LDAP: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 38: Line 38:
* [[Build Kerberos Docker Image from Ubuntu]]
* [[Build Kerberos Docker Image from Ubuntu]]
* [[Build LDAP Docker Image from Ubuntu]]
* [[Build LDAP Docker Image from Ubuntu]]
* [https://spring.io/guides/gs/authenticating-ldap/ Authenticating a User with LDAP]
* [https://www.baeldung.com/spring-data-ldap Guide to Spring Data LDAP]
* [https://docs.spring.io/spring-ldap/docs/current/reference/ Spring LDAP Reference]
* [https://docs.spring.io/spring-ldap/docs/current/reference/ Spring LDAP Reference]


|}
|}

Revision as of 02:24, 3 September 2022

The Lightweight Directory Access Protocol (LDAP; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Overview

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS (LDAP over SSL, see below). The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).


The client may request the following operations:

  • StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
  • Bind — authenticate and specify LDAP protocol version
  • Search — search for and/or retrieve directory entries
  • Compare — test if a named entry contains a given attribute value
  • Add a new entry
  • Delete an entry
  • Modify an entry
  • Modify Distinguished Name (DN) — move or rename an entry
  • Abandon — abort a previous request
  • Extended Operation — generic operation used to define other operations
  • Unbind — close the connection (not the inverse of Bind)

In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out.

References