LDAP: Lightweight Directory Access Protocol (LDAPv 3)

Lightweight Directory Access Protocol (LDAP) is designed to provide access to the X.500 Directory while not incurring the resource requirements of the Directory Access Protocol (DAP ). LDAP is specifically targeted at simple management applications and browser applications that provide simple read/write interactive access to the X.500 Directory, and is intended to be a complement to the DAP itself.

Key aspects of LDAP version 3 are: 

• All protocol elements of LDAPv2 are supported. 
• The protocol is carried directly over TCP or other transport, bypassing much of the session/presentation overhead of X.500 DAP. 
• Most protocol data elements can be encoded as ordinary strings. 
• Referrals to other servers may be returned. 
• SASL mechanisms may be used with LDAP to provide association security services. 
• Attribute values and Distinguished Names have been internationalized through the use of the ISO 10646 character set. 
• The protocol can be extended to support new operations, and controls may be used to extend existing operations. 
• Schema is published in the directory for use by clients.

The general model adopted by LDAP is one of clients performing protocol operations against servers. In this model, a client transmits a protocol request describing the operation to be performed to a server. The server is then responsible for performing the necessary operation(s) in the directory. Upon completion of the operation(s), the server returns a response containing any results or errors to the requesting client.

In LDAP versions 1 and 2, no provision was made for protocol servers returning referrals to clients. However, for improved performance and distribution LDAP v3 permits servers to return to clients referrals to other servers. This allows servers to offload the work of contacting other servers to progress operations

LDAP v3 is defined by IETF (www.ietf.org ) in RFC 2251, 2252, 2253, 2254, 2255, 2256, 2829, 2830 and 3377.