Overview#
LDAP is an Abbreviation of Lightweight Directory Access Protocol which is a Protocol.However, most of our references will use LDAP
LDAP or LDAP is a protocol that may be used to communicate with a DSA.
LDAP is an open standard that uses the Basic Encoding Rules (Basic Encoding Rules) subset of ASN.1 to encode communication for each LDAP Message.
LDAP is a request-response type of protocol where each request is followed by a response.
There are several LDAP Protocol Exchanges which can be one or more request and zero or more responses
An Introduction to LDAP #
An Introduction to LDAP for basic information.Some Views on LDAP#
LDAP Result Codes #
Remember, LDAP is simple, there is a limited number of server LDAP Result Codes.LDAP Searches #
As LDAP Searches are the most common interaction in LDAP, we have a LOT of information on the subject.LDAP Server Implementations #
LDAP servers, or DSA are available form several sources as LDAP Server ImplementationsLDAP Browsers #
The most common LDAP Client or DUA is the LDAP Browsers. We have a list of the LDAP Browsers we know about.Why LDAP is Important #
Why we think LDAP is Important. As primarily folks that integrate with many systems, we see the ins and outs of communication with many different types of systems on a daily basis.LDAP Best Practices#
- Best Practices for LDAP Security
- Best Practices For LDAP Naming Attributes
- Best Practices For Unique Identifiers
- Best Practices Password
LDAP Information#
- The Enterprise Directory
- LDAP Protocol Mechanisms
- LDAP Schema
- LDAP Extensions and Controls Listing - includes supportedControls, supportedExtensions and supportedFeatures which maybe selectively filtered.
- LDIF Files
- LDAP to Google
More Information #
There might be more information for this subject on one of the following:- 1.3.6.1.4.1.1466.115.121.1.38
- 2.16.840.1.113719.1.1.4.1.111
- 2.16.840.1.113719.1.1.4.1.96
- 2.16.840.1.113730
- ACID
- ACL (eDirectory Attribute)
- AD Determining Password Expiration
- ADSTYPE_BOOLEAN
- ADSTYPE_DN_WITH_BINARY
- ADSTYPE_OCTET_STRING
- ANR attribute set
- ARecord
- About
- Abstract Syntax Notation One
- AbzillaPerson
- Access Control
- Access Point
- AccountExpires
- Active Directory Service Interfaces
- ActiveDirectorySchemaChanges
- Adaptive Directory Access Protocol
- Add Request
- AdministrativeRole
- AdministratorsAddress
- AliasedEntryName
- AllowedAttributesEffective
- Ambiguous Name Resolution
- Apache Fortress
- Application namespace
- Assertion Value
- Assistant
- AssociatedDomain
- AssociatedInternetGateway
- AssociatedName
- Attribute
- Attribute Options
- Attribute Type Description
- Attribute Value Assertion
- AttributeSecurityGUID
- AttributeSyntax
- Audio
- Authentication Failures
- AutomountMapName
- BackLink
- Best Practices For LDAP Naming Attributes
- Best Practices for LDAP Security
- Bind Authentication Method
- Bind Request
- Boolean
- BooleanMatch
- BuildingName
- C
- CRAM-MD5
- CarLicense
- Certificate
- Chaining
- ChangeNumber
- ChangeType
- Changelog
- Changes
- Char
- ClassDisplayName
- Cn
- Co
- CollectiveAttributeSubentries
