Overview#

LDAP is an Abbreviation of Lightweight Directory Access Protocol which is a Protocol.

However, most of our references will use LDAP

LDAP or LDAP is a protocol that may be used to communicate with a DSA.

LDAP is an open standard that uses the Basic Encoding Rules (Basic Encoding Rules) subset of ASN.1 to encode communication for each LDAP Message.

LDAP is a request-response type of protocol where each request is followed by a response.

There are several LDAP Protocol Exchanges which can be one or more request and zero or more responses

An Introduction to LDAP #

An Introduction to LDAP for basic information.

Some Views on LDAP#

• LDAP Directories: An original NoSQL solution?
• Thinking of LDAP

LDAP Result Codes #

Remember, LDAP is simple, there is a limited number of server LDAP Result Codes.

LDAP Searches #

As LDAP Searches are the most common interaction in LDAP, we have a LOT of information on the subject.

• LDAP Filter Choices
• LDAP Search Scopes

LDAP Server Implementations #

LDAP servers, or DSA are available form several sources as LDAP Server Implementations

LDAP Browsers #

The most common LDAP Client or DUA is the LDAP Browsers. We have a list of the LDAP Browsers we know about.

Why LDAP is Important #

Why we think LDAP is Important. As primarily folks that integrate with many systems, we see the ins and outs of communication with many different types of systems on a daily basis.

LDAP Best Practices#

• Best Practices for LDAP Security
• Best Practices For LDAP Naming Attributes
• Best Practices For Unique Identifiers
• Best Practices Password

LDAP Information#

• The Enterprise Directory
• LDAP Protocol Mechanisms
  • Modify Request
• LDAP Schema
  • LDAP Syntaxes - (per RFC 4520)
• LDAP Extensions and Controls Listing - includes supportedControls, supportedExtensions and supportedFeatures which maybe selectively filtered.
• LDIF Files
• LDAP to Google

More Information #

There might be more information for this subject on one of the following:

