Overview#
LDAP is an Abbreviation of Lightweight Directory Access Protocol.However, most of our references will use LDAP
Table of Contents
- Overview
- Overview
- Some View for LDAP
- An Introduction to LDAP
- LDAP Result Codes
- LDAP Searches
- LDAP Server Implementations
- LDAP Browsers
- Why LDAP is Important
- LDAP Best Practices
- The Enterprise Directory
- LDAP Search Scopes - (per RFC-4520)
- LDAP Filter Modifiers - (per RFC 4520)
- Modify Request
- LDAP Syntaxes - (per RFC 4520)
- LDAP Protocol Mechanisms
- LDAP Schema
- LDAP Extensions and Controls Listing
- Using LDIF Files
- LDAP to Google
- More Information
Overview #
LDAP or LDAP is a protocol that may be used to communicate with a DSA.LDAP is an open standard that uses the Basic Encoding Rules (Basic Encoding Rules) subset of ASN.1 to encode communication for each LDAP Message.
LDAP is a request-response type of protocol where each request is followed by a response.
There are several LDAP Protocol Exchanges which can be one or more request and zero or more responses
Some View for LDAP#
An Introduction to LDAP #
An Introduction to LDAP for basic information.LDAP Result Codes #
Remember, LDAP is simple, there is a limited number of server LDAP Result Codes.Often referred to as Error Codes, LDAP Result Codes tell you what happened, not just if there was an Error.
LDAP Searches #
As LDAP Searches are the most common interaction in LDAP, we have a LOT of information on the subject.LDAP Server Implementations #
LDAP servers, or DSA are available form several sources as LDAP Server ImplementationsLDAP Browsers #
The most common LDAP Client or DUA is the LDAP Browsers. We have a list of the LDAP Browsers we know about.Why LDAP is Important #
Why we think LDAP is Important. As primarily folks that integrate with many systems, we see the ins and outs of communication with many different types of systems on a daily basis.LDAP Best Practices#
- Best Practices for LDAP Security
- Best Practices For LDAP Naming Attributes
- Best Practices For Unique Identifiers
- Best Practices Password
The Enterprise Directory #
LDAP Search Scopes - (per RFC-4520) #
LDAP Filter Modifiers - (per RFC 4520) #
Modify Request #
LDAP Syntaxes - (per RFC 4520) #
LDAP Protocol Mechanisms #
LDAP Schema #
LDAP Extensions and Controls Listing #
A LDAP Extensions and Controls Listing which includes supportedControls, supportedExtensions and supportedFeatures which maybe selectively filtered.Using LDIF Files #
LDAP to Google #
More Information #
There might be more information for this subject on one of the following:- 2.16.840.1.113719.1.1.4.1.111
- 2.16.840.1.113719.1.1.4.1.96
- 2.16.840.1.113730
- ACID
- ACL (eDirectory Attribute)
- AD Determining Password Expiration
- ADSTYPE_BOOLEAN
- ADSTYPE_DN_WITH_BINARY
- ADSTYPE_OCTET_STRING
- About
- Abstract Syntax Notation One
- AbzillaPerson
- Access Control
- Access Point
- Active Directory Service Interfaces
- ActiveDirectorySchemaChanges
- Adaptive Directory Access Protocol
- Add Request
- AdministrativeRole
- AdministratorsAddress
- Ambiguous Name Resolution
- Apache Fortress
- Application namespace
- Assertion Value
- Assistant
- Attribute
- Attribute Options
- Attribute Type Description
- Attribute Value Assertion
- Audio
- Authentication Failures
- BackLink
- Best Practices For LDAP Naming Attributes
- Best Practices for LDAP Security
- Bind Authentication Method
- Bind Request
- Boolean
- C
- CRAM-MD5
- CarLicense
- Certificate
- Chaining
- ChangeNumber
- ChangeType
- Changelog
- Changes
- Char
- Cn
- Co
- CollectiveAttributeSubentries
- CollectiveExclusions
- Common Active Directory Bind Errors
- Common Edirectory Bind Errors
- CommonName
- Company
- Comparing LDAP and SQL
- Complex Attribute
- Configuration Files For JSPWIKI And LDAP
- Container
- Control
- Country Code
- Country-Code
- CountryCode
- CountryName
- Create Read Update Delete
- CreateGroupingRequest
- CreateGroupingResponse
- CreateTimestamp
