LDAP

The D in LDAP: Basically the D in LDAP stands for Directory - Lightweight Directory Access Protocol. Mostly this came about because of the historic beginnings of LDAP (and its predecessor to DAP) which focussed on classic white-page directory style applications for email servers and based on OAutentication. However, terminology can be self-limiting. Make no mistake, LDAP is all about Data access and if the term Directory limits your(Developer’s) thinking because of existing mental models of directories (it certainly did for us - there again perhaps we are just mentally limited), substitute the term Data as in Lightweight Data Access Protocol in your mind when thinking about LDAP. How ever it is really beyond than that.

At initial time, in the the late 70's - early 80's the ITU (International Telecommunication Union) started work on the X.400 series of email standards. This email standard required to store a directory of names (and other information) that could be accessed across networks in a hierarchical fashion not dissimilar to DNS for those familiar with its architecture.

This need for a global network based directory led the ITU to develop the X.500 series of standards and specifically X.519, which defined DAP(Directory Access Protocol), the protocol for accessing a networked directory service.

without picking up all the gruesome protocol (OSI) overheads and started work on a Lightweight Directory Access Protocol (LDAP). LDAP was designed to provide almost as much functionality as the original X.519 standard but using the TCP/IP protocol - while still allowing inter-working with X.500 based directories. Indeed, X.500 (DAP) inter-working and mapping is still part of the IETF LDAP series of RFCs.

A number of the more serious issues in the LDAP specifications, most notably the directory root naming convention, can be traced back to X.500 inter-working and the need for global directories.

LDAP - broadly - differs from DAP in the following respects:

  • TCP/IP is used in LDAP - DAP uses OSI as the transport/network layers.
  • Some reduction in functionality - obscure, duplicate and rarely used features (an ITU speciality) in X.519 were quietly and mercifully dropped.
  • Replacement of some of the ASN.1 (X.519) with a text representation in LDAP (LDAP URLs and search filters). 

Umashankar Ghadai

Download to Read more ....

 

Download    Comment    03-11-2017 6 : 30 PM