LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.

The terms “LDAP” and “LDAPv3” are commonly used to refer informally to the protocol specified by this technical specification.  LDAP is not limited to contact information, or even information about people. LDAP is used to look up encryption certificates, pointers to printers and other services on a network, and provide “single signon” where one password for a user is shared between many services.

LDAP is appropriate for any kind of directory-like information, where fast lookups and less-frequent updates are the norm.

As a protocol, LDAP does not define how programs work on either the client or server side. It defines the “language” used for client programs to talk to servers (and servers to servers, too). On the client side, a client may be an email program, a printer browser, or an address book.

The server may speak only LDAP, or have other methods of sending and receiving data—LDAP may just be an add-on method.

LDAP also defines: Permissions, set by the administrator to allow only certain people to access the LDAP database, and optionally keep certain data private. Schema: a way to describe the format and attributes of data in the server. LDAP was designed at the University of Michigan to adapt a complex enterprise directory system (called X.500) to the modern Internet.

X.500 is too complex to support on desktops and over the Internet, so LDAP was created to provide this service “for the rest of us.”

Comments are closed.