Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevNext

Chapter 13. Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP) is a set of open protocols used to access centrally stored information over a network. It is based on the X.500 standard for directory sharing, but is less complex and resource intensive. For this reason, LDAP is sometimes referred to as "X.500 Lite."

Like X.500, LDAP organizes information in a hierarchal manner using directories. These directories can store a variety of information and can even be used in a manner similar to Network Information Service (NIS), enabling anyone to access their account from any machine on the LDAP enabled network.

In many cases, however, LDAP is used simply as a virtual phone directory, allowing users to easily access contact information for other users. But LDAP is more flexible than a traditional phone directory, because it is capable of referring a querent to other LDAP servers throughout the world, providing an ad-hoc global repository of information. Currently, however, LDAP is more commonly used within individual organizations, like universities, government departments, and private companies.

LDAP is a client-server system. The server can use a variety of databases to store a directory, each optimized for quick and copious read operations. When an LDAP client application connects to an LDAP server, it can either query a directory or attempt to modify it. In the event of a query, the server either answers the query or, if it can not answer locally, it can refer the querent to an LDAP server which does have the answer. If the client application is attempting to modify information an LDAP directory, the server verifies that the user has permission to make the change and then adds or updates the information.

This chapter will refer to the configuration and use of OpenLDAP 2.0, an open source implementation of the LDAPv2 and LDAPv3 protocols.

13.1. Why Use LDAP?

The main benefit of using LDAP is that information for an entire organization can be consolidated into a central repository. For example, rather than managing user lists for each group within an organization, you can use LDAP as a central directory accessible from anywhere on the network. And because LDAP supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS), sensitive data can be protected from prying eyes.

LDAP also supports a number of back-end databases in which to store directories. This allows administrators the flexibility to deploy the database best suited for the type of information the server is to disseminate. Because LDAP also has a well-defined client Application Programming Interface (API), the number of LDAP-enabled applications are numerous and increasing in quantity and quality.

On the negative side, LDAP can be difficult to configure.

13.1.1. OpenLDAP 2.0 Feature Enhancements

OpenLDAP 2.0 includes a number of important features.

  • LDAPv3 Support — OpenLDAP 2.0 supports Simple Authentication and Security Layer (SASL), Transport Layer Security (TLS), and Secure Sockets Layer (SSL), among other improvements. Many of the changes in the protocol since LDAPv2 are designed to make LDAP more secure.

  • IPv6 Support — OpenLDAP supports the next generation Internet Protocol version 6.

  • LDAP Over IPC — OpenLDAP can communicate within a system using interprocess communication (IPC). This enhances security by obviating the need to communicate over a network.

  • Updated C API — Improves the way programmers can connect to and use LDAP directory servers.

  • LDIFv1 Support — Provides full compliance with the LDAP Data Interchange Format (LDIF) version 1.

  • Enhanced Stand-Alone LDAP Server — Includes an updated access control system, thread pooling, better tools and much more.

PrevHomeNext
Additional ResourcesUpLDAP Terminology
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.