- CollectiveExclusions
- Common Active Directory Bind Errors
- Common Edirectory Bind Errors
- CommonName
- Company
- Comparing LDAP and SQL
- Complex Attribute
- Configuration Files For JSPWIKI And LDAP
- Container
- Control
- Country Code
- Country-Code
- CountryCode
- CountryName
- CountryOfResidence
- Create Read Update Delete
- CreateGroupingRequest
- CreateGroupingResponse
- CreateTimestamp
- Credential Vault
- Criticality
- DC
- DIT Content Rule
- DITContentRules
- DITStructureRules
- DN Escape Values
- DSE_CREATE_ENTRY
- DSE_DELETE_ENTRY
- DSI_ENTRY_FLAGS
- DSML
- DS_OPERATIONAL
- Data Store
- DateOfBirth
- DcObject
- DefinitionDSMLGateway
- Delegation vs Impersonation
- Delete Modification-type
- DeleteOldRDN
- DepartmentNumber
- Description
- Device
- DhcpRelayAgentInfo
- DicPersonInfo
- Digest SSP
- Digital Identity
- DirXML Level Three Trace
- DirXML-DriverFilter
- DirXML-DriverStartOption
- DirXML-JavaDebugPort
- DirXML-NTAccountName
- DirXML-PasswordSyncStatus
- DirectReports
- Directory Enabled Networks
- Directory Information Tree Structure
- Directory Service
- Directory System Agent
- Directory User Agent
- DisplayName
- Distinguished Name Case Sensitivity
- Distinguished Names
- Distributed Data Store
- Domain
- DomainComponent
- DomainControllerFunctionality
- DomainFunctionality
- Draft-behera-ldap-password-policy
- Dump Password Information Tool-Trouble Shooting
- DuplicateAttributeValueLocaterTool
- DxPwdMustChange
- EDirectory
- EDirectory LDAP Transaction
- EDirectory Synchronization
- ERROR_PASSWORD_MUST_CHANGE
- Edirectory Anomalies
- Edirectory Indexes
- EdirectoryLoginUpdate
- EmailAddress
- EmployeeNumber
- EndGroupingRequest
- EndGroupingResponse
- EntryDN
- EntryFlags
- EqualityMatch
- Etag
- Event Monitoring
- Extended Flags
- ExtendedCharsAllowed
- FLAIM
- FacsimileTelephoneNumber
- Filtering for Bit Fields
- ForestFunctionality
- FriendlyCountryName
- FullName
- Gecos
- Gender
- GeneralizedTime
- GetXbyY
- GidNumber
- GivenName
- Glossary Of LDAP And Directory Terminology
- Gluu LDAP
- GroupType
- Groups Are Bad
- History of LDAP
- HomeDirectory
- HomePhone
- HostResourceName
- How Domain Controllers Are Located in Windows
- How To Get Your Own OID
- HttpSessionTimeout
- I-number
- IDM Tricks
- Identity Cube
- Identity Governance Framework
- Import Conversion Export
- Importing Certificates In Imanager
- IndexDefinition
- InetOrgPerson
- Initials
- Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
- Internet Draft
- Introduction To LDAP
- IpProtocol
- IpProtocolNumber
- IpService
- IpServicePort
- IpServiceProtocol
- IsDefunct
- IsDeleted
- IsEphemeral
- IsRecycled
- Isode Limited
- JAVA LDAP SDKs
- Java Naming and Directory Interface
- JpegPhoto
- Kerberos
- Kerberos SSP
- Key Distribution Center
- Key-value
- Kurt Zeilenga
- LDAP Authentication
- LDAP Authentication Methods
- LDAP Client
- LDAP Client Configuration
- LDAP Client Error And Result Codes
- LDAP Connection Maintenance
- LDAP Data Interchange Format
- LDAP Descriptor
- LDAP Directory Information Models
- LDAP Family
- LDAP Group
- LDAP Indexes
- LDAP Internationalized String Preparation
