Lightweight Directory Access Protocol

In computer networking, the Lightweight Directory Access Protocol, or LDAP ("ell-dap"), is a networking protocol for querying and modifying directory services running over TCP/IP. An LDAP directory usually follows the X.500 model: it is a tree of entries, each of which consists of a set of named attributes with values. While some services use a more complicated "forest" model, the vast majority use a simple starting point for their database organization.

An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the most simple levels of the hierarchy. Further into the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry, or multiple entries.

Its current version is LDAPv3. LDAPv3 is specified in a series of IETF Standard Track RFCs as detailed in RFC 4510.

Tutorials and docs

• Pam-ldap
• http://www.zytrax.com/books/ldap/
• http://tuxick.net/ldap.html
• http://ldapadministrator.com
• Apache Authentication with Active Directory
• LDAP authentication on Gentoo (slightly outdated)
• LDAP Replication
• Common causes of LDAP errors
• Objectclasses
• LDAP for Rocket Scientists

Links

• http://www.openldap.org/
• Red Hat Directory Server documentation, worth reading

FAQ

additional info: structuralObjectClass: no user modification allowed

use slapadd instead of ldapadd

modify a record

ldapmodify

search for a record

http://docs.sun.com/source/816-6400-10/lsearch.html

ldapsearch -x -b  -s base '(objectclass=*)' namingContexts
ldapsearch -x -b "dc=foo, dc=com" "uid=harry"

• scope?

ldapsearch filters

• http://www.faqs.org/rfcs/rfc2254.html

Keywords

rootdn

The user/account with full access

Tools

phpldapadmin ldapbrowser lam