directory.apache.org [Source type: FILTERED WITH BAYES]

^ These abbreviations can be used in several locations within the tree and may not be specific to each entry within each entry.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ A Queue’s lifetime may be extended by changing this policy value and reapplying the policy.

.To reliably and unambiguously identify entries, a UUID might be provided in the set of the entry's operational attributes.^ The entries and attributes affected by the operation.

^ The attribute holds a server-assigned Universally Unique Identifier (UUID) for the object.
• Apache Directory Server v1.5 - Mitosis 9 January 2010 21:38 UTC cwiki.apache.org [Source type: Reference]

^ DSAs providing the Directory service perform access control checks in order to determine what operations an authenticated user may perform on entries, attributes, and values.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol):
 dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: john@example.com
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top

."dn" is the name of the entry; it's not an attribute nor part of the entry.^ The DN is the name of an entry and must be unique.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ LDAP is gaining support from vendors such as Netscape , Novell, Sun , HP , IBM /Lotus, SGI , AT&T , and Banyan An LDAP directory entry is a collection of attributes with a name, called a distinguished name (DN).
• Lightweight Directory Access Protocol - Computing Reference - eLook.org 9 January 2010 21:38 UTC www.elook.org [Source type: Academic]

^ In addition, one or more attributes in an entry can be used as the name of the entry itself.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

."cn=John Doe" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry.^ In the example above, the Common Name (cn) attribute, represents the name of the employee.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ For example, the distinguished name of the John Doe entry is: .
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ In the above figure the Relative Distinguished Name for the entry Mohan Cavale is "cn=Mohan Cavale" and a Distinguished Name of "cn=Mohan, o=Microsoft,c=US".
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

.Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address and "sn" for surname.^ In the example above, the Common Name (cn) attribute, represents the name of the employee.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ The cn or common name is Aditi Vijay.
• LDAP- The Lightweight Directory Service 9 January 2010 21:38 UTC www.vijaymukhi.com [Source type: FILTERED WITH BAYES]

^ For instance, dc stands for domain component and cn stands for common name .
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

.A server holds a subtree starting from a specific entry, e.g.^ Retrieve information for all entries where the surname starts with "S" from a directory server, displaying an extract with name and email address.
• kadm5_modify_principal ldap_8859_to_t61 Funktiot PHP Manual LDAP Functions Introduction is the Lightweight Directory Access Protocol, and a protocol used to access "Directory Servers". Th... 9 January 2010 21:38 UTC www.phpwelt.net [Source type: Reference]

^ If an entry is preceded by a hyphen, then that specific client will be denied access through the Oracle Files NFS server.
• 2 Oracle Files Protocol Support 9 January 2010 21:38 UTC www.ncsu.edu [Source type: Reference]

."dc=example,dc=com" and its children.^ 'List of members', # Add description attribute member => [ 'cn=member1,ou=people,dc=example,dc=com', # Add to attribute 'cn=member2,ou=people,dc=example,dc=com', ] } ); delete => [ ATTR, ...

^ For example: BindDN=anonymous=> BindDN=uid=fred,ou=people,dc=example,dc=com Edit the value of the BindPW attribute; for anonymous access, this parameter is usually blank.

^ 'List of members', member => [ 'cn=member1,ou=people,dc=example,dc=com', # Remove members 'cn=member2,ou=people,dc=example,dc=com', ], seeAlso => [], # Remove attribute } ); replace => { ATTR => VALUE, ...

.Servers may also hold references to other servers, so an attempt to access "ou=department,dc=example,dc=com" could return a referral or continuation reference to a server which holds that part of the directory tree.^ OpenLDAP server is an example of a directory service.
• About LDAP - OpenESB: the Open Source ESB for SOA & Integration 9 January 2010 21:38 UTC wiki.open-esb.java.net [Source type: Reference]

^ Active Directory trees that trust each other.
• Active Directory Glossary : [Microsoft Windows 2000, Microsoft Windows 2000 Server, directory, Active Directory, Active Directory directory service, Active Directory Service Interfaces, ADSI, directory-enabled Networking, DEN, Lightweight Directory Access Protocol, LDAP, Domain Name System, DNS, Global Catalog, GC] 9 January 2010 21:38 UTC weisstrain.com [Source type: Reference]

^ For example the Bigfoot service directory server name is ldap.bigfoot.com.
• OL2000: (IMO) Lightweight Directory Access Protocol Usage 9 January 2010 21:38 UTC support.microsoft.com [Source type: General]

.The client can then contact the other server.^ The LDAP client then contacts LDAP Server 2 (3).

^ The LDAP client will see the same view of the directory no matter which server is contacted.

^ Authentication certificates are sent from server to client or client to server in order to verify and authenticate the other party.
• Glossary 9 January 2010 21:38 UTC docsrv.sco.com [Source type: Reference]

.Some servers also support chaining, which means the server contacts the other server and returns the results to the client.^ The LDAP client then contacts LDAP Server 2 (3).

^ Clients MUST support contacting servers on any valid TCP port.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ The means by which a server can verify a client's identity.
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

.LDAP rarely defines any ordering: The server may return the values of an attribute, the attributes in an entry, and the entries found by a search operation in any order.^ Any attribute can have one or more values if defined by the schema, which is the rules that defines the objectclasses and attributes in the LDAP server.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ A list of attributes to be returned for each entry that matches the search filter.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ An attribute may be defined such that a value is optional or required.
• Directory Overview, Office of Information Technology - University of Maryland- Office of Information Technology (OIT) 9 January 2010 21:38 UTC www.oit.umd.edu [Source type: Reference]

.This follows from the formal definitions - an entry is defined as a set of attributes, and an attribute is a set of values, and sets need not be ordered.^ Set the following Miscellaneous values: .
• 2 Oracle Files Protocol Support 9 January 2010 21:38 UTC www.ncsu.edu [Source type: Reference]

^ You will still need to follow referals for a full set of attributes.
• PHP: LDAP Functions - Manual 9 January 2010 21:38 UTC www.php.net [Source type: FILTERED WITH BAYES]

^ Each object is defined by a set of attributes.
• Directory Overview, Office of Information Technology - University of Maryland- Office of Information Technology (OIT) 9 January 2010 21:38 UTC www.oit.umd.edu [Source type: Reference]

## Operations

.The client gives each request a positive Message ID, and the server response has the same Message ID. The response includes a numeric result code which indicates success, some error condition or some other special cases.^ A single client's request can also be responded with several messages from the server.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

^ ID [, OPTIONS ] ) Request server to abandon a request.
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

^ An LDAP client requests information from LDAP Server 1 (1).

.Before the response, the server may send other messages with other result data - for example each entry found by the Search operation is returned in such a message.^ During a search the server may also send a list of references.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ N) return next entry in a chain of search results .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ The server sends the Notification of Data Change message and will not expect any response from the clients.
• draft-dawkins-ldapext-subnot-01 - Subscription/Notification for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC tools.ietf.org [Source type: Reference]

Expand discussion of referral responses to various operations, especially modify, for example where all modifies must be directed from replicas to a master directory.