- LDAP Message
- LDAP Monitoring Overview
- LDAP Overview
- LDAP Programing
- LDAP Protocol Exchanges
- LDAP Protocol dependencies
- LDAP Proxy User
- LDAP Request
- LDAP Result Codes
- LDAP Schema
- LDAP Schema Element Extensions
- LDAP Schema for NDS
- LDAP SearchFilters
- LDAP Server
- LDAP Server Standards and Specifications
- LDAP Syntaxes and Matching Rules
- LDAP Tools From Others
- LDAP URL
- LDAP filters Syntax and Choices
- LDAP for Linux and Unix Clients
- LDAP ping
- LDAP policy in Active Directory
- LDAPDisplayName
- LDAPS
- LDAPSyntaxes
- LDAP_SERVER_EXTENDED_DN_OID
- LDAP_SERVER_RANGE_OPTION_OID
- LDAP_TIMELIMIT_EXCEEDED
- LDAP_TIMEOUT
- LDAPv3
- LabeledUri
- Language
- LanguageId
- LdapServerIdleTimeout
- LdapStdCompliance
- LeftMenu
- LegacyExchangeDN
- Lightweight Directory Access Protocol
- Lightweight Directory Access Protocol (LDAP) Authentication Methods and Security Mechanisms
- Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
- Lightweight Directory Access Protocol (LDAP) Parameters
- Lightweight Directory Access Protocol (LDAP) The Protocol
- Lightweight Directory Access Protocol (LDAP) Transactions
- Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
- LinkID
- Local Security Authority
- LocalEntryID
- LocalReceivedUpTo
- LoginAllowedTimeMap
- LoginDisabled
- LoginMaximumSimultaneous
- LoginShell
- Lsss
- MAY
- MONO
- MULTI-VALUE
- MUST
- MacAddress
- MapiID
- MaxActiveQueries
- MaxConnIdleTime
- MaxConnections
- Member
- MemberNisNetgroup
- MemberQueryURL
- MemberUid
- Memory
- Microsoft Active Directory
- Microsoft Active Directory Anomalies
- Microsoft Active Directory Group Synchronization
- MicrosoftLdapApi
- Modify
- Modify Response
- ModifyDNRequest
- ModifyTimestamp
- Ms-DS-Password-Settings-Container
- MsDS-AdditionalSamAccountName
- MsDS-HasInstantiatedNCs
- MsDS-LockoutDuration
- MsDS-LockoutObservationWindow
- MsDS-LockoutThreshold
- MsDS-MaximumPasswordAge
- MsDS-MinimumPasswordAge
- MsDS-MinimumPasswordLength
- MsDS-PSOAppliesTo
- MsDS-PasswordComplexityEnabled
- MsDS-PasswordHistoryLength
- MsDS-PasswordReversibleEncryptionEnabled
- MsDS-PasswordSettingsPrecedence
- MsDS-PhoneticCompanyName
- MsDS-PhoneticDepartment
- MsDS-SupportedEncryptionTypes
- MsDS-User-Account-Control-Computed
- NAME
- NDAP
- NDS Authentication
- NDS Threads
- NDSD Loadable Module
- NDSPKIKeyMaterialDN
- NDSPKISDKeyAccessPartition
- NDSTRACE Examples
- NICISDITreeKeyProviderFaultTolerance
- NIS
- NIS Performance Vs LDAP
- NIS To LDAP Tool
- NMAS
- NTDSService
- Name Form
- Name Service Switch Sources
- NameForms
- NamingContext
- Ndsconfig
- Ndsconfig Parameters
- NdspkiIssueTime
- Ndstrace
- NetworkAddress
- NewRDN
- NewSuperior
- Newsuperior
- NickName
- NisDomain
- NisDomainObject
- NisNetgroup
- NisNetgroupTriple
- Nldap
- Novell Directory Services
- NovellS Challenge Response System
- NsimRandomQuestions
- NsimRequiredQuestions
- NspmAdminsDoNotExpirePassword
- NspmComplexityRules
- NspmConfigurationOptions
- NspmMaximumLength
- NspmPasswordPolicyDN
- Ntdsutil.exe
- NumericString
- O
- OID
- OMObjectClass
- OMSyntax
- Obituary
- ObjectClass
