Understanding LDAP (part 1) - Of Needles And Haystacks (
Page 2 of 5 )
Let's start with the
basics: what the heck is LDAP anyhoo?
The acronym LDAP stands for
Lightweight Directory Access Protocol, which, according to the official
specification at
http://www.ietf.org/rfc/rfc2251.txt,
is a protocol "designed to provide access to the X.500 Directory while not
incurring the resource requirements of the Directory Access Protocol (DAP) [...]
specifically targeted at simple management applications and browser applications
that provide simple read/write interactive access to the X.500 Directory, and is
intended to be a complement to the DAP itself".
Yup, it didn't make sense
to me either.
Before you can understand LDAP, you need to first
understand what a "directory service" is. A directory service is exactly what it
sounds like - a publicly available database of structured information. The most
common example of a directory service is your local Yellow Pages - it contains
names, addresses and contact numbers of different businesses, structured by
business category, all indexed in a manner that is easily browseable or
searchable.
Like ice-cream, directory services come in many flavours.
They may be local to a specific organization (the corporate phone book) or more
global in scope (a countrywide Yellow Pages). They can contain different types
of information, ranging from employee names, phone numbers and email addresses
to domain names and their corresponding IP addresses They can exist in different
forms and at different locations, either as a single electronic database within
an organization's internal network or as a series of inter-connected databases
existing at different geographical locations on a corporate extranet or the
global Internet. Despite these differences, however, they all share certain
common attributes: structured information, powerful browsing and search
capabilities, and - in the case of distributed directories - inter-cooperation
between the different pieces of the database.
Now, obviously, organizing
information neatly in a directory is only part of the puzzle - in order for it
to be useful, you need a way to get it out. If you're using the local phone
book, getting information out it as simple as flipping to the index, locating
the category of interest, and opening it to the appropriate page. If you're
using an electronic, globally distributed directory service, however, you need
something a little more sophisticated.
That's where LDAP comes
in.
