Home

LDAPv3

LDAPv3 is the third version of the Lightweight Directory Access Protocol, a protocol used to access and manage distributed directory information services over a network. It is the current version of LDAP and is defined in RFC 4510 through 4519. LDAPv3 introduced improvements in security, extensibility, and interoperability, including the ability to negotiate authentication methods via SASL and to transport the protocol securely using TLS through the StartTLS extension.

Directory data in LDAP are organized as a hierarchical Directory Information Tree (DIT). Each entry has a

Core operations include Bind (authenticate), Search (and its various scopes), Compare, Add, Delete, Modify, and Modify

Security considerations: LDAP can operate over plain text, so TLS encryption with StartTLS on the standard

Common uses include centralized authentication, user provisioning, address book lookups, and service endpoint discovery. Directory information

Distinguished
Name
(DN)
and
consists
of
attributes
defined
by
a
directory
schema.
Object
classes
determine
which
attributes
an
entry
may
contain.
Clients
perform
operations
by
sending
LDAP
requests
over
TCP
connections,
encoded
using
ASN.1
BER.
DN
(rename
or
move).
Extended
operations
and
controls
allow
vendors
and
applications
to
add
features
without
changing
the
core
protocol.
LDAP
supports
referrals
for
distributed
directories
and
supports
both
simple
binds
and
SASL-based
binds
for
security.
port
389
or
LDAPS
on
636
is
recommended.
Proper
authorization,
strong
authentication,
and
careful
schema
design
are
important
for
protecting
sensitive
directory
data.
is
often
exchanged
in
LDIF
format
for
import/export.