LDAP : Basic of Open LDAP: Introduction to LDAP

What is LDAP?

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

X.500 is a model for Directory Services in the OSI concept. It contains namespace definitions and the protocols for querying and updating the directory. However, X.500 has been found to be overkill in many situations. Enter LDAP. Like X.500 it provides a data/namespace model for the directory and a protocol. However, LDAP is designed to run directly over the TCP/IP stack.

In plain and simple terms, its a database whereby it has all the details of all of organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on corporate intranet and whether or not you know the domain name, IP address, or geographic whereabouts. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly. An LDAP server is also known as a Directory System Agent (DSA). Its a not a relational database. Outlook and other email programs uses LDAP to search for a recipient in an organization.

Why its a directory?

A directory is similar to a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time.

A directory is a specialized database designed for frequent queries but infrequent updates. Unlike general databases they don’t contain transaction support or roll-back functionality. Directories are easily replicated to increase availability and reliability. When directories are replicated, temporary inconsistencies are allowed as long as they get synchronized eventually.

Information is structured

All information inside a directory is structured hierarchically. Even more, if you want to enter data inside a directory, the directory must know how to store this data inside a tree. Lets take a look at a fictional company and an Internet-like tree.

To name nodes, LDAP uses a naming scheme. Most LDAP distributions (including OpenLDAP) already contain quite a number of predefined (and general approved) schemas, such as the inetOrgPerson, or a frequently used schema to define users which Unix/Linux boxes can use, called posixAccount. Note there are GUI web based tools to make managing LDAP painless.


The main benefit of using LDAP is that information for an entire organization can be consolidated into a central repository.

For example, rather than managing user lists for each group within an organization, LDAP can be used as a central directory accessible from anywhere on the network. And because LDAP supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS), sensitive data can be protected from prying eyes.

LDAP also supports a number of back-end databases in which to store directories. This allows administrators the flexibility to deploy the database best suited for the type of information the server is to disseminate. Because LDAP also has a well-defined client Application Programming Interface (API), the number of LDAP-enabled applications are numerous and increasing in quantity and quality.

  • LDAP is an open standard: 
  • LDAP is a network protocol.

  • LDAP is ubiquitous.

  • Directory databases include accounts.

  • LDAP data is object-oriented and encourages heavy reuse.

  • LDAP servers are small, simple, and easy to maintain.

  • LDAP is optimized for rapid search and retrieval.

  • LDAP databases can be massive and secure.

  • LDAP enables the internationalization of data.


Why LDAP is called lightweight?

LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.

Is there Graphical editors for LDAP ?

Yes, There are many GUI based tool for LDAP.

Some of them are :

–  GQ
– Java LDAP Browser/Editor
– Softerra LDAP Browser

For step by step LDAP installation and configuration Click here 


Related Posts

Satya Prakash

VOIP Expert: More than 8 years of experience in Asterisk Development and Call Center operation Management. Unique Combination of Skill Set as IT, Analytics and operation management.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: