LDAP: Difference between revisions
| Line 26: | Line 26: | ||
* [https://docs.oracle.com/cd/A97630_01/network.920/a96579/comtools.htm LDAP Command-Line Tools] | * [https://docs.oracle.com/cd/A97630_01/network.920/a96579/comtools.htm LDAP Command-Line Tools] | ||
* [https://github.com/osixia/docker-openldap/blob/stable/Makefile Docker OpenLDAP Makefile] | * [https://github.com/osixia/docker-openldap/blob/stable/Makefile Docker OpenLDAP Makefile] | ||
* [https://stackoverflow.com/questions/10483032/ Spring LDAP Embedded Server] | |||
* [http://www-eu.apache.org/dist/directory/ Download Apache Directory Studio] | * [http://www-eu.apache.org/dist/directory/ Download Apache Directory Studio] | ||
* [https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol] | * [https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol] | ||
Revision as of 21:52, 8 August 2021
The Lightweight Directory Access Protocol (LDAP; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
Overview
A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS (LDAP over SSL, see below). The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).
The client may request the following operations:
- StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
- Bind — authenticate and specify LDAP protocol version
- Search — search for and/or retrieve directory entries
- Compare — test if a named entry contains a given attribute value
- Add a new entry
- Delete an entry
- Modify an entry
- Modify Distinguished Name (DN) — move or rename an entry
- Abandon — abort a previous request
- Extended Operation — generic operation used to define other operations
- Unbind — close the connection (not the inverse of Bind)
In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before the connection is timed out.
References
- phpLDAPadmin
- Docker OpenLDAP
- Apache Directory Studio
- LDAP Command-Line Tools
- Docker OpenLDAP Makefile
- Spring LDAP Embedded Server
- Download Apache Directory Studio
- Lightweight Directory Access Protocol
- OpenLDAP Server Configuration on CentOS 7
- Configure Linux Clients for LDAP Authentication
- How To Install and Configure OpenLDAP and phpLDAPadmin