### StartTLS

.The StartTLS operation establishes Transport Layer Security (the descendant of SSL) on the connection.^ SSL SSL is the secure sockets layer protocol.
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

^ Typischerweise wird dabei der TCP/UDP Port 389 verwendet, bei Verbindungen über SSL/TLS (Secure Socket Layer/Transport Level Security) wird der Port 636 benutzt.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.de [Source type: Academic]

^ Meanwhile, there are implementations of a connectionless LDAP protocol available where queries are sent directly via UDP. In doing so, TCP/UDP Port 389 is normally used, whereas Port 636 comes into operation if connecting via SSL/TLS (Secure Socket Layer/Transport Level Security).
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

.That can provide data confidentiality (to protect data from being observed by third parties) and/or data integrity protection (which protects the data from tampering).^ This attribute definition provides data integrity.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ TLS is a protocol that provides privacy and data integrity between client/ server applications communicating over an insecure network such as the Internet.
• SecuriTeam - Cisco Secure Access Control Server EAP-TLS Authentication Vulnerability 9 January 2010 21:38 UTC www.securiteam.com [Source type: Reference]

^ Use DPM – Data Protection Manager provides on-the-fly backups of files and near-line recovery.
• Ask the Directory Services Team 9 January 2010 21:38 UTC blogs.technet.com [Source type: FILTERED WITH BAYES]
• Ask the Directory Services Team 9 January 2010 21:38 UTC blogs.technet.com [Source type: FILTERED WITH BAYES]

.During TLS negotiation the server sends its X.509 certificate to prove its identity.^ The client then requests the server to prove its identity.

^ Sodium does this by issuing that CSR to a Certificate Authority (CA) and creating identities from X.509 certificates returned from the CA. .
• Sodium Directory Data Access and Management 9 January 2010 21:38 UTC messaging.isode.com [Source type: Reference]

^ Closing a TLS Connection Graceful Closure Either the client or server may terminate the TLS connection on an LDAP association by sending a TLS closure alert.
• Protocol: LDAPS ( Secure Lightweight Directory Access Protocol ) 9 January 2010 21:38 UTC www.protocolbase.net [Source type: Reference]

.The client may also send a certificate to prove its identity.^ The client then requests the server to prove its identity.

^ Closing a TLS Connection Graceful Closure Either the client or server may terminate the TLS connection on an LDAP association by sending a TLS closure alert.
• Protocol: LDAPS ( Secure Lightweight Directory Access Protocol ) 9 January 2010 21:38 UTC www.protocolbase.net [Source type: Reference]

^ Assertion of Client's Authorization Identity The client may, upon receipt of a Start TLS extended response indicating success, assert that a specific authorization identity be utilized in determining the client's authorization status.
• Protocol: LDAPS ( Secure Lightweight Directory Access Protocol ) 9 January 2010 21:38 UTC www.protocolbase.net [Source type: Reference]

.After doing so, the client may then use SASL/EXTERNAL. By using the SASL/EXTERNAL, the client requests the server derive its identity from credentials provided at a lower level (such as TLS).^ If an LDAP server requests or demands that a client provide a user certificate ...
• LDAP - Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms [RFC-Ref] 9 January 2010 21:38 UTC www.rfc-ref.org [Source type: Reference]

^ An LDAP client requests information from LDAP Server 1 (1).

^ The addressing system used by the server and the client to request documents.
• Glossary 9 January 2010 21:38 UTC docsrv.sco.com [Source type: Reference]

Though technically the server may use any identity information established at any lower level, typically the server will use the identity information established by TLS.
.Servers also often support the non-standard "LDAPS" ("Secure LDAP", commonly known as "LDAP over SSL") protocol on a separate port, by default 636. LDAPS differs from LDAP in two ways: 1) upon connect, the client and server establish TLS before any LDAP messages are transferred (without a Start TLS operation) and 2) the LDAPS connection must be closed upon TLS closure.^ LDAP library without opening a connection to a server .
• ldap(3) - OpenLDAP Lightweight Directory Access Protocol API 9 January 2010 21:38 UTC www.gsp.com [Source type: Reference]

^ The LDAP client then contacts LDAP Server 2 (3).

^ Default value: 5000 MaxConnIdleTime - The maximum time in seconds that the client can be idle before the LDAP server closes the connection.
• KBAlertz.com: This step-by-step article describes how to manage Lightweight Directory Access Protocol (LDAP) policies by using the Ntdsutil.exe tool. To ensure that domain controllers (DCs) can support service-level guarantees, you need to specify operat 9 January 2010 21:38 UTC kbalertz.com [Source type: FILTERED WITH BAYES]

.LDAPS was used with LDAPv2, because the StartTLS operation had not yet been defined.^ The operation is defined as an extension of the LDAP Search Operation.
• Apache Directory Server v1.5 - Mitosis 9 January 2010 21:38 UTC cwiki.apache.org [Source type: Reference]

^ Support of the BIND operation using no credentials, simple credentials, or protected simple credentials, as defined in the 1988 X.509 standard.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

^ In truth, applications may be either directory-aware?capable of reading an LDAP directory?or directory-enabled?capable of reading and performing other defined LDAP operations on a directory.

.The use of LDAPS is deprecated, and modern software should only use StartTLS .^ The OpenLDAP Software package includes a stand-alone server in slapd(8) , various LDAP clients, and an LDAP client library used to provide programmatic access to the LDAP protocol.
• ldap(3) - OpenLDAP Lightweight Directory Access Protocol API 9 January 2010 21:38 UTC www.gsp.com [Source type: Reference]

^ This is only possible if the connection uses LDAPv3, and requires that the server advertizes support for LDAP_EXTENSION_START_TLS. Use supported_extension in the Net::LDAP::RootDSE manpage to check this.
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ Clear this option only in rare situations where a router is used to send requests to multiple LDAP servers and when the router does not support affinity.
• Configuring Lightweight Directory Access Protocol user registries 9 January 2010 21:38 UTC publib.boulder.ibm.com [Source type: Reference]

### Bind (authenticate)

.The Bind operation authenticates the client to the server.^ Authenticated Simple Bind The server accepts a simple bind request with a password and authenticates the client by that password.

^ Security ModelThe bind operation allows an LDAP client to authenticate.

^ If necessary, the LDAP server can authenticate the client to the operating system in use.

.Simple Bind can send the user's DN and password in plaintext, so the connection should be protected using Transport Layer Security (TLS).^ Simple Authentication using User Name & Password .
• ViewDS Directory & Discovery Server 9 January 2010 21:38 UTC www.viewds.com [Source type: Reference]
• View500 Directory Server 9 January 2010 21:38 UTC www.view500.com [Source type: FILTERED WITH BAYES]

^ SASL The simple authentication and security layer.
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

^ Transport Layer Security (TLS) - Connections to Active Directory over LDAP can now be protected using the TLS security protocol.

.The server typically checks the password against the userPassword attribute in the named entry.^ It stores the password as an attribute of the user entry.
• 2 Introduction to LDAP and Oracle Internet Directory 9 January 2010 21:38 UTC download.oracle.com [Source type: Reference]

^ Similarly, the Subject Name is checked against the name of the entry.
• Sodium Directory Data Access and Management 9 January 2010 21:38 UTC messaging.isode.com [Source type: Reference]

^ The server supports entries with attributes.

.Anonymous Bind (with empty DN and password) resets the connection to anonymous state.^ Whether you need a password to access the server (many servers will provide read access for an "anonymous bind" but require a password for anything else) .
• kadm5_modify_principal ldap_8859_to_t61 Funktiot PHP Manual LDAP Functions Introduction is the Lightweight Directory Access Protocol, and a protocol used to access "Directory Servers". Th... 9 January 2010 21:38 UTC www.phpwelt.net [Source type: Reference]

^ TLS Connection Closure Effects Closure of the TLS connection must cause the LDAP association to move to an anonymous authentication and authorization state regardless of the state established over TLS and regardless of the authentication and authorization state prior to TLS connection establishment.
• Protocol: LDAPS ( Secure Lightweight Directory Access Protocol ) 9 January 2010 21:38 UTC www.protocolbase.net [Source type: Reference]

^ This is also theinitial state for the client, after a connection has been opened to the server.Basic AuthenticationThe authentication protocol with plain text passwords works as follows:1.

.SASL (Simple Authentication and Security Layer) Bind provides authentication services through a wide range of mechanisms, e.g.^ SASL--The LDAP bind operation was modified to support the Simple Authentication and Security Layer .
• A History of Directory Standards 9 January 2010 21:38 UTC www.daasi.de [Source type: Reference]

^ It provides authentication services through SASL (Simple Authentication and Security Layer).
• Installation and Development of LDAP (Lightweight Directory Access Protocol) | uCertify Articles 9 January 2010 21:38 UTC www.ucertify.com [Source type: Reference]

^ SASL mechanisms may be used with LDAP to provide association security services.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

Kerberos or the client certificate sent with TLS.
.Bind also sets the LDAP protocol version.^ This document describes version 3 of the LDAP protocol.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ This document describes version 2 of the LDAP protocol.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

^ Returns the version of the LDAP protocol that is being used.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

.Normally clients should use LDAPv3, which is the default in the protocol but not always in LDAP libraries.^ Use of new protocols in the LDAP family.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ By default, LDAP uses port 389.
• Installation and Development of LDAP (Lightweight Directory Access Protocol) | uCertify Articles 9 January 2010 21:38 UTC www.ucertify.com [Source type: Reference]

^ N Set the protocol version being used (default is LDAPv3).
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

.Bind had to be the first operation in a session in LDAPv2, but is not required in LDAPv3 (the current LDAP version).^ When it was first introduced, LDAP required the services of X.500 servers, specifically their directory information storage features and passing of unfilled service requests to other directory servers.

^ The underlying session is established first operation is issued.
• ldap(3) - OpenLDAP Lightweight Directory Access Protocol API 9 January 2010 21:38 UTC www.gsp.com [Source type: Reference]

^ Binding provides an AUTHORIZATION CONTEXT for allowing or denying subsequent operations.The function of the Unbind Operation is to terminate a protocol session.

### Search and Compare

.The Search operation is used to both search for and read entries.^ XLU uses multiple complex Search operations to lookup an entry.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

^ A search is an operation that targets data common to multiple entries, such as the data collected, by an Internet search engine, about a topic.
• About Lightweight Directory Access Protocol 9 January 2010 21:38 UTC msdn.microsoft.com [Source type: Reference]

^ Read how Vikas Mahajan describes directories and databases as complementary, not competitive, solutions in his excellent article "Should I Use a Directory, a Database, or Both?"
• Apache Directory Server v1.0 - 1.2. Some Background. Directories, directory services and LDAP 9 January 2010 21:38 UTC directory.apache.org [Source type: FILTERED WITH BAYES]

Its parameters are:
baseObject
The DN (Distinguished Name) of the entry at which to start the search,
scope
What elements below the baseObject to search. This can be .BaseObject (search just the named entry, typically used to read one entry), singleLevel (entries immediately below the base DN), or wholeSubtree (the entire subtree starting at the base DN).^ In addition, one or more attributes in an entry can be used as the name of the entry itself.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ The DN is the name of an entry and must be unique.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ The base DN to start the search.
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

filter
Criteria to use in selecting elements within scope. For example, the filter (&(objectClass=person)(|(givenName=John)(mail=john*))) will select "persons" (elements of objectClass person) who either have the given name "John" or an e-mail address that begins with the string "john".
derefAliases
Whether and how to follow alias entries (entries which refer to other entries),
attributes
Which attributes to return in result entries.
sizeLimit, timeLimit
Maximum number of entries to return, and maximum time to allow search to run.
typesOnly
Return attribute types only, not attribute values.
.The server returns the matching entries and potentially continuation references.^ A reference to a list of attributes to be returned from the server.
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

^ A list of attributes to be returned for each entry that matches the search filter.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ A server MUST NOT return any SearchResultReference if it has not located the baseObject and thus has not searched any entries; in this case it would return a SearchResultDone containing a referral resultCode.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

These may be returned in any order. The final result will include the result code.
.The Compare operation takes a DN, an attribute name and an attribute value, and checks if the named entry contains that attribute with that value.^ Copy of DNs (Distinguished Names), to easily enter values for DN value attributes.
• Sodium Directory Data Access and Management 9 January 2010 21:38 UTC messaging.isode.com [Source type: Reference]

^ N) return first attribute name in an entry .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ Add more attributes or values to the entry.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

### Update Data

.Add, Delete, and Modify DN - all require the DN of the entry that is to be changed.^ 'Graham Barr' ); delete ( DN, OPTIONS ) Delete the entry given by DN from the server.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ For example, your facilities group might be given access to change an employee's location, cube, or office number, but not be allowed to modify entries for any other fields.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

^ In current LDAP mechanisms, the server will notify the client of all changes but the client may require notifications only for changes which meet some condition, such as addition, modification or deletion.
• draft-dawkins-ldapext-subnot-01 - Subscription/Notification for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC tools.ietf.org [Source type: Reference]
• draft-dawkins-ldapext-subnot-02 - Subscription/Notification for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC tools.ietf.org [Source type: Reference]

.Modify takes a list of attributes to modify and the modifications to each: Delete the attribute or some values, add new values, or replace the current values with the new ones.^ N) sort a list of attribute values .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ The attribute value list is also used in pairs.
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

^ Delete individual values from an attribute.

.Add operations also can have additional attributes and values for those attributes.^ Add more attributes or values to the entry.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ DSAs providing the Directory service perform access control checks in order to determine what operations an authenticated user may perform on entries, attributes, and values.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

^ A reference to an ARRAY of attributes to delete or a reference to a HASH (as in add ) if only specific values should be deleted.
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

.Modify DN (move/rename entry) takes the new RDN (Relative Distinguished Name), optionally the new parent's DN, and a flag which says whether to delete the value(s) in the entry which match the old RDN. The server may support renaming of entire directory subtrees.^ 'Graham Barr' ); delete ( DN, OPTIONS ) Delete the entry given by DN from the server.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ An entry is composed of a Distinguished Name (DN) and any number of attribute/value pairs.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ This value should be a new RDN to assign to DN .
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

.An update operation is atomic: Other operations will see either the new entry or the old one.^ In truth, applications may be either directory-aware?capable of reading an LDAP directory?or directory-enabled?capable of reading and performing other defined LDAP operations on a directory.

