LDAP: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
== Overview ==
The '''Lightweight Directory Access Protocol''' ('''LDAP'''; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
The '''Lightweight Directory Access Protocol''' ('''LDAP'''; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.


== Protocol ==
== Overview ==
A client starts an LDAP session by connecting to an LDAP server, called a [[wikipedia:Directory System Agent|Directory System Agent]] (DSA), by default on [[wikipedia:Transmission Control Protocol|TCP]] and [[wikipedia:User Datagram Protocol|UDP]] [[wikipedia:Port (computer networking)|port]] 389, or on port 636 for LDAPS (LDAP over SSL, see below). The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using [[wikipedia:Basic Encoding Rules|Basic Encoding Rules]] (BER).
A client starts an LDAP session by connecting to an LDAP server, called a [[wikipedia:Directory System Agent|Directory System Agent]] (DSA), by default on [[wikipedia:Transmission Control Protocol|TCP]] and [[wikipedia:User Datagram Protocol|UDP]] [[wikipedia:Port (computer networking)|port]] 389, or on port 636 for LDAPS (LDAP over SSL, see below). The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using [[wikipedia:Basic Encoding Rules|Basic Encoding Rules]] (BER).


Line 20: Line 19:


In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out.
In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out.


== References ==
== References ==

Revision as of 22:32, 19 May 2018

The Lightweight Directory Access Protocol (LDAP; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Overview

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS (LDAP over SSL, see below). The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).


The client may request the following operations:

  • StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
  • Bind — authenticate and specify LDAP protocol version
  • Search — search for and/or retrieve directory entries
  • Compare — test if a named entry contains a given attribute value
  • Add a new entry
  • Delete an entry
  • Modify an entry
  • Modify Distinguished Name (DN) — move or rename an entry
  • Abandon — abort a previous request
  • Extended Operation — generic operation used to define other operations
  • Unbind — close the connection (not the inverse of Bind)

In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out.

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=LDAP&oldid=630"