Could someone please explain LDAP?

I often hear things like "Can we load our employee info using LDAP?" Yet, the title "Lightweight Directory Access Protocol" makes me think of it as a protocol rather than a physical database management system like Oracle or MSSQL.

So could someone please explain to me what LDAP is, how it's used, and how it basically works? Is LDAP simply a standard protocol for extracting data from a variety of DBMSs? In an architecture diagram, would LDAP be simply an arrow drawn between the DB and the application server?

LDAP is a protocol for querying user directories. For example, Active Directory or Novell eDirectory both support LDAP. It is also, to a degree a syntax for doing such queries, like how SQL is a querying language for querying databases.

An LDAP command could look like

(givenName=Mike)

And it would return all Mikes in the directory.

LDAP IS a protocol, but many people I know like to overload its meaning to include "any store capable of responding to LDAP queries." Active Directory is such a store, and there are many others. It is used when architects don't really care what the store is. It's used in the same as if you were to say "Store it in the SQL" when you don't care whether it's MySql or Oracle or SQL Server.

LDAP is usually used as authentication database. Let's say you have CMS product you sell as Software-as-a-Service. So user gets CMS and you maintain it etc.

So, you install it to examplecustomer1.com, examplecustomer2.org, examplecustomer3.net (one software per domain). Now you have THREE user databases to maintain. So you add yourself to all systems as admin and customers accounts as well.

Then you discover LDAP. You add LDAP support to your product and now you have one central database of users. You can login as admin to all systems with your own ONE username and password. CMS system still contains user database and rights for each user but username is now used as reference to LDAP database and password field is deleted from CMS database schema.

LDAP is a protocol created in response to the complexity of the X.500 family of protocols. It is intended to represent a hierarchical directory structure. The X.500 standard was originally intended to be used over a complete OSI layer stack and was created to fulfill the requirements of the telecom industry. LDAP was designed to use TCP/IP to provide similar functionality without the extra overhead. You can find information on X.500, OSI and LDAP on wikipedia. X.500 and OSI are both covered in most data communications textbooks as well.

- [

[To see links please register here]

][1]
- [

[To see links please register here]

][2]
- [

[To see links please register here]

][3]

[1]:

[To see links please register here]

[2]:

[To see links please register here]

[3]:

[To see links please register here]

Yes, LDAP (Lightweight Directory Access Protocol) is a protocol that runs on TCP/IP.

It is used to access directory services, like Microsoft's Active Directory, or Sun ONE Directory Server.

A directory service is a kind of database or data store, but not necessarily a relational database. The structure is usually much simpler, storing hierarchical collections of name-value pairs, e.g. lastName=Smith, firstName=John.

LDAP stands for Lightweight Directory Access Protocol. This is an extensible open network protocol standard that
provides access to distributed directory services. LDAP is an Internet standard for directory services that run on
TCP/IP. Under OpenLDAP and related servers, there are two servers – slapd, the LDAP daemon where the
queries are sent to and slurpd, the replication daemon where data from one server is pushed to one or more slave servers. By having multiple servers hosting the same data, you can increase reliability, scalability, and
availability.

It defines the operations one may perform like search, add, delete, modify, change name
It defines how operations and data are conveyed.

LDAP has the potential to consolidate all the existing application specific information like user, company phone
and e-mail lists. This means that the change made on an LDAP server will take effect on every directory service
based application that uses this piece of user information. The variety of information about a new user can be
added through a single interface which will be made available to Unix account, NT account, e-mail server, Web
Server, Job specific news groups etc. When the user leaves his account can be disabled to all the services in a
single operation.

So LDAP is most useful to provide “white pages” (e.g. names, phone numbers, roles etc) and “yellow pages” (e.g.
location of printers, application servers etc) like services. Typically in a J2EE application environment it will be
used to authenticate and authorise users.

Yes, LDAP itself usually requires a lower level DB store.
I suggest you get your hands dirty here:

If you just install OpenLDAP &
play with it...

[To see links please register here]

...you will be forced to consider the dependencies.

One of which is, in this case, SleepyCat.

Have fun.

For more fun, here is a good philosophical discussion on the taxonomy:

[To see links please register here]

What is LDAP:

All LDAP is a communication protocol which Microsoft implemented for the Active directory directory service and is used for other NTDS.DIT files. Lets get the confusion out of the way. NTDS.DIT contains Active Directory database. To ACCESS the data base you need the communication protocol LDAP. Thats it. So again NTDS.DIT is a simple database i.e ADDS Database (Active Director Directory Services) How do we access it?

We access it using LDAP.

lets use LDAP quick example.
C:/users/data.doc


or

> LDAP Syntax
>
>
> CN=Bob,OU=Users,DC=Youtube,DC=Com
>
> CN = Canonical Name (object or name)
>
> OU = Organizational Unit (Folder in Active directory)
>
> DC = Domain Controller (Where it is)



Other info: Active directory is database based on the X.500 Standard which contains all the AD object which is the NTDS.DIT file.

LDAP is basically a protocol to access a directory. Directory here basically refers to a directory having information of the users present in the organisation. Examples of directory include Microsoft's Active Directory (AD) and Oracle's Internet Directory (OID). The directory basically are used for implementing the single sign on feature for the organisation by centralising user authentication and authorisation. For more details refer the below links:

1.

[To see links please register here]

2.

[To see links please register here]