^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ This can be achieved by either using View500 StreamDUA or if the requirements are more complex using the Radiant One ICS server (see above).
• View500 Directory Server 9 January 2010 21:38 UTC www.view500.com [Source type: FILTERED WITH BAYES]

.On the other hand, LDAP does not define transactions of multiple operations: If you read an entry and then modify it, another client may have updated the entry in the mean time.^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ N) asynchronously modify the name of an LDAP entry .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ The functional model in LDAP defines the operations for querying and modifying the directory.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

.Servers may implement extensions [3] which support this, however.^ The identifiers of any supported extensions which this server supports.

^ However, this reference implementation does not support SSL, though an SSL layer could be added via the SSLeay libraries.
• Functional Specification for CAP Attribute Server and Attribute Query Protocol 9 January 2010 21:38 UTC www.ucop.edu [Source type: Reference]

^ On-the-job experience in planning, implementing, managing, or supporting Microsoft Windows Server 2000 or 2003, including Active Directory and Network Infrastructure .
• Course 6416: Updating your Active Directory Technology Skills to Windows Server 2008   - Denver, Colorado 80111 9 January 2010 21:38 UTC www.ameriteach.com [Source type: FILTERED WITH BAYES]

### Extended operations

.The Extended Operation is a generic LDAP operation which can be used to define new operations.^ Use of new protocols in the LDAP family.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ Support of the BIND operation using no credentials, simple credentials, or protected simple credentials, as defined in the 1988 X.509 standard.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

^ In truth, applications may be either directory-aware?capable of reading an LDAP directory?or directory-enabled?capable of reading and performing other defined LDAP operations on a directory.

.Examples include the Cancel, Password Modify and Start TLS operations.^ Password Modify extended operation .
• Lightweight Directory Access Protocol - Sun OpenDS Standard Edition 2.0 Glossary of LDAP and Directory Terminology 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ Examples of these operations include: .
• Active Directory Glossary : [Microsoft Windows 2000, Microsoft Windows 2000 Server, directory, Active Directory, Active Directory directory service, Active Directory Service Interfaces, ADSI, directory-enabled Networking, DEN, Lightweight Directory Access Protocol, LDAP, Domain Name System, DNS, Global Catalog, GC] 9 January 2010 21:38 UTC weisstrain.com [Source type: Reference]

^ TLS, or server is shutting down) Sequencing of the Start TLS Operation This section describes the overall procedures clients and servers must follow for TLS establishment.
• Protocol: LDAPS ( Secure Lightweight Directory Access Protocol ) 9 January 2010 21:38 UTC www.protocolbase.net [Source type: Reference]

### Abandon

.The Abandon operation requests that the server abort an operation named by a message ID. The server need not honor the request.^ Servers MUST discard abandon requests for message IDs they do not recognize, for operations which cannot be abandoned, and for operations which have already been abandoned.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ (The abandon request itself has its own message id.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Abandon Operation The function of the Abandon Operation is to allow a client to request that the server abandon an outstanding operation.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

.Unfortunately, neither Abandon nor a successfully abandoned operation send a response.^ In the event that a server receives an Abandon Request on a Search Operation in the midst of transmitting responses to the search, that server MUST cease transmitting entry responses to the abandoned request immediately, and MUST NOT send the SearchResponseDone.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ A client MUST NOT reuse the message id of an abandonRequest or of the abandoned operation until it has received a response from the server for another request invoked subsequent to the abandonRequest, as the abandonRequest itself does not have a response.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ In the event that a server receives an Abandon Request on a Search Operation in the midst of transmitting responses to that search, that server should cease transmitting responses to the abandoned search immediately.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

.A similar Cancel extended operation has therefore been defined which does send responses, but not all implementations support this.^ The Unbind Operation has no response defined.

^ Support of the BIND operation using no credentials, simple credentials, or protected simple credentials, as defined in the 1988 X.509 standard.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

^ If the DN specified in the request "looks like" a DN of a Directory record that some CommuniGate Pro Account has (or could have), the LDAP module does not perform any operation on the Directory at all.
• CommuniGate Pro: LDAP Module 9 January 2010 21:38 UTC www.communigate.com [Source type: Reference]

### Unbind

.The Unbind operation abandons any outstanding operations and closes the connection.^ This is used to unbind from the directory and close the connection.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ When a client issues an unbind operation, the server discards any authentication information it has associated with the client's connection, terminates any outstanding LDAP operations, and disconnects from the client, thus closing the TCP connection.The abandon operation has a single parameter: the message ID of the LDAP operation to abandon.

^ If the client receives a BindResponse response where the resultCode was protocolError, it MUST close the connection as the server will be unwilling to accept further operations.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

It has no response. .The name is of historical origin, and is not the opposite of the Bind operation.^ If the part is present, the client MUST use this name in its next request to progress the operation, and if it is not present the client will use the same name as in the original request.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

[4]
.Clients can abort a session by simply closing the connection, but they should use Unbind.^ They use Windows session?
• PHP and Active Directory - Dev Shed 9 January 2010 21:38 UTC forums.devshed.com [Source type: General]

^ This is used to unbind from the directory and close the connection.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ If the client receives a BindResponse response where the resultCode was protocolError, it MUST close the connection as the server will be unwilling to accept further operations.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

[5] .Unbind allows the server to gracefully close the connection and free resources that it would otherwise keep for some time until discovering the client had abandoned the connection.^ This is used to unbind from the directory and close the connection.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ N) synchronously unbind from the LDAP server and close the connection .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ Abandon Operation The function of the Abandon Operation is to allow a client to request that the server abandon an outstanding operation.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

.It also instructs the server to cancel operations that can be canceled, and to not send responses for operations that cannot be canceled.^ In the event that a server receives an Abandon Request on a Search Operation in the midst of transmitting responses to the search, that server MUST cease transmitting entry responses to the abandoned request immediately, and MUST NOT send the SearchResponseDone.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ If the client receives a BindResponse response where the resultCode was protocolError, it MUST close the connection as the server will be unwilling to accept further operations.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ In response to various requests, servers will return responses containing fields of type LDAPResult to indicate the final status of a protocol operation request.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

[6]

## LDAP URLs

An LDAP URL format exists which clients support in varying degree, and which servers return in referrals and continuation references (see RFC 4516):
ldap://host:port/DN?attributes?scope?filter?extensions

Most of the components, which are described below, are optional.
.
• host is the FQDN or IP address of the LDAP server to search.
• port is the network port of the LDAP server.
• DN is the distinguished name to use as the search base.
• attributes is a comma-separated list of attributes to retrieve.
• scope specifies the search scope and can be "base" (the default), "one" or "sub".
• filter is a search filter.^ N) construct an LDAP search filter from a pattern .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ In addition, one or more attributes in an entry can be used as the name of the entry itself.
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ The type of LDAP server determines the default filters that are used by WebSphere Application Server.
• Configuring Lightweight Directory Access Protocol user registries 9 January 2010 21:38 UTC publib.boulder.ibm.com [Source type: Reference]

For example (objectClass=*) as defined in RFC 4515.
• extensions are extensions to the LDAP URL format.
.For example, "ldap://ldap.example.com/cn=John%20Doe,dc=example,dc=com" refers to all user attributes in John Doe's entry in ldap.example.com, while "ldap:///dc=example,dc=com??sub?^ Note that there is a particular objectClass 'extensibleObject' defined in [5] which permits all user attributes to be present in an entry. RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference] ^ If the DN specified in the request "looks like" a DN of a Directory record that some CommuniGate Pro Account has (or could have), the LDAP module does not perform any operation on the Directory at all. CommuniGate Pro: LDAP Module 9 January 2010 21:38 UTC www.communigate.com [Source type: Reference] ^ For example, Foobar has a "public" LDAP server running on ldap.foobar.com, port 389. ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General] (givenName=John)" searches for the entry in the default server (note the triple slash, omitting the host, and the double question mark, omitting the attributes). .As in other URLs, special characters must be percent-encoded.^ Referral ::= SEQUENCE OF LDAPURL -- one or more LDAPURL ::= LDAPString -- limited to characters permitted in URLs If the client wishes to progress the operation, it MUST follow the referral by contacting any one of servers.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ The other byte values are used to form a variable-length encoding of an arbitrary character.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ (Very briefly, RFC 2396 says that whitespace must be encoding using a percent sign and two hex digits: ab cd becomes ab%20cd .
• Chirp Protocol Version 2 9 January 2010 21:38 UTC www.cse.nd.edu [Source type: Reference]

.There is a similar non-standard ldaps: URL scheme for LDAP over SSL. This should not be confused with LDAP with TLS, which is achieved using the StartTLS operation using the standard ldap: scheme.^ N) synchronously search using an LDAP URL .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ Standard LDAP Operations There are a number of standard operations that can be performed on a LDAP server.
• Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.peterindia.net [Source type: Reference]

^ N) asynchronously search using an LDAP URL .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

## Schema

.The contents of the entries in a subtree are governed by a schema known as Directory Information Tree (DIT).^ DIT See directory information tree.
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

^ The Entries are organized in a hierarchy, which is referred to as a Directory Information Tree (DIT).

^ Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry.
• 2-2 Protocols and Standards | StudyNotes.net 9 January 2010 21:38 UTC studynotes.net [Source type: Reference]

.The schema of a Directory Server defines a set of rules that govern the kinds of information that the server can hold.^ OPTIONS ) Read schema information from the server.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ User privileges, set in the directory, define which servers each user can access.
• Enterprise network management directory containing network addresses of users and devices providing access lists to routers and servers - Patent 6131120 9 January 2010 21:38 UTC www.freepatentsonline.com [Source type: Reference]

^ This defines what kind of information is allowed in the values.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

It has a number of elements, including:
• Attribute Syntaxes -- Provide information about the kind of information that can be stored in an attribute.
• Matching Rules -- Provide information about how to make comparisons against attribute values.
• Matching Rule Uses -- Indicate which attribute types may be used in conjunction with a particular matching rule.
• Attribute Types -- Define an OID and a set of names that may be used to refer to a given attribute, and associates that attribute with a syntax and set of matching rules.
• Object Classes -- Define named collections of attributes and classify them into sets of required and optional attributes.
• Name Forms -- Define rules for the set of attributes that should be included in the RDN for an entry.
• Content Rules -- Define additional constraints about the object classes and attributes that may be used in conjunction with an entry.
• Structure Rule -- Define rules that govern the kinds of subordinate entries that a given entry may have.
.Attributes are the elements responsible for storing information in a directory, and the schema defines the rules for which attributes may be used in an entry, the kinds of values that those attributes may have, and how clients may interact with those values.^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Values of this attribute may be modified by clients, but the objectClass attribute cannot be removed.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ It stores the password as an attribute of the user entry.
• 2 Introduction to LDAP and Oracle Internet Directory 9 January 2010 21:38 UTC download.oracle.com [Source type: Reference]

.Clients may learn about the schema elements that the server supports by retrieving an appropriate subschema subentry.^ Subentry: subschema entries (or subentries) known by this server.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Subschema Entries and Subentries Subschema entries are used for administering information about the directory schema, in particular the object classes and attribute types supported by directory servers.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Oracle directory server, which responds to client requests for information about people and resources, and to updates of that information, by using a multitiered architecture directly over TCP/IP .
• 2 Introduction to LDAP and Oracle Internet Directory 9 January 2010 21:38 UTC download.oracle.com [Source type: Reference]

.The schema defines object classes.^ It is not used for any of the object classes defined in Appendix B. 5.4.

^ The following object class is defined in this document: .

^ RFC 2798 was submitted as an Informational RFC in April 2000 defining the inetOrgPerson LDAP object class.

.Each entry must have an objectClass attribute, containing named classes defined in the schema.^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ The Names field of the object class definition contains the distinguished attributes for the object class.

^ Each entry MUST have an objectClass attribute.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

.The schema definition of the classes of an entry defines what kind of object the entry may represent - e.g.^ It is not used for any of the object classes defined in Appendix B. 5.4.

^ The following object class is defined in this document: .

^ Definition of the inetOrgPerson LDAP Object Class.
• Apache Directory Server v1.0 - Ldap related RFCs 9 January 2010 21:38 UTC cwiki.apache.org [Source type: Reference]

a person, organization or domain. .The object class definitions also define the list of attributes that must contain values and the list of attributes which may contain values.^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ This field is used for indicating the attributes that are contained in this object class.

^ Deletion of an object may result in deletion of all objects and attributes contained within it.

.For example, an entry representing a person might belong to the classes "top" and "person". Membership in the "person" class would require the entry to contain the "sn" and "cn" attributes, and allow the entry also to contain "userPassword", "telephoneNumber", and other attributes.^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Which attributes are required and allowed in an entry are controlled by a special objectClass attribute in every entry.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ Some attributes are general; others are personal.

.Since entries may have multiple ObjectClasses values, each entry has a complex of optional and mandatory attribute sets formed from the union of the object classes it represents.^ Values of this attribute may be modified by clients, but the objectClass attribute cannot be removed.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Each entry MUST have an objectClass attribute.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Add more attributes or values to the entry.
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

.ObjectClasses can be inherited, and a single entry can have multiple ObjectClasses values which define the available and required attributes of the entry itself.^ Each entry MUST have an objectClass attribute.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Which attributes are required and allowed in an entry are controlled by a special objectClass attribute in every entry.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ Add more attributes or values to the entry.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

.A parallel to the schema of an objectClass is a class definition and an instance in Object-oriented programming, representing LDAP objectClass and LDAP entry, respectively.^ Object-oriented Programming .
• ICH Acronyms 9 January 2010 21:38 UTC www.ichnet.org [Source type: Academic]

^ The result is an object of class the Net::LDAP::Schema manpage .
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ How does the schema affect entries?• What are object classes?

