What Is LDAP?

Date First Published: 4th June 2022

Topic: Computer Networking

Subtopic: Internet Protocols

Article Type: Computer Terms & Definitions

Difficulty Level: 9/10

Learn more about what LDAP is in this article.

Short for Lightweight Directory Access Protocol, LDAP is a protocol used for accessing directory information over the internet. LDAP is a simpler version of the Directory Access Protocol (DAP) that uses a smaller amount of code, which is part of X.500. It was defined in RFC 1777 and communicates using port 389 over TCP or UDP.

LDAP is often used in organisations when a single piece of data needs to be found and accessed on a regular basis, the organisation has a large number of smaller data entries, the organisation needs all smaller pieces of data in one centralised location, and the data does not have to be extremely organised.

How Does LDAP Work?

Directories tell the user where something is located and the purpose of this protocol is to allow someone or something to be searched without the user knowing the location. Additional information will help with the search. DNS is the directory system used to translate domain name to IP addresses, but users may not know the domain name. In that case, LDAP could be used to allow a user to search for the domain name and find results similar to their search query.

An example of this is: You want to find the email address of someone that you have never emailed before. LDAP will then extracts the information in a useable format from active directories using a relatively simple, string-based query. These contain attributes behind every user on the network. LGAP directories are organised in a tree hierarchy. The different levels of an LDAP hierarchy include:

• The root directory. This is the source of the tree, which branches out to the following:
• Countries.
• Organisations.
• Divisions and departments within organisations.
• Users.
• User resources, such as files, shared resources, and printers.

Another example: You want to send someone an email who is in a UK XYZ Computers office named Daniel, but that is the only information that you have about that individual person. The LDAP server would respond by searching for all people located in the UK who work at XYZ Computers and whose name contains 'Daniel'. It will then provide you with all the possible matches. This includes full names, email addresses, and titles.

History

Tim Howes at the University of Michigan, Steve Kille of Isode Limited, Colin Robbins of Nexor, and Wengyik Yeong of Performance Systems International developed the protocol as a replacement for DIXIE and DAS in 1993. Under the supervision of the Internet Engineering Task Force, Mark Wahl of Critical Angle Inc, Tim Howes, and Steve Kille began to work on a new version of LDAP, cakked LDAPv3, in 1996. LDAPv3 superseded LDAPv2 and included extensibility, the Simple Authentication and Security Layer, and a better alignment to the 1993 edition of X.500. It was first introduced in 1997 and superseded LDAPv2. The IETF has continued to create the LDAPv3 specifications as well as various different extensions that add additional features to LDAPv3.

This protocol was called Lightweight Directory Browsing Protocol, or LDBP when it was first being developed. It was changed to reflect the extended functionality of the protocol better, which now includes directory update functions in addition to directory browsing and searching. It was called 'lightweight' because it used fewer network resources than its DAP predecessor, making it easier to install over the internet due to its low bandwidth usage.