Overview#
LDAP is an Abbreviation of Lightweight Directory Access Protocol which is a Protocol.However, most of our references will use LDAP
LDAP or LDAP is a protocol that may be used to communicate with a DSA.
LDAP is an open standard that uses the Basic Encoding Rules (Basic Encoding Rules) subset of ASN.1 to encode communication for each LDAP Message.
LDAP is a request-response type of protocol where each request is followed by a response.
There are several LDAP Protocol Exchanges which can be one or more request and zero or more responses
An Introduction to LDAP #
An Introduction to LDAP for basic information.Some Views on LDAP#
LDAP Result Codes #
Remember, LDAP is simple, there is a limited number of server LDAP Result Codes.LDAP Searches #
As LDAP Searches are the most common interaction in LDAP, we have a LOT of information on the subject.LDAP Server Implementations #
LDAP servers, or DSA are available form several sources as LDAP Server ImplementationsLDAP Browsers #
The most common LDAP Client or DUA is the LDAP Browsers. We have a list of the LDAP Browsers we know about.Why LDAP is Important #
Why we think LDAP is Important. As primarily folks that integrate with many systems, we see the ins and outs of communication with many different types of systems on a daily basis.LDAP Best Practices#
- Best Practices for LDAP Security
- Best Practices For LDAP Naming Attributes
- Best Practices For Unique Identifiers
- Best Practices Password
LDAP Information#
- The Enterprise Directory
- LDAP Protocol Mechanisms
- LDAP Schema
- LDAP Extensions and Controls Listing - includes supportedControls, supportedExtensions and supportedFeatures which maybe selectively filtered.
- LDIF Files
- LDAP to Google
More Information #
There might be more information for this subject on one of the following:- 1.3.6.1.4.1.1466.20037
- 1.3.6.1.4.1.8876.2
- 2.16.840.1.113719.1.1.4.1.111
- 2.16.840.1.113719.1.1.4.1.96
- 2.16.840.1.113730
- ACID
- ACL (eDirectory Attribute)
- AD Determining Password Expiration
- ADSTYPE_BOOLEAN
- ADSTYPE_DN_WITH_BINARY
- ADSTYPE_OCTET_STRING
- ADV190023
- ANR attribute set
- ARecord
- About
- Abstract Syntax Notation One
- AbzillaPerson
- Access Control
- Access Point
- AccountExpires
- AccountNameHistory
- Active Directory Groups
- Active Directory RISK Related Searches
- Active Directory Service Interfaces
- Active Directory Site
- ActiveDirectorySchemaChanges
- Adaptive Directory Access Protocol
- Add Request
- AdministrativeRole
- AdministratorsAddress
- AliasedEntryName
- AllowedAttributesEffective
- Ambiguous Name Resolution
- Apache Fortress
- Application namespace
- ApplicationObjectSchema
- Assertion Value
- Assistant
- AssociatedDomain
- AssociatedInternetGateway
- AssociatedName
- Attribute
- Attribute Options
- Attribute Type Description
- Attribute Value Assertion
- AttributeSecurityGUID
- AttributeSyntax
- Audio
- Authentication Failures
- Autofs
- Automount
- AutomountInformation
- AutomountKey
- AutomountMap
- AutomountMapName
- BackLink
- Basic Encoding Rules
- Best Practices For LDAP Naming Attributes
- Best Practices for LDAP Security
- Bind Authentication Method
- Bind Request
- Binding
- BirthDate
- BirthName
- Boolean
- BooleanMatch
- BootableDevice
- BuildingName
- Bulk Update-Replication Protocol
- C
- CRAM-MD5
- CarLicense
- Certificate
- Chaining
- ChangeNumber
- ChangeType
- Changelog
- Changes
- Channel Binding
- Char
- City
- ClassDisplayName
- Cn
- Co
- CollectiveAttributeSubentries
- CollectiveExclusions
- Common Active Directory Bind Errors
- Common Edirectory Bind Errors
- CommonName
- Company
- Comparing LDAP and SQL
- Complex Attribute
- Configuration Files For JSPWIKI And LDAP
- Container
- Control
- Counter_LDAPSyntax
- Country
- Country Code
- Country-Code
- CountryCode
- CountryName
- CountryOfResidence
- Create Read Update Delete
- CreateGroupingRequest
- CreateGroupingResponse
- CreateTimestamp
- Credential Vault
- Criticality
- DC
- DIT Content Rule
- DITContentRules
- DITStructureRules
- DN Escape Values
- DSE_CREATE_ENTRY
- DSE_DELETE_ENTRY
- DSI_ENTRY_FLAGS
- DSML
- DS_FLAG
- DS_OPERATIONAL
- DataStore
- DateOfBirth
- DcObject
- DefaultHidingValue
- DefaultObjectCategory
- DefinitionDSMLGateway
- Delegation vs Impersonation
- Delete Modification-type
- DeleteOldRDN
- DepartmentNumber
- Description
- Device
- DhcpDomainName
- DhcpRelayAgentInfo
- DicPersonInfo
- Differences between LDAP 2 and 3 Protocols
- Digest SSP
- Digital Identity
- DirXML Driver
- DirXML Level Three Trace
- DirXML-ConfigValues
- DirXML-DriverFilter
- DirXML-DriverStartOption
- DirXML-JavaDebugPort
- DirXML-NTAccountName
- DirXML-NamedPasswords
- DirXML-PasswordSyncStatus
- DirXML-ShimAuthPassword
- DirectReports
- Directory Enabled Networks
- Directory Information Tree Structure
- Directory Service
- Directory System Agent
- Directory User Agent
- DisplayName
- Distinguished Name Case Sensitivity
- Distinguished Names
- Distributed Data Store
- Domain
- Domain Users
- DomainComponent
- DomainControllerFunctionality
- DomainFunctionality
- Draft-behera-ldap-password-policy
- DsRevision
- Dump Password Information Tool-Trouble Shooting
- DuplicateAttributeValueLocaterTool
- DxPwdMustChange
- EDirCloneLock
- EDirectory
- EDirectory Common Event Format
- EDirectory LDAP Transaction
- EDirectory Synchronization
- ERROR_DS_ENCODING_ERROR
- ERROR_PASSWORD_MUST_CHANGE
- Edirectory Anomalies
- Edirectory Indexes
- EdirectoryLoginUpdate
- EmailAddress
- EmployeeNumber
- Enable UserPassword in Microsoft Active Directory
- EndGroupingRequest
- EndGroupingResponse
- EnhancedSearchGuide
- EntryDN
- EntryFlags
- EqualityMatch
- Etag
- Event Monitoring
- Extended Flags
- ExtendedCