LDAP – Lightweight Directory Access Protocol

Lightweight Directory Access Protocol

The purpose of LDAP introduction was to supply a directory service offering protocol. That protocol is active on a layer, resting on top of the TCP/IP stack. Its mechanism is available for the connection, searching, and modification of the Internet directories. Actually, Lightweight Directory Access Protocol (a directory service) is consisted on the client-server representation. The main job of that protocol is to the facilitate right of entry to an accessible directory.

In other words, it is quite appropriate for the directory administration. Moreover, it is suitable for browser applications with no primary directory service uphold. LDAP internet protocol is used by the email and some other programs in order to search out for the information on or after a server. An email program can have an individual address book. However, certain questions may come in front of you like using what way; you can be able to find an address of a person who has never emailed you. And in which way a group can maintain one updated centralized phone book for everybody right to use. Due to these reasons major software companies started to hold up LDAP standard and which became a reason of its popularity too.

Anyway, no more than a LDAP-aware client program can pronounce, for searching the entries, to LDAP server. But LDAP protocol is not restricted to just getting in touch with the information but its other utilizations are included the searching encryption certificates and other specific services over the networks etc. In fact, this protocol is right for those similar to directory information that requires fast lookups but not as much of frequent updates.

Application protocol “Lightweight Directory Access Protocol” can be used to access and maintain the dispersed directory related information services within an IP network. Actually, LDAP is accessible as ASN.1 and can be transmitted with the help of BER.

General Idea of Protocol

A client program can initiate an LDAP session after making a connection with an LDAP server which is also known as the DSA (directory system agent) when using the TCP-port 389. In this process, the client will first send a request for the intended procedure of communication to the server, and in reply the server is required to respond. But in certain cases, client is not needed to hang around for such replies and can send its next request without waiting anymore. That means the server can throw responses anyway.

Following are the some possible operations that a client may ask for: StartTLS, Search for directory entries, fetching directory entries, comparison for the sake of testing a named entry that is contained a given attribute entry, adding up a fresh entry, deleting entries, modifying entries, extended operation and unbind or close the connection operation.

Standard LDAP Error Messages

Following error messages can be observed in RFC 4511 (Section: 4.1.9):

Error Name: LDAP_SUCCESS (Number: 0 (x’00)), Error Name: LDAP_OPERATIONS_ERROR (Number: 1 (x’01)), Error Name: LDAP_TIMELIMIT_EXCEEDED (Number: 3 (x’03)), Error Name: LDAP_STRONG_AUTH_NOT_SUPPORTED (Number:  7 (x’07) and Error Name: LDAP_REFERRAL (Number: 10 (x’0A))





Leave a Reply