Lightweight Directory Access Protocol (LDAP) is an X.500 based directory service based on TCp/IP for certificate management. It is an open, cross-platform, vendor-neutral, lightweight and industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
LDAP is a client-server based protocol that sits on top of TCP/IP and allows clients to perform a variety of operations in a directory server, including storing and retrieving data, searching for data matching a given set of criteria, authenticating clients, and more. A directory is similar to a database, but tends to contain more descriptive, attribute-based information. The information in a directory is generally read much more often than it is written. Directories are tuned to give quick-response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. The standard TCP ports for LDAP are 389 for unencrypted communication and 636 for LDAP over a TLS-encrypted channel.
The LDAP servers are easy to install, maintain and optimize. The LDAP server process queries and updates the LDAP information directory. LDAP servers are capable of replicating data through push/pull methods. The technology related to replication can be easily configured with pre-built tools and library. When directory information is replicated, temporary inconsistencies between the replicas may be OK, as long as they get in sync eventually. LDAP permits secured delegate read and modification authority based on needs using Microsoft Access control lists. LDAP does not define how programs work on the client server side, but does define the language used by client programs to talk to servers. LDAP servers range from small servers for workgroups to large organizational and public servers.
LDAP directory servers stores data hierarchically. One of the techniques to partition the directory is to use LDAP referrals, which enable users to refer LDAP requests to a different server.
The central concept of LDAP is the information model, which deals with the kind of information stored in directories and the structuring of information. The information model has an entry field, which is a collection of attributes with type and value. Entries are organized in a tree-like structure called the directory information tree. Attribute types are associated with syntax defining allowed information. A single attribute can enclose multiple values within it. The distinguished names in LDAP are read from bottom to top.
Image Credit: Novell