LDAP (Lightweight Directory Access Protocol)
LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients. LDAP servers store "directories" which are access by LDAP clients.
LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.
LDAP servers store a hierarchical directory of information. In LDAP parlance, a fully-qualified name for a directory entry is called a Distinguished Name. Unlike DNS (Domain Name Service) FQDN's (Fully Qualified Domain Names), LDAP DN's store the most significant data to the right.
The Four Models of LDAP
LDAP is defined by four models:
| Model | Description |
|---|---|
| Information | Describes the structure of information stored in an LDAP directory |
| Naming | Describes how information in an LDAP directory is organized and identified |
| Functional | Describes what operations can be performed on the information stored in an LDAP directory |
| Security | Describes how the information in an LDAP directory can be protected from unauthorized access |
LDAP is extensible and can be used to store any type of data. Most interesting is that LDAP is being used as a core technology for most Single Sign On (SSO) implementations.
Additional Sources of Information on LDAP
For more information on LDAP, read RFC 3377 – Lightweight Directory Access Protocol (v3): Technical Specification or the IBM Redbook Understanding LDAP.
|
|
- LDAP Security Issues
RFC 2829 – Authentication Methods for LDAP defines the basic threats to an LDAP directory service: Unauthorized access to data via data-fetching operations, Unauthorized access to reusable client authentication information by monitoring others' access, Unauthorized access to data by monitoring others' access, Unauthorized modification of data, Unauthorized modification of configuration, Unauthorized or excessive use of [...]...
- IMAP (Internet Message Access Protocol)
If you are a perpetual user of the Internet and its services such as email, then the chances are high that you've come across the term, IMAP or Internet Message Access Protocol. IMAP, in layman's term, is a technique of retrieving e-mails from a mail server using a suitable e-mail client. Normally, you don't see [...]...
- Directory Partitions
The Active Directory database is logically separated into directory partitions: Schema partition Configuration partition Domain partition Application partition Each partition is a unit of replication and each partition has its own replication topology. Replication occurs between directory partition replicas. Minimum two directory partitions are common among all domain controllers in the same forest: the schema [...]...
- Active Directory
Active Directory (AD) is a structure used on computers and servers running the Microsoft Windows operating system (OS). AD is used to store network, domain, and user information and was originally created by Microsoft in 1996. It was first deployed on Microsoft Windows 2000. Active directories provide a number of functions to include providing information [...]...
- Global Catalog in Active Directory
Domains and Forests can also share resources available in active directory. These resources are searched by Global Catalog across domains and forests and this search is transparent to user. For example, if you make a search for all of the printers in a forest, this search goes to global catalog server for its query and [...]...