Lightweight Directory Access Protocol

Why Trust Techopedia

What Does Lightweight Directory Access Protocol Mean?

Lightweight Directory Access Protocol (LDAP) is a client/server protocol used to access and manage directory information. It reads and edits directories over IP networks and runs directly over TCP/IP using simple string formats for data transfer. It was originally developed as a front end to X.500 Directory Access Protocol.


Lightweight Directory Access Protocol is also known as RFC 1777.

Techopedia Explains Lightweight Directory Access Protocol

LDAP was initially created by Tim Howes of the University of Michigan, Steve Kille of Isode Limited and Wengyik Yeong of Performance Systems International, circa 1993. It is based on the X.500 standard, but is simple and easily adapts to meet custom needs whose specifications are defined in the Requests for Comments (RFCs).

LDAP is also cross-platform and standards-based. Thus, the applications are not concerned about the server type hosting the directory. The LDAP servers are easy to install, maintain and optimize. The LDAP server process queries and updates the LDAP information directory.

LDAP servers are capable of replicating data either through push or pull methods. The technology related to replication is easily configured and built-in. LDAP permits secured delegate read and modification authority based on needs using Microsoft Access control lists. No security checks are performed at the user application level. This is all done directly through the LDAP directory. LDAP does not define how programs work on the client server side, but does define the language used by client programs to talk to servers. LDAP servers range from small servers for workgroups to large organizational and public servers.

LDAP directory servers stores data hierarchically. One of the techniques to partition the directory is to use LDAP referrals, which enable users to refer LDAP requests to a different server.

The central concept of LDAP is the information model, which deals with the kind of information stored in directories and the structuring of information. The information model revolves around an entry, which is a collection of attributes with type and value. Entries are organized in a tree-like structure called the directory information tree. The entries are composed around real world concepts, organization, people and objects. Attribute types are associated with syntax defining allowed information. A single attribute can enclose multiple values within it. The distinguished names in LDAP are read from bottom to top. The left part is called the relative distinguished name and the right part is the base distinguished name.

Many vendors of server products and directory clients support LDAP. Companies with LDAP intentions include IBM, AT&T, Sun and Novell. Eudora and Netscape communicator also support LDAP. Government agencies and large universities also use LDAP servers for storing and organizing information.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.