LDAP (Lightweight Directory Access
Protocol) is a proposed open standard for global or local
directory services over a network and/or the Internet. A directory, in
this sense, is very much like a phone book. LDAP can handle other
information, but at present it is typically used to associate names with
phone numbers and email addresses. LDAP directories are designed to
support a high volume of queries, but the data stored in the directory
doesn't change very often.
LDAP is much more useful than a paper phone book, because LDAP's design
is intended to support propagation over LDAP servers throughout the
Internet, much like the Domain Name Service
(DNS). DNS servers help to connect computers to
one another based on fully qualified domain names or the type of service
requested from a domain, such as mail exchange. Without DNS servers,
hostnames could not be translated into IP addresses, which are required
for TCP/IP communication. In the future, LDAP could provide the same
type of global access to many types of directory information. Currently,
LDAP is more commonly used within a single large organization, like a
college or a company, for directory services.
LDAP is a client-server system. An LDAP client connects to an LDAP
server and either queries it for information or provides information that
needs to be entered into the directory. The server either answers the
query, refers the query to another LDAP server, or accepts the
information for incorporation into the directory, based on the permission
of the user.
LDAP is sometimes known as X.500 Lite. X.500 is
an international standard for directories and full-featured, but
it is also complex, requiring a lot of computing resources and the full OSI
stack. LDAP, in contrast, can run easily on a PC and over TCP/IP. LDAP
can access X.500 directories but does not support every capability
of X.500.
This chapter will refer to the configuration and use of
OpenLDAP, an open source implementation of
LDAP. OpenLDAP includes
slapd (a stand-alone LDAP server),
slurpd (a stand-alone LDAP replication server),
libraries implementing the LDAP protocol, utilities, tools, and sample
clients.
