What is LDAP? (Windows Admin Interview Series #2)

LDAP is an Internet standard protocol used by applications to access information in a directory. It runs directly over TCP, and can be used to access a standalone LDAP directory service or to access a directory service that is back-ended by X.500. It was created as a way to minimize the implementation requirements on directory clients, and to simplify and encourage the use of directories among applications.

The LDAP directory service model is based on entries. An entry is a collection of attributes that describing it. Each attribute has a name, type and one or more values. For example, attributes describing a person might include person's name (common name, or cn), telephone number, and email address.

The entry for Peter Chan might have the following attributes:

cn: Peter Chan mail: peter@ust.hk telephoneNumber: 2358-1234 telephoneNumber: 2358-4321 roomNumber: 2228

LDAP is a protocol defining a directory service and access to that service. LDAP is based on a client-server model. LDAP servers provide the directory service, and LDAP clients use the directory service to access entries and attributes.