An Acronym for Lightweight Directory Access Protocol.

A Protocol for accessing hierarchical data. Kinda like SQL except it has "fixed" schemata (you can define your own, but not quite as easily as you do in SQL) and it's for HierarchicalDataBases rather than RelationalDataBases. It is often used for directories, so LDAP implementations are commonly optimised for reading much more than for modifying/inserting data.

Products which speak LDAP include the Free OpenLDAP, NetWare's NDS, and MicrosoftCorporation's ActiveDirectory.

Definitions of terms:

BASEDN

This is the base of your ldap tree. Often it's made up from your domain name (if your domain name is foo.example.org then your basedn is often dc=foo,dc=example,dc=org), or from your organisation name (ou=organisationname,c=ISO country code).

BINDDN

This is the "username" you bind to the ldap tree as. Often cn=<username>,ou=Users,<BASEDN>

When trying to use ldapsearch(1) try:

 ldapsearch -x -h ldapservername -B binddn -W -b basedn

This can often be simplified and defaults provided in /etc/ldap/ldap.conf or /etc/openldap/ldap.conf

See also:

• LDAPNotes
• LDAPURLs
• LDAPAuthentication
• OpenLdapAccessControls
• LDAP System Adminstration, available to WLUG members from the WlugLibrary:15
• DanielLawson, our local LDAP guru. If you've got the problem, he's got the solution. :)

CategoryProtocols