LDAP and Active Directory

Lightweight Directory Access Protocol (LDAP) is a directory service that is based on Directory Access Protocol (DAP). DAP was used along with X.500 directory service. The drawback with DAP was that it placed large amount of processing burden on the client machines.

Though LDAP is based on DAP, it does not have the X.500 overhead associated with it. It is used in Active Directory for communicating user queries. For example, LDAP can be used by users to search and locate a particular object like a laser printer. LDAP makes use of the keywords to carry out a search operation. The identification of the objects is made possible with the help of its attributes.

To carry out such search operations, LDAP uses naming conventions like Distinguished Name (DN) and Relative Distinguished Name (RDN). The DN shows the complete path of the object right from the domain level to the object level. The RDN shows the common name of the object. In addition to these names, the Global Unique Identifier (GUID) is also used for search operations. The advantage with GUID is that it never changes and is unique for each object. There are possibilities that the RDN and the DN might change.

LDAP operations can be broadly classified under three categories.

    • Client session operations – bind, unbind and abandon
    • Query and retrieval operations – search and compare
  • Modification operations – add, modify, modifyRDN and delete

LDAP is widely used because of the following advantages.

    • It supports multiple platforms with standard APIs for each platform.
    • The LDAP directory can be distributed across multiple servers.
  • It provides easy integration with other standards like DNS.

Comments

comments

1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 4.56 out of 5)