- Criticality
- DC
- DIT Content Rule
- DITContentRules
- DITStructureRules
- DN Escape Values
- DNWithString
- DSE_CREATE_ENTRY
- DSE_DELETE_ENTRY
- DSI_ENTRY_FLAGS
- DSML
- DS_OPERATIONAL
- Data Store
- DateOfBirth
- DefinitionDSMLGateway
- Delegation vs Impersonation
- Delete Modification-type
- DeleteOldRDN
- DepartmentNumber
- Description
- Device
- DicPersonInfo
- Digest SSP
- Digital Identity
- DirXML Level Three Trace
- DirXML-DriverFilter
- DirXML-JavaDebugPort
- DirXML-NTAccountName
- DirXML-PasswordSyncStatus
- Directory Enabled Networks
- Directory Information Tree Structure
- Directory Service
- Directory System Agent
- Directory User Agent
- DisplayName
- Distinguished Name Case Sensitivity
- Distinguished Names
- Distributed Data Store
- Domain
- DomainComponent
- DomainControllerFunctionality
- DomainFunctionality
- Draft-behera-ldap-password-policy
- DuplicateAttributeValueLocaterTool
- DxPwdMustChange
- EDirectory
- EDirectory LDAP Transaction
- EDirectory Synchronization
- ERROR_PASSWORD_MUST_CHANGE
- Edirectory Anomalies
- Edirectory Indexes
- EdirectoryLoginUpdate
- EmailAddress
- EndGroupingRequest
- EndGroupingResponse
- EntryDN
- EntryFlags
- Etag
- Event Monitoring
- Extended Flags
- FLAIM
- FacsimileTelephoneNumber
- ForestFunctionality
- FriendlyCountryName
- FullName
- Gecos
- Gender
- GetXbyY
- GidNumber
- GivenName
- Glossary Of LDAP And Directory Terminology
- Gluu LDAP
- GroupType
- Groups Are Bad
- History of LDAP
- HomeDirectory
- How Domain Controllers Are Located in Windows
- How To Get Your Own OID
- HttpSessionTimeout
- I-number
- IDM Tricks
- Identity Cube
- Identity Governance Framework
- Import Conversion Export
- Importing Certificates In Imanager
- InetOrgPerson
- Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
- Internet Draft
- Introduction To LDAP
- IpService
- IpServicePort
- IpServiceProtocol
- IsDeleted
- IsRecycled
- Isode Limited
- JAVA LDAP SDKs
- Java Naming and Directory Interface
- JpegPhoto
- Kerberos
- Kerberos SSP
- Key Distribution Center
- Kurt Zeilenga
- LDAP Authentication
- LDAP Authentication Methods
- LDAP Client
- LDAP Client Configuration
- LDAP Client Error And Result Codes
- LDAP Connection Maintenance
- LDAP Data Interchange Format
- LDAP Descriptor
- LDAP Directory Information Models
- LDAP Family
- LDAP Group
- LDAP Indexes
- LDAP Internationalized String Preparation
- LDAP Monitoring Overview
- LDAP Overview
- LDAP Programing
- LDAP Protocol Exchanges
- LDAP Protocol dependencies
- LDAP Proxy User
- LDAP Request
- LDAP Result Codes
- LDAP Schema
- LDAP SearchFilters
- LDAP Server
- LDAP Server Standards and Specifications
- LDAP Syntaxes and Matching Rules
- LDAP Tools From Others
- LDAP URL
- LDAP filters Syntax and Choices
- LDAP for Linux and Unix Clients
- LDAP ping
- LDAP policy in Active Directory
- LDAPS
- LDAPSyntaxes
- LDAP_SERVER_RANGE_OPTION_OID
- LDAP_TIMELIMIT_EXCEEDED
- LDAP_TIMEOUT
- LDAPv3
- LabeledUri
- Language
- LanguageId
- LdapServerIdleTimeout
- LdapStdCompliance
- LeftMenu
- Lightweight Directory Access Protocol
- Lightweight Directory Access Protocol (LDAP) Authentication Methods and Security Mechanisms
- Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
- Lightweight Directory Access Protocol (LDAP) Parameters
- Lightweight Directory Access Protocol (LDAP) The Protocol
- Lightweight Directory Access Protocol (LDAP) Transactions
- Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
- Local Security Authority
- LocalEntryID
- LoginAllowedTimeMap
- LoginDisabled
- LoginMaximumSimultaneous
- LoginShell
- Lsss
- MAY
- MONO
- MULTI-VALUE
- MUST
- MacAddress
- MaxActiveQueries
- MaxConnIdleTime
- MaxConnections
- MemberNisNetgroup
- MemberQueryURL
- MemberUid
- Memory
- Microsoft Active Directory
- Microsoft Active Directory Anomalies
- MicrosoftLdapApi
- Modify
- Modify Response
- ModifyDNRequest
- ModifyTimestamp
- Ms-DS-Password-Settings-Container
- MsDS-HasInstantiatedNCs
