LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients. LDAP servers store "directories" which are access by LDAP clients.
LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.
LDAP servers store a hierarchical directory of information. In LDAP parlance, a fully-qualified name for a directory entry is called a Distinguished Name. Unlike DNS (Domain Name Service) FQDN's (Fully Qualified Domain Names), LDAP DN's store the most significant data to the right.
The Four Models of LDAP
LDAP is defined by four models:
|Information||Describes the structure of information stored in an LDAP directory|
|Naming||Describes how information in an LDAP directory is organized and identified|
|Functional||Describes what operations can be performed on the information stored in an LDAP directory|
|Security||Describes how the information in an LDAP directory can be protected from unauthorized access|
LDAP is extensible and can be used to store any type of data. Most interesting is that LDAP is being used as a core technology for most Single Sign On (SSO) implementations.
Additional Sources of Information on LDAP
For more information on LDAP, read RFC 3377 – Lightweight Directory Access Protocol (v3): Technical Specification or the IBM Redbook Understanding LDAP.