• 1.3.6.1.4.1.1466.115.121.1.38
• 1.3.6.1.4.1.1466.20037
• 1.3.6.1.4.1.8876.2
• 2.16.840.1.113719.1.1.4.1.111
• 2.16.840.1.113719.1.1.4.1.96
• 2.16.840.1.113730
• ACID
• ACL (eDirectory Attribute)
• AD Determining Password Expiration
• ADSTYPE_BOOLEAN
• ADSTYPE_DN_WITH_BINARY
• ADSTYPE_OCTET_STRING
• ANR attribute set
• ARecord
• About
• Abstract Syntax Notation One
• AbzillaPerson
• Access Control
• Access Point
• AccountExpires
• AccountNameHistory
• Active Directory Groups
• Active Directory Service Interfaces
• Active Directory Site
• ActiveDirectorySchemaChanges
• Adaptive Directory Access Protocol
• Add Request
• AdministrativeRole
• AdministratorsAddress
• AliasedEntryName
• AllowedAttributesEffective
• Ambiguous Name Resolution
• Apache Fortress
• Application namespace
• Assertion Value
• Assistant
• AssociatedDomain
• AssociatedInternetGateway
• AssociatedName
• Attribute
• Attribute Options
• Attribute Type Description
• Attribute Value Assertion
• AttributeSecurityGUID
• AttributeSyntax
• Audio
• Authentication Failures
• AutomountMapName
• BackLink
• Best Practices For LDAP Naming Attributes
• Best Practices for LDAP Security
• Bind Authentication Method
• Bind Request
• Binding
• BirthDate
• BirthName
• Boolean
• BooleanMatch
• BootableDevice
• BuildingName
• Bulk Update-Replication Protocol
• C
• CRAM-MD5
• CarLicense
• Certificate
• Chaining
• ChangeNumber
• ChangeType
• Changelog
• Changes
• Char
• City
• ClassDisplayName
• Cn
• Co
• CollectiveAttributeSubentries
• CollectiveExclusions
• Common Active Directory Bind Errors
• Common Edirectory Bind Errors
• CommonName
• Company
• Comparing LDAP and SQL
• Complex Attribute
• Configuration Files For JSPWIKI And LDAP
• Container
• Control
• Counter_LDAPSyntax
• Country
• Country Code
• Country-Code
• CountryCode
• CountryName
• CountryOfResidence
• Create Read Update Delete
• CreateGroupingRequest
• CreateGroupingResponse
• CreateTimestamp
• Credential Vault
• Criticality
• DC
• DIT Content Rule
• DITContentRules
• DITStructureRules
• DN Escape Values
• DSE_CREATE_ENTRY
• DSE_DELETE_ENTRY
• DSI_ENTRY_FLAGS
• DSML
• DS_OPERATIONAL
• DataStore
• DateOfBirth
• DcObject
• DefaultHidingValue
• DefaultObjectCategory
• DefinitionDSMLGateway
• Delegation vs Impersonation
• Delete Modification-type
• DeleteOldRDN
• DepartmentNumber
• Description
• Device
• DhcpRelayAgentInfo
• DicPersonInfo
• Differences between LDAP 2 and 3 Protocols
• Digest SSP
• Digital Identity
• DirXML Driver
• DirXML Level Three Trace
• DirXML-ConfigValues
• DirXML-DriverFilter
• DirXML-DriverStartOption
• DirXML-JavaDebugPort
• DirXML-NTAccountName
• DirXML-NamedPasswords
• DirXML-PasswordSyncStatus
• DirXML-ShimAuthPassword
• DirectReports
• Directory Enabled Networks
• Directory Information Tree Structure
• Directory Service
• Directory System Agent
• Directory User Agent
• DisplayName
• Distinguished Name Case Sensitivity
• Distinguished Names
• Distributed Data Store
• Domain
• Domain Users
• DomainComponent
• DomainControllerFunctionality
• DomainFunctionality
• Draft-behera-ldap-password-policy
• DsRevision
• Dump Password Information Tool-Trouble Shooting
• DuplicateAttributeValueLocaterTool
• DxPwdMustChange
• EDirCloneLock
• EDirectory
• EDirectory LDAP Transaction
• EDirectory Synchronization
• ERROR_DS_ENCODING_ERROR
• ERROR_PASSWORD_MUST_CHANGE
• Edirectory Anomalies
• Edirectory Indexes
• EdirectoryLoginUpdate
• EmailAddress
• EmployeeNumber
• Enable UserPassword in Microsoft Active Directory
• EndGroupingRequest
• EndGroupingResponse
• EnhancedSearchGuide
• EntryDN
• EntryFlags
• EqualityMatch
• Etag
• Event Monitoring
• Extended Flags
• ExtendedCharsAllowed
• ExtensibleObject
• FLAIM
• FacsimileTelephoneNumber
• Filtering for Bit Fields
• ForestFunctionality
• FriendlyCountryName
• FullName
• Gecos
• Gender
• GeneralizedTime
• GetXbyY
• GidNumber
• GivenName
• Glossary Of LDAP And Directory Terminology
• Gluu LDAP
• GroupType
• Groups Are Bad
• History of LDAP
• HomeDirectory
• HomePhone
• HostResourceName
• How Domain Controllers Are Located in Windows
