LDAP: What is it?

Networks are expanding constantly, with new workstations, servers, printers, and other services being added and removed all the time. It can be difficult, if not impossible, for humans to keep track of all these assets and know how and where to access them. LDAP, or Lightweight Directory Access Protocol, is a protocol used to provide directory services within a network in an effort to help users keep track of those assets. DNS, or the Domain Name System, serves much the same role but is a more dynamic implementation of a directory service and works on a much larger scale.

Ordinarily, in a large corporate environment, to add or delete one user’s account could involve deleting the user from the UNIX /etc/passwd file, removing that user by hand from any mailing lists, removing that user from the company phone directory, and so forth. LDAP centralizes all this information into one single directory, and all that would have to be done in the above scenario is deleting some records from that one directory (Carter, 2003).

According to Carter (2003), the ideal directory service should be highly optimized for reads. This provides a significant boost to performance and makes the directory service highly available. The service should also incorporate a distributed model for sharing information; DNS, for example, is a massive project administered by hundreds of people and all connected by a handful of root nameservers. A directory service should be able to extend the types of information it stores and have those data types be easily searchable. Lastly, a directory service should have consistent replication among directory servers so that directory information is always available and up-to-date.

Leave a Reply