LDAP (Lightweight Directory Access Protocol) is a proposed open standard for global or local directory services over a network and/or the Internet. A directory, in this sense, is very much like a phone book. LDAP can handle other information, but at present it is typically used to associate names with phone numbers and e-mail addresses. Directories are designed to support a high volume of queries, but the data in the directory doesn't change all that often.
LDAP is much more useful than a paper phone book, because LDAP's design is intended to support propagation over LDAP servers throughout the Internet, much like the Domain Name Service (DNS). The DNS system acts as the address book of the Internet by keeping track of domain name/IP address pairs. DNS servers tell networked machines where packets need to go. In the future, LDAP could provide the same type of global access to many types of directory information: at present, LDAP is more commonly used within a single large organization, like a college or a company, for directory services.
LDAP is a client-server system. An LDAP client connects to an LDAP server and either queries for information or provides information that needs to be entered into the directory. The server either answers the query, refers the query to another LDAP server, or accepts the information for incorporation into the directory.
LDAP is sometimes known as X.500 Lite. X.500 is an international standard for directories. X.500 is full-featured, but it is complex and requires lots of computing resources and the full OSI stack. LDAP, in contrast, can run easily on a PC and over TCP/IP. LDAP can access X.500 directories, but it does not support every capability of X.500.
This chapter will refer to the configuration and use of OpenLDAP, an open source implementation of LDAP. OpenLDAP includes slapd, a stand-alone LDAP server; slurpd, a stand-alone LDAP replication server; libraries implementing the LDAP protocol; utilities; tools; and sample clients.