- ObjectClasses
- ObjectSID
- Obtain a Certificate from Server
- On-Demand Password Synchronization
- OpenAssertionType
- OpenDJ
- OpenDS
- Opportunities
- Optimize Modify
- Oracle Internet Directory and DirXML Moves
- Organization
- Owner
- Partition
- PartitionStatus
- Passwd
- Password Expiration
- Password Expiration Warning
- Password Management
- Password Maximum Age
- Password Modify Operation
- Password Policy
- PasswordMinimumLength
- PasswordsUsed
- Permission
- Person
- Photo
- PhysicalDeliveryOfficeName
- PlaceOfBirth
- Policy Based Management System
- Policy Core Extension LDAP Schema
- PostalCode
- PreferredServerList
- PresentationAddress
- PrimaryGroupID
- Protocol Data Unit
- ProxyAddresses
- PwdExpireWarning
- PwdMinAge
- PwdPolicySubEntry
- PwdProperties
- QUIPU
- Queue
- RECMAN
- RFC 2164
- RFC 2247
- RFC 2739
- RFC 3060
- RFC 3062
- RFC 3671
- RFC 3672
- RFC 3712
- RFC 3866
- RFC 4403
- RFC 4510
- RFC 4517
- RFC 4519
- RFC 4523
- RFC 4529
- RFC 4531
- RFC 5020
- RFC 7612
- RFC 8284
- RdnMatch
- Reference
- Remote Authentication Dial-In User Service
- ReplicaUpTo
- Replication
- Request For Comment
- Requesting Attributes by Object Class
- Resource
- Resource Action
- Revision
- SASL
- SASLoginSecretKey
- SASSecurity
- SASService
- SCIM Resource
- SINGLE-VALUE
- SLAPD
- SOAPDSMLDriver
- SUP
- SYNTAX
- SamAccountName
- Samba
- SambaLMPassword
- Schema Extensions
- SchemaFlagsEx
- SearchFlags
- Secure Socket Layer
- Security Controls For This Wiki
- Security Identifier
- SeeAlso
- SerialNumber
- ServerHolds
- ServiceDNSName
- Services.willeke.biz
- Shadow
- ShadowAccount
- ShadowExpire
- ShadowFlag
- ShadowInactive
- ShadowLastChange
- ShadowMax
- ShadowMin
- ShadowWarning
- Simple Authentication
- Simple and Protected GSSAPI Negotiation Mechanism
- Smssmdrclass
- SslEnableMutualAuthentication
- Ssldp
- StartTLS
- Status
- Street
- String Representation of Distinguished Names
- Subentries
- Subject Attributes
- SubmitEventRequest
- SubordinateSubtree
- Substrings
- Synchronization
- SynchronizedUpTo
- Synchronous Operation
- System-Id-Guid
- SystemOnly
- TargetDN
- TelephoneNumber
- The COSINE and Internet X.500 Schema
- The LDAP Controller
- ThisWilki
- Timezone
- Tips using UnboundID LDAP SDK
- TombstoneLifetime
- Toolbox
- Transitioning NIS Maps To LDAP
- TransitiveVector
- Transport Layer Security
- USAGE
- UTCTime
- UUID
- Uid
- UidNumber
- Understanding Name Forms
- UnderstandingSchemaInOpenDS
- UniqueIdentifier
- UniqueMember
- UniversalPasswordSecretBits
- University of Michigan
- UnknownBaseClass
- User
- UserAccountControl
- Using LDAP over IPC Mechanisms
- Using User Attribute Values for Tomcat Roles
- UsnChanged
- Value Object
- Verify DNS Records
- Virtual Directory
- Web Blog_blogentry_020117_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_180317_1
- Web Blog_blogentry_200217_2
- Web Blog_blogentry_210615_1
- Web Blog_blogentry_250816_1
- Which Jane Doe
- Who Am I Extended Operation
- Why OpenID Connect
- X-NDS_CONTAINMENT
- X-NDS_NAME
- X.500
- X500UniqueIdentifier
- XDAS Trust Management Events
- authoritative
- shadowLastChange
