Protocols: LDAP (Lightweight Directory Access Protocol)

LDAP was initially developed by  the IETF (Internet Engineering Task Force) and is a directory services application which has become something of a ‘standard’ in the technical community of the internet.   A directory service is basically something which provides the ability to look up people, places or services on a network.   They can be used both on internal networks and across the internet, the basic functionality is usually the same.  LDAP is often used to form the basis of a directory service for large email address list incorporating a Global address list into a LDAP service is often the most efficient method in large, distributed environments.

However the functionality of LDAP is not limited to simply providing directory information is has many other uses too.  One of the most useful features is to enable account creation and management.  It can be incorporated easily into other applications to automatically update or create resources in distributed environments.  Email addresses and network resource access can be modified based on specified criteria automatically.   It can also be used to allocate permissions and access control lists for example if you want some users to be able to access BBC video services via a VPN like this.

LDAP is often used on it’s own as a straightforward directory service however it can be used to provide a simple interface into other X500 compatible directory services.  X500 is an international specification which runs on OSI compatible systems.  In actual fact, LDAP is a subset of X.500 which operates on TCP/IP based networks like the internet.

LDAP was in fact originally designed to be used in this way as a front end client for services based on the X.500 standard.  It incorporates a protocol called DAP (Directory Access Protocol)  which is the primary interface for accessing these services. Unfortunately DAP requires a full OSI protocol stack to operate and this means that the majority of simple desktop systems don’t have sufficient resources to run it.    LDAP is in fact the ‘cut down’ version of DAP which needs much less resources to run and can therefore be used on normal desktops.  This makes it extremely useful to run on workstations and across TCP/IP networks whilst allowing access to existing X.500 directories.

Another reason why LDAP is so popular is that there are many versions available for free available on the internet.   Two of the most popular were developed by the University of Michigan and the software company Critical Angle.  They are both ‘stripped down’ versions which drastically reduce the overhead which is normally needed by the full X.500 service.

Further Reading


Leave a Reply