- MsDS-LockoutDuration
- MsDS-LockoutObservationWindow
- MsDS-LockoutThreshold
- MsDS-MaximumPasswordAge
- MsDS-MinimumPasswordAge
- MsDS-MinimumPasswordLength
- MsDS-PSOAppliesTo
- MsDS-PasswordComplexityEnabled
- MsDS-PasswordHistoryLength
- MsDS-PasswordReversibleEncryptionEnabled
- MsDS-PasswordSettingsPrecedence
- MsDS-SupportedEncryptionTypes
- NDAP
- NDS Authentication
- NDS Threads
- NDSD Loadable Module
- NDSPKIKeyMaterialDN
- NDSPKISDKeyAccessPartition
- NDSTRACE Examples
- NICISDITreeKeyProviderFaultTolerance
- NIS
- NIS Performance Vs LDAP
- NIS To LDAP Tool
- NMAS
- NTDSService
- Name Form
- Name Service Switch Sources
- NameForms
- NamingContext
- Ndsconfig
- Ndsconfig Parameters
- Ndstrace
- NetworkAddress
- NewRDN
- NewSuperior
- Newsuperior
- NickName
- NisDomain
- NisDomainObject
- NisNetgroup
- NisNetgroupTriple
- Nldap
- Novell Directory Services
- NovellS Challenge Response System
- NsimRandomQuestions
- NsimRequiredQuestions
- NspmAdminsDoNotExpirePassword
- NspmComplexityRules
- NspmConfigurationOptions
- NspmMaximumLength
- NspmPasswordPolicyDN
- Ntdsutil.exe
- NumericString
- O
- OID
- Obituary
- ObjectClass
- ObjectClasses
- ObjectSID
- Obtain a Certificate from Server
- On-Demand Password Synchronization
- OpenAssertionType
- OpenDJ
- OpenDS
- Opportunities
- Optimize Modify
- Oracle Internet Directory and DirXML Moves
- Owner
- Partition
- PartitionStatus
- Passwd
- Password Expiration
- Password Expiration Warning
- Password Management
- Password Maximum Age
- Password Modify Operation
- Password Policy
- Password Vault
- PasswordMinimumLength
- PasswordsUsed
- Permission
- Person
- Photo
- Policy Based Management System
- PostalCode
- PreferredServerList
- PrimaryGroupID
- Protocol Data Unit
- PwdExpireWarning
- PwdMinAge
- PwdPolicySubEntry
- PwdProperties
- Queue
- RECMAN
- RFC 2164
- RFC 2247
- RFC 2739
- RFC 3060
- RFC 3062
- RFC 3671
- RFC 3672
- RFC 3712
- RFC 3866
- RFC 4403
- RFC 4510
- RFC 4517
- RFC 4519
- RFC 4523
- RFC 4529
- RFC 4531
- RFC 5020
- RFC 7612
- RFC 8284
- Reference
- Remote Authentication Dial-In User Service
- ReplicaUpTo
- Replication
- Request For Comment
- Requesting Attributes by Object Class
- Resource Action
- Revision
- SASL
- SASLoginSecretKey
- SASSecurity
- SASService
- SCIM Resource
- SINGLE-VALUE
- SLAPD
- SOAPDSMLDriver
- SUP
- SYNTAX
- SamAccountName
- Samba
- SambaLMPassword
- Schema Extensions
- SchemaFlagsEx
- Secure Socket Layer
- Security Controls For This Wiki
- Security Identifier
- SeeAlso
- SerialNumber
- ServerHolds
- ServiceDNSName
- Services.willeke.biz
- Shadow
- ShadowAccount
- ShadowExpire
- ShadowFlag
- ShadowInactive
- ShadowLastChange
- ShadowMax
- ShadowMin
- ShadowWarning
- Simple Authentication
- Simple and Protected GSSAPI Negotiation Mechanism
- SslEnableMutualAuthentication
- Ssldp
- StartTLS
- String Representation of Distinguished Names
- Subentries
- Subject Attributes
- SubmitEventRequest
- SubordinateSubtree
- SynchronizedUpTo
- Synchronous Operation
- System-Id-Guid
- TargetDN
- TelephoneNumber
- The COSINE and Internet X.500 Schema
- ThisWilki
- Timezone
- Tips using UnboundID LDAP SDK
- TombstoneLifetime
- Toolbox
- Transitioning NIS Maps To LDAP
- TransitiveVector
- Transport Layer Security
- USAGE
- UUID
- Uid
- UidNumber
- Understanding Name Forms
- UnderstandingSchemaInOpenDS
- UniversalPasswordSecretBits
- University of Michigan
- UnknownBaseClass
- User
- UserAccountControl
- Using LDAP over IPC Mechanisms
- Using User Attribute Values for Tomcat Roles
- Value Object
- Verify DNS Records
- Virtual Directory
- Web Blog_blogentry_020117_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_180317_1
- Web Blog_blogentry_200217_2
- Web Blog_blogentry_210615_1
- Web Blog_blogentry_250816_1
- Which Jane Doe
- Who Am I Extended Operation
- Why OpenID Connect
- X.500
- XDAS Trust Management Events
- authoritative
- automountMapName
- ipProtocolNumber
- shadowLastChange
- status