• How To Get Your Own OID
• HttpSessionTimeout
• I-number
• IDM Tricks
• Identity Cube
• Identity Governance Framework
• Import Conversion Export
• Importing Certificates In Imanager
• IndexDefinition
• InetOrgPerson
• Initials
• Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
• Internet Draft
• Introduction To LDAP
• IpProtocol
• IpProtocolNumber
• IpService
• IpServicePort
• IpServiceProtocol
• IsDefunct
• IsDeleted
• IsEphemeral
• IsRecycled
• Isode Limited
• JAVA LDAP SDKs
• Java Naming and Directory Interface
• JpegPhoto
• Kerberos
• Kerberos SSP
• Key Distribution Center
• Key-value
• Kurt Zeilenga
• L
• LDAP Authentication
• LDAP Authentication Methods
• LDAP Client
• LDAP Client Configuration
• LDAP Client Error And Result Codes
• LDAP Connection Maintenance
• LDAP Data Interchange Format
• LDAP Dereference Control
• LDAP Descriptor
• LDAP Directory Information Models
• LDAP Family
• LDAP Group
• LDAP Indexes
• LDAP Internationalized String Preparation
• LDAP Message
• LDAP Monitoring Overview
• LDAP Overview
• LDAP Programing
• LDAP Protocol Exchanges
• LDAP Protocol dependencies
• LDAP Proxy User
• LDAP Request
• LDAP Result Codes
• LDAP Schema
• LDAP Schema Element Extensions
• LDAP Schema for NDS
• LDAP SearchFilters
• LDAP Server
• LDAP Server Standards and Specifications
• LDAP Syntaxes and Matching Rules
• LDAP Tools From Others
• LDAP URL
• LDAP and Active Directory
• LDAP and Bind Throttling
• LDAP filters Syntax and Choices
• LDAP for Linux and Unix Clients
• LDAP ping
• LDAP policy in Active Directory
• LDAPDisplayName
• LDAPS
• LDAPSyntaxes
• LDAP_SERVER_EXTENDED_DN_OID
• LDAP_SERVER_RANGE_OPTION_OID
• LDAP_SERVER_SD_FLAGS_OID
• LDAP_TIMELIMIT_EXCEEDED
• LDAP_TIMEOUT
• LDAPv2
• LDAPv3
• LabeledUri
• Language
• LanguageId
• LdapServerIdleTimeout
• LdapStdCompliance
• LeftMenu
• LegacyExchangeDN
• Lightweight Directory Access Protocol
• Lightweight Directory Access Protocol (LDAP) Authentication Methods and Security Mechanisms
• Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
• Lightweight Directory Access Protocol (LDAP) Parameters
• Lightweight Directory Access Protocol (LDAP) The Protocol
• Lightweight Directory Access Protocol (LDAP) Transactions
• Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
• Limber
• LinkID
• Local Security Authority
• LocalEntryID
• LocalReceivedUpTo
• Locality
• LoginAllowedTimeMap
• LoginDisabled
• LoginMaximumSimultaneous
• LoginShell
• Lsss
• MAY
• MONO
• MULTI-VALUE
• MUST
• MacAddress
• Mail
• Manager
• MapiID
• MaxActiveQueries
• MaxConnIdleTime
• MaxConnections
• Member
• MemberNisNetgroup
• MemberOf
• MemberQueryURL
• MemberUid
• Memory
• Microsoft Active Directory
• Microsoft Active Directory Anomalies
• Microsoft Active Directory Group Synchronization
• MicrosoftLdapApi
• Mobile
• ModifiersName
• Modify
• Modify Response
• ModifyDNRequest
• ModifyTimestamp
• Monitor Entry
• Ms-DS-Password-Settings-Container
• MsDS-AdditionalSamAccountName
• MsDS-HasInstantiatedNCs
• MsDS-LockoutDuration
• MsDS-LockoutObservationWindow
• MsDS-LockoutThreshold
• MsDS-MaximumPasswordAge
• MsDS-MinimumPasswordAge
• MsDS-MinimumPasswordLength
• MsDS-PSOAppliesTo
• MsDS-PasswordComplexityEnabled
• MsDS-PasswordHistoryLength
• MsDS-PasswordReversibleEncryptionEnabled
• MsDS-PasswordSettingsPrecedence
• MsDS-PhoneticCompanyName
• MsDS-PhoneticDepartment
• MsDS-SupportedEncryptionTypes
• MsDS-TrustForestTrustInfo
• MsDS-User-Account-Control-Computed
• NAME
• NDAP
• NDS Authentication
• NDS Master Replica
• NDS Thread Pool
• NDS Threads
• NDSD Loadable Module
• NDSPKIKeyMaterialDN
• NDSPKISDKeyAccessPartition
• NDSRightsToMonitor
• NDSTRACE Examples
• NICISDITreeKeyProviderFaultTolerance
• NIS
• NIS Performance Vs LDAP
• NIS To LDAP Tool
• NMAS
• NMAS_LOGIN
• NTDSService
• Name
• Name Form
• Name Service Switch Sources
• NameForms
• NamingContext
• NdsStatusLimber
• Ndsconfig
• Ndsconfig Parameters
• NdspkiIssueTime
• Ndstrace
• NetworkAddress
• NewRDN
• NewSuperior
• Newsuperior
• NickName
• NisDomain
• NisDomainObject
• NisNetgroup
