Overview#
Differences between LDAP 2 and 3 ProtocolsThe most obvious differences between the two LDAP versions are in the LDAP Message and LDAP Result structures. LDAPv3 has replaced the Search Response field with these new fields.
The Search operation uses the extendedResp field if the original LDAP Message used the extendReq field.
LDAPv3 LDAP Result added these new fields:
- referral (10)
- adminLimitExceeded (11)
- unavailableCriticalExtension (12)
- confidentialityRequired (13)
- saslBindInProgress (14)
- affectsMultipleDSAs (71)
LDAPv3 adds the following features to LDAP which were not available in LDAPv2:
- Strong authentication and data security services via SASL
- Certificate authentication and data security services via TLS (SSL)
- Internationalization through the use of Unicode (UTF-8)
- LDAP Referrals and Continuations
- In LDAPv2 servers are supposed to handle LDAP Referrals and not return them to the client. (Chaining)
- LDAP Schema Discovery Mechanism
- In LDAPv2 had little consistency within the LDAP Schema
- Extensibility (SupportedControl, Extended Request operations, and more)
- In LDAPv2 the only common field was the Message ID. LDAPv3 adds a common SupportedControl field so that the LDAP protocol can be extended.
- Modrdn would only rename an entry with the same context. To move an entry it needed to be deleted and then use an Add Request
- OperationalAttribute was not available in LDAPv2
LDAPv2 is considered historic (RFC 3494). Interoperability amongst LDAP Server Implementations claiming LDAPv2 support is limited. LDAPv2 should be avoided.
More Information#
There might be more information for this subject on one of the following:- [#1] - Differences between LDAP 2 and 3 Protocols
- based on information obtained 2019-03-19