.Directory servers may publish the directory schema controlling an entry at a base DN given by the entry's subschemaSubentry operational attribute.^ Entries MAY contain, among others, the following operational attributes, defined in [5].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ 'Graham Barr' ); delete ( DN, OPTIONS ) Delete the entry given by DN from the server.
• Net::LDAP 9 January 2010 21:38 UTC cpan.uwinnipeg.ca [Source type: Reference]
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

^ I don't have that attribute > in my Directory Server.
• http://www.proftpd.org/localsite/Userguide/linked/x640.html 9 January 2010 21:38 UTC www.proftpd.org [Source type: General]

.(An operational attribute describes operation of the directory rather than user information and is only returned from a search when it is explicitly requested.^ N) user friendly search the directory .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ N) user friendly search the directory with cancel .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ Passwords are a user attribute in the directory.
• Enterprise network management directory containing network addresses of users and devices providing access lists to routers and servers - Patent 6131120 9 January 2010 21:38 UTC www.freepatentsonline.com [Source type: Reference]

)
• Peachpit: How to Access Mac OS X Server Directory Services > Understanding LDAP 9 January 2010 21:38 UTC www.peachpit.com [Source type: General]

^ Setup permission requirement changes that allow additional servers running Exchange Server to be added to an existing Administrators group without the need of a full Exchange Server administrator.
• ONS GLOBAL EMAIL SERVICES 9 January 2010 21:38 UTC www.onsglobal.com [Source type: FILTERED WITH BAYES]

^ Thanx for any help...Peter, could you send me part of your proftpd.co= nf, or ldif entries you had to add on your LDAP server?
• http://www.proftpd.org/localsite/Userguide/linked/x640.html 9 January 2010 21:38 UTC www.proftpd.org [Source type: General]

.A schema for representing individual people within organizations is termed a white pages schema.^ Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry.
• 2-2 Protocols and Standards | StudyNotes.net 9 January 2010 21:38 UTC studynotes.net [Source type: Reference]

^ Like the white pages of the phone book, an LDAP directory is where you find basic information about people and how to reach them.
• Building a Better Directory - Lightweight Directory Access Protocol and its use in developing a human resources directory | HR Magazine | Find Articles at BNET 9 January 2010 21:38 UTC findarticles.com [Source type: News]

^ Some of these will sync data wirelessly, others will need to occasionally connect to the Intranet to get their data, but all will need to be able to utilize the Corporate White Pages to function within the organization.
• Issues and Considerations Concerning Directory Architecture 9 January 2010 21:38 UTC www.colomar.com [Source type: FILTERED WITH BAYES]

## Variations

A lot of the server operation is left to the implementor or administrator to decide. .Accordingly, servers may be set up to support a wide variety of scenarios.^ This is usually done when setting up the LDAP server.

^ Execution in a wide range of operating system and hardware environments, including those that do not support Directory Server.

^ Today's enterprises need a more general purpose directory infrastructure, one based on a common standard for supporting a wide variety of applications and services.
• 2 Introduction to LDAP and Oracle Internet Directory 9 January 2010 21:38 UTC download.oracle.com [Source type: Reference]

.For example, data storage in the server is not specified - the server may use flat files, databases, or just be a gateway to some other server.^ Provision of files that can be used for any user or server.
• Sodium Directory Data Access and Management 9 January 2010 21:38 UTC messaging.isode.com [Source type: Reference]

^ When it was first introduced, LDAP required the services of X.500 servers, specifically their directory information storage features and passing of unfilled service requests to other directory servers.

^ You're already using an Oracle, Sybase, Informix, or Microsoft SQL database to store much of that same data.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

.Access control is not standardized, though there has been work on it and there are commonly used models.^ There is a standard and flexible mechanism for specifying access control.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ Instead, as it does with other protocol servers, Oracle Files NFS uses access control lists (ACLs) to control access.
• 2 Oracle Files Protocol Support 9 January 2010 21:38 UTC www.ncsu.edu [Source type: Reference]

^ Please see RFC 2487 for more information on startTLS. Currently LDAP does not have an inherent standard means to enforce access control.

.Users' passwords may be stored in their entries or elsewhere.^ NOTE: DIMSRoaming registry value might be a value of 0x9 if you have Windows Vista or higher and enabled Stored User name and password roaming.
• Ask the Directory Services Team 9 January 2010 21:38 UTC blogs.technet.com [Source type: FILTERED WITH BAYES]
• Ask the Directory Services Team 9 January 2010 21:38 UTC blogs.technet.com [Source type: FILTERED WITH BAYES]

^ DSAs providing the Directory service perform access control checks in order to determine what operations an authenticated user may perform on entries, attributes, and values.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

^ NIS maps A file used by NIS that holds information of a particular type, for example, the password entries of all users on a network or the names of all host machines on a network.
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

.The server may refuse to perform operations when it wishes, and impose various limits.^ In truth, applications may be either directory-aware?capable of reading an LDAP directory?or directory-enabled?capable of reading and performing other defined LDAP operations on a directory.

^ In response to various requests, servers will return responses containing fields of type LDAPResult to indicate the final status of a protocol operation request.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

^ DSAs providing the Directory service perform access control checks in order to determine what operations an authenticated user may perform on entries, attributes, and values.
• Directory Services 9 January 2010 21:38 UTC penta2.ufrgs.br [Source type: Reference]

Most parts of LDAP are extensible. .Examples: One can define new operations.^ Next, other operations are performed by calling one of the synchronous or asynchronous functions (for example, ldap_search_s(3N) or ldap_search(3N) followed by ldap_result(3N) ).
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ ASCII-equivalent letters, numbers and hyphen Examples of valid AttributeDescription: cn userCertificate;binary One option, "binary", is defined in this document.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ Extensibility  New object types and operations can be dynamically defined and schema published in a standard manner.

.Controls may modify requests and responses, e.g.^ Each proxy may support many managed devices, using the "instance" information to multiplex CMIP requests and responses among them.

^ Note that due to the requirement for atomicity in applying the list of modifications in the Modify Request, the client may expect that no modifications of the DIB have been performed if the Modify Response received indicates any sort of error, and that all requested modifications have been performed if the Modify Response indicates successful completion of the Modify Operation.
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

^ LDAPMessage responses of the ExtendedResponse form are reserved for returning information associated with a control requested by the client.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

to request sorted search results. .New search scopes and Bind methods can be defined.^ Scope : - It defines the scope or a extend of the search.
• LDAP- The Lightweight Directory Service 9 January 2010 21:38 UTC www.vijaymukhi.com [Source type: FILTERED WITH BAYES]

^ The semantics of the possible values of this field are identical to the semantics of the scope field in the X.511 Search Operation.- derefAliases: An indicator as to how alias objects (as defined inX.501) are to be handled in searching.