• NisNetgroupTriple
• Nldap
• Novell Directory Services
• NovellS Challenge Response System
• NsimRandomQuestions
• NsimRequiredQuestions
• NspmAdminsDoNotExpirePassword
• NspmComplexityRules
• NspmConfigurationOptions
• NspmDoNotExpirePassword
• NspmMaximumLength
• NspmPassword
• NspmPasswordHistory
• NspmPasswordHistoryExpiration
• NspmPasswordHistoryLimit
• NspmPasswordKey
• NspmPasswordPolicyDN
• Ntdsutil.exe
• NumericString
• O
• OID
• OMObjectClass
• OMSyntax
• Obituary
• ObituaryNotify
• Object
• ObjectClass
• ObjectClasses
• ObjectGUID
• ObjectSID
• Obtain a Certificate from Server
• On-Demand Password Synchronization
• OpenAssertionType
• OpenDJ
• OpenDS
• OperationalAttribute
• Opportunities
• Optimize Modify
• Oracle Internet Directory and DirXML Moves
• Organization
• OrganizationalUnitName
• Ou
• Owner
• Partition
• PartitionStatus
• Passwd
• Password Expiration
• Password Expiration Warning
• Password Management
• Password Maximum Age
• Password Modify Operation
• Password Policy
• PasswordMinimumLength
• PasswordsUsed
• Permission
• Person
• Phone Number
• Photo
• PhysicalDeliveryOfficeName
• PlaceOfBirth
• Policy Based Management System
• Policy Core Extension LDAP Schema
• PostalCode
• PreferredServerList
• PresentationAddress
• PrimaryGroupID
• Protocol Data Unit
• ProxyAddresses
• PurgeVector
• PwdAccountLockedTime
• PwdExpireWarning
• PwdInHistory
• PwdMinAge
• PwdPolicySubEntry
• PwdProperties
• QUIPU
• Queue
• RECMAN
• RFC 2164
• RFC 2247
• RFC 2739
• RFC 3060
• RFC 3062
• RFC 3112
• RFC 3671
• RFC 3672
• RFC 3712
• RFC 3866
• RFC 4373
• RFC 4403
• RFC 4510
• RFC 4517
• RFC 4519
• RFC 4523
• RFC 4529
• RFC 4531
• RFC 5020
• RFC 7612
• RFC 8284
• RdnAttId
• RdnMatch
• Red Hat
• Reference
• Remote Authentication Dial-In User Service
• Replica
• ReplicaUpTo
• Replication
• Request For Comment
• Requesting Attributes by Object Class
• Resolution_AttrubuteType
• Resource
• Resource Action
• Revision
• SASL
• SASLoginSecretKey
• SASSecurity
• SASService
• SCIM Resource
• SINGLE-VALUE
• SLAPD
• SOAPDSMLDriver
• SUP
• SYNTAX
• SamAccountName
• Samba
• SambaLMPassword
• SapAddOnUM
• Schema Extensions
• SchemaFlagsEx
• SearchFlags
• SearchGuide
• Secure Socket Layer
• Security Controls For This Wiki
• Security Descriptor
• Security Identifier
• SeeAlso
• SerialNumber
• ServerHolds
• ServiceDNSName
• Services.willeke.biz
• Shadow
• ShadowAccount
• ShadowExpire
• ShadowFlag
• ShadowInactive
• ShadowLastChange
• ShadowMax
• ShadowMin
• ShadowWarning
• Simple Authentication
• Simple and Protected GSSAPI Negotiation Mechanism
• Site
• Skulker
• Smssmdrclass
• SslEnableMutualAuthentication
• Ssldp
• StartTLS
• Status
• Street
• String Representation of Distinguished Names
• Subentries
• Subject Attributes
• SubmitEventRequest
• SubordinateSubtree
• Substrings
• Synchronization
• SynchronizedUpTo
• Synchronous Operation
• System-Id-Guid
• SystemOnly
• TargetDN
• TelephoneNumber
• The COSINE and Internet X.500 Schema
• The LDAP Controller
• ThisWilki
• Timezone
• Tips using UnboundID LDAP SDK
• TokenGroups
• TombstoneLifetime
• Tomcat And LDAP
• Toolbox
• Transitioning NIS Maps To LDAP
• TransitiveVector
• Transport Layer Security
• TrustedDomain
• USAGE
• UTCTime
• UUID
• Uid
• UidNumber
• Understanding Name Forms
• UnderstandingSchemaInOpenDS
• UniqueIdentifier
• UniqueMember
• UniversalPasswordSecretBits
• University of Michigan
• UnixHomeDirectory
• UnknownBaseClass
• User
• User-agent
• UserAccountControl
• Using LDAP over IPC Mechanisms
• Using User Attribute Values for Tomcat Roles
• UsnChanged
• Value Object
• Verifiable Claims
• Verify DNS Records
• Virtual Directory
• Virtual List View Control
• Web Blog_blogentry_020117_1
• Web Blog_blogentry_030117_1
• Web Blog_blogentry_180317_1
• Web Blog_blogentry_200217_2
• Web Blog_blogentry_210615_1
• Web Blog_blogentry_250816_1
• WhenChanged
• Which Jane Doe
• Who Am I Extended Operation
• Why OpenID Connect
• X-HIDDEN
• X-NDS_CONTAINMENT
• X-NDS_NAME
• X.500
• X500UniqueIdentifier
• XDAS Trust Management Events
• authoritative
• shadowLastChange