Network Protocols Glossary
What is a network protocol? Protocols are the rules of the road for how data exists and moves on the network. They allow many different systems and computers to communicate.
Lightweight Directory Access (LDAP) Protocol
What is Lightweight Directory Access (LDAP) Protocol?
The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol used to maintain distributed directory info in an organized, easy-to-query manner. That means it allows you to keep a directory of items and information about them.
LDAP stores this data by way of records which contain a set of attributes. Think of the attributes like fields in a database. The record itself has a unique identifier, a 'Distinguished Name' in LDAP parlance, most often seen as 'DN.' This is the unique bit of each entry, kind of like the path to a file on your file system. Or perhaps more accurately similar to a street address, since postal addresses begin with the most specific bit first (house number, etc.), as do DNs. Each other attribute in the record has a name and a type, as well as one or more values.
What is the purpose of LDAP
LDAP lends itself extremely well to things like access control and authorization. Which groups is a user in? Only users in the detective group should have access to the clues application, so when someone attempts to log in, ensure they are in the proper group before granting access, etc.
But how does one gain access to all of those records? The process is pretty straight forward from a flow perspective:
- 1. A session begins with a client binding to an LDAP server (DSA, Directory System Agent), default port 389
- 2. The client then sends an operation request (often a search or compare request, for example) to the server, asking for a particular set of information.
- 3. The server then processes this query, and supplies a response.
- 4. The client receives the response and unbinds, then processes the data.