^ The client can also define the directory container the search shall begin with: The so-called BaseDN. Moreover, via a scope parameter it can be determined if the search shall also expand to existing sub containers.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

.Attributes can have options that may modify their semantics.^ Values of this attribute may be modified by clients, but the objectClass attribute cannot be removed.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ A server which masters entries and permits clients to modify these entries MUST implement and provide access to these subschema entries, so that its clients may discover the attributes and object classes which are permitted to be present.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ The add option should be a reference to a HASH. The values of the HASH are the attributes to add, and the values may be a string or a reference to a list of values.
• Net::LDAP -- Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selectorweb.com [Source type: Reference]

## Other data models

.As LDAP has gained momentum, vendors have provided it as an access protocol to other services.^ Lightweight Directory Access Protocol (LDAP) - An IETF standard for directory services.

^ The major alternatives to LDAP as an access protocol will be: .
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ APIs to access LDAP Directory Services .
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

.The implementation then recasts the data to mimic the LDAP/X.500 model, but how closely this model is followed varies.^ The four LDAP models are as follows: .
• b n e l s o n . c o m - Directory Based Services (LDAP) 9 January 2010 21:38 UTC www.cmzone.com [Source type: Reference]

^ An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen.
• 2-2 Protocols and Standards | StudyNotes.net 9 January 2010 21:38 UTC studynotes.net [Source type: Reference]

^ Servers which follow X.500(93) models SHOULD implement subschema using the X.500 subschema mechanisms, and so these subschemas are not ordinary entries.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

.For example, there is software to access SQL databases through LDAP, even though LDAP does not readily lend itself to this.^ Even though the user has an Intranet connection at the office, their capabilities as a remote access user may need to be diminished, or customized.
• Issues and Considerations Concerning Directory Architecture 9 January 2010 21:38 UTC www.colomar.com [Source type: FILTERED WITH BAYES]

^ Note that though they are referred to as separate entities here, there is no requirement these two entities be distinct (i.e., a DSA could speak LDAP directly).
• RFC 1487 (rfc1487) - X.500 Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.faqs.org [Source type: Reference]

^ The Lightweight Directory Access Protocol, better known as LDAP, is based on the X.500 standard, but significantly simpler and more readily adapted to meet custom needs.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

[7] .X.500 servers may support LDAP as well.^ Although LDAP is well rooted as a simplified component of the X.500 directory, it has become the de facto directory protocol on the Internet today.

^ Microsoft clients and servers are also designed to interoperate with other products that support LDAP. .
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ This is only possible if the connection uses LDAPv3, and requires that the server advertizes support for LDAP_EXTENSION_START_TLS. Use supported_extension in the Net::LDAP::RootDSE manpage to check this.
• Net::LDAP - Lightweight Directory Access Protocol 9 January 2010 21:38 UTC perl.enstimac.fr [Source type: Reference]

.Similarly, data which were previously held in other types of data stores are sometimes moved to LDAP directories.^ The structure of an LDAP directory tree LDAP directory servers store their data hierarchically.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

^ In other words, an LDAP information directory is a type of database, but it's not a relational database.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

^ Schema partition The schema directory partition holds the definitions for the type of data that can be held by the directory store.

.For example, Unix user and group information can be stored in LDAP and accessed via PAM and NSS modules.^ Storing Vendor Information in the LDAP root .
• Apache Directory Server v1.0 - Ldap related RFCs 9 January 2010 21:38 UTC cwiki.apache.org [Source type: Reference]

^ Oracle Enterprise Security Manager lets you store and retrieve roles from Oracle Internet Directory if the roles support the Lightweight Directory Access Protocol (LDAP).

^ For example, when a client wants to modify meta-information hidden in the directory, it can send the manageDSAIT control along with the LDAP command.
• 2 Introduction to LDAP and Oracle Internet Directory 9 January 2010 21:38 UTC download.oracle.com [Source type: Reference]

.LDAP is often used by other services for Authentication.^ How can an LDAP server be used for authentication?

^ The directory service system often has an abstract object class named 'top' all other classes originate from.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

^ In other email group, I succeeded allow wu_ftp to talk to standard pam_ldap and nss_ldap module for ftp user to authenticate with a remote LDAP server.
• http://www.proftpd.org/localsite/Userguide/linked/x640.html 9 January 2010 21:38 UTC www.proftpd.org [Source type: General]

## Usage

### Naming structure

Since an LDAP server can return referrals to other servers for requests the server itself will not/can not serve, a naming structure for LDAP entries is needed so one can find a server holding a given DN. Since such a structure already exists in the Domain name system (DNS), servers' top level names often mimic DNS names, as they do in X.500.
.If an organization has domain name example.org, its top level LDAP entry will typically have the DN dc=example,dc=org (where dc means domain component).^ N) asynchronously modify the name of an LDAP entry .
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ DN of the LDAP entry.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

^ N) locate the LDAP URL associated with a DNS domain name.
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

.If the LDAP server is also named ldap.example.org, the organization's top level LDAP URL becomes ldap://ldap.example.org/dc=example,dc=org.^ For example, Foobar has a "public" LDAP server running on ldap.foobar.com, port 389.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

^ N) locate the LDAP URL associated with a distinguished name.
• ldap(3N) - Lightweight Directory Access Protocol package (man Pages(3): Library Routines) - Sun Microsystems 9 January 2010 21:38 UTC docs.sun.com [Source type: Academic]

^ The LDAP server itself is often called DSA (Directory Services Agent) and can contain several DIT tree structures / naming contexts.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

.Below the top level, the entry names will typically reflect the organization's internal structure or needs rather than DNS names.^ LDAP relegates the knowledge of a value's syntax to the application program rather than lower-level protocol routines.
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ For each structure that you wish to represent, there needs to be an attribute in each entry that stores a reference to the entries superior.
• View500 Directory Server 9 January 2010 21:38 UTC www.view500.com [Source type: FILTERED WITH BAYES]

^ Each entry has a fully qualified name, the Distinguished Name (DN).
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

## Terminology

The LDAP terminology one can encounter is rather cumbersome. .Some of this is due to misunderstandings, other examples are due to its historical origins, others arise when used with non-X.500 services that use different terminology.^ The directory service system often has an abstract object class named 'top' all other classes originate from.
• SelfADSI : LDAP - The Lightweight Directory Access Protocol 9 January 2010 21:38 UTC www.selfadsi.org [Source type: Reference]

^ Some other traffic earlier in the capture indicated that, for example, UDP traffic between two particular addresses and ports will be RTP traffic.
• Ethereal: Frequently Asked Questions 9 January 2010 21:38 UTC staging.ethereal.com [Source type: FILTERED WITH BAYES]

^ X.500 DISP provides this service, and gives a lot of flexibility for different replication configurations.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

.For example, "LDAP" is sometimes used to refer to the protocol, other times to the protocol and the data.^ Use of new protocols in the LDAP family.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ Use LDAP cross references.
• LDAP and X.500 9 January 2010 21:38 UTC www.isode.com [Source type: FILTERED WITH BAYES]

^ A protocol used to send data over a network.
• Linksys.com – Learning Center/Glossary 9 January 2010 21:38 UTC www-de.linksys.com [Source type: Reference]
• Linksys.com – Learning Center/Glossary 9 January 2010 21:38 UTC www-uk.linksys.com [Source type: Reference]

.An "LDAP directory" may be the data or also the access point.^ APIs to access LDAP Directory Services .
• MS Strategy for Lightweight Directory Access Protocol (LDAP) 9 January 2010 21:38 UTC technet.microsoft.com [Source type: Reference]

^ In truth, applications may be either directory-aware?capable of reading an LDAP directory?or directory-enabled?capable of reading and performing other defined LDAP operations on a directory.

^ Oracle Enterprise Security Manager lets you store and retrieve roles from Oracle Internet Directory if the roles support the Lightweight Directory Access Protocol (LDAP).

.An "attribute" may be the attribute type, or the contents of an attribute in a directory, or an attribute description (an attribute type with options).^ It also provides an XML markup for values of existing complex syntaxes like directory schema definitions (attribute type definitions, object class definitions, etc).
• ViewDS Directory & Discovery Server 9 January 2010 21:38 UTC www.viewds.com [Source type: Reference]
• View500 Directory Server 9 January 2010 21:38 UTC www.view500.com [Source type: FILTERED WITH BAYES]

^ In a search result, it may be that an attribute of that type would be returned, but with an empty set of values.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ An AttributeDescription with one or more options is treated as a subtype of the attribute type without any options.
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

.An "anonymous" and an "unauthenticated" Bind are different Bind methods that both produce anonymous authentication state, so both terms are being used for both variants.^ To prevent unauthorized use of a database username, Oracle provides user validation through several different methods for normal database users.

^ However if a 0 (null) is used, then the login is stated to be an anonymous login (and you always thought that anonymous letters and phone calls were the last word on anonymous communication) Authentication : - This word sounds music to the ears of the science fiction buffs.
• LDAP- The Lightweight Directory Service 9 January 2010 21:38 UTC www.vijaymukhi.com [Source type: FILTERED WITH BAYES]

^ Customizing your directory's object classes You can use LDAP to store data on almost any type of object, as long as that object can be described in terms of various attributes.
• ldapman.org - Introduction to LDAP 9 January 2010 21:38 UTC www.ldapman.org [Source type: General]

## References

• ITU-T Rec. .X.680, "Abstract Syntax Notation One (ASN.1) - Specification of Basic Notation", 1994
• Basic encoding rules (BER) - ITU-T Rec.^ The encoding rules for ASN.1 [6] provide a machine-independent network representation for data.

^ Instead the attribute is to be transferred as a binary value encoded using the Basic Encoding Rules [11].
• RFC 2251 9 January 2010 21:38 UTC www.normos.org [Source type: Reference]

^ ISO 8825: "Information processing systems - Open Systems Interconnection, Specification of Basic Encoding Rules for Abstract Notation One (ASN.1)", Geneva, March 1988.

X.690, "Specification of ASN.1 encoding rules: Basic, Canonical, and Distinguished Encoding Rules", 1994
• RFC 4346 - The TLS Protocol Version 1.1
• RFC 4422 - Simple Authentication and Security Layer (SASL)
• SASL mechanisms registered at IANA

• Arkills, B (2003). .LDAP Directories Explained: An Introduction and Analysis.^ LDAP Directories Explained) “LDAP uses BER encoding, specifically a simplified subset of BER. ASN.1 messages are placed in a format it calls ‘octet strings’.

^ References – 1) Understanding and Deploying LDAP Directory Services, Chap.1, section,”What is a Directory” 2) Revisiting the Hierarchical Data Model, section 3 3) LDAP Directories Explained, p.

^ Directory Services Overview” 2) “Revisiting the Hierarchical Data Model”LDAP Directories Explained – Chapter 1, p.13 – “Typical Directory Use”Directories are organized in an object-oriented and hierarchical way.

• Carter, G (2003). .LDAP System Administration.^ References – 1) LDAP System Administration – Chap.

^ Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) .
• Glossary - System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) 9 January 2010 21:38 UTC dlc.sun.com [Source type: Reference]

^ References – LDAP System Administration – Chapter 4 – Building a company white pages, starting on page 70Parameters of the Add Request are:- entry: the Distinguished Name of the entry to be added.

O'Reilly Media. ISBN 1565924916.

• Donley, C (2002). LDAP Programming, Management, and Integration. Manning Publications. ISBN 1930110405.
• Howes, T; Smith, M; Good, G (2003). Addison-Wesley Professional. ISBN 0672323168.
• Rhoton, J (1999). .Programmer's Guide to Internet Mail: SMTP, POP, IMAP, and LDAP.^ Mulberry is designed for use with email servers that support the Post Office Protocol (POP3) and the Internet Message Access Protocol (IMAP).Mulberry supports several other Internet standard protocols, including the Internet Message Support Protocol (IMSP), Simple Mail Transfer Protocol (SMTP), Application Configuration Access Protocol (ACAP) and the Lightweight Directory Access Protocol (LDAP).

^ The Mobility Email client is a powerful Free (as in Freedom) Software email client that supports IMAP, POP and SMTP email.
• Instant Applications 9 January 2010 21:38 UTC www.instantapp.net [Source type: FILTERED WITH BAYES]

^ If you are familiar with text-based Internet protocols such as POP, IMAP, and SMTP, this may seem like an unfortunate limitation.

Elsevier. ISBN 1555582125.

• Voglmaier, R (2003). .The ABCs of LDAP: How to Install, Run, and Administer LDAP Services.^ This module explains how to install and configure the Active Directory Domain Services (ADDS) server role and administering it with Server Manager.
• Course 6416: Updating your Active Directory Technology Skills to Windows Server 2008   - Denver, Colorado 80111 9 January 2010 21:38 UTC www.ameriteach.com [Source type: FILTERED WITH BAYES]

^ Lightweight Directory Access Protocol, or LDAP, is a networking protocol for querying and modifying directory services running over TCP/IP. .
• 2-2 Protocols and Standards | StudyNotes.net 9 January 2010 21:38 UTC studynotes.net [Source type: Reference]

^ The Lightweight Directory Access Protocol, or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. less .

Auerbach Publications. ISBN 0849313465.

### RFCs

LDAP is currently specified in a series of Request for Comments documents:
Due to their vast number, the following image helps explain the transitions of LDAP since its initial creation:
The following RFCs detail LDAP-specific Best Current Practices:
• RFC 4520 (also BCP 64) - Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) (replaced RFC 3383)
• RFC 4521 (also BCP 118) - Considerations for Lightweight Directory Access Protocol (LDAP) Extensions
The following is a partial list of RFCs specifying LDAPv3 extensions:
LDAPv2 was specified in the following RFCs:
LDAPv2 was moved to historic status by the following RFC:
• RFC 3494 - Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status

# Citable sentences

Up to date as of December 16, 2010

Here are sentences from other pages on Lightweight Directory Access Protocol, which are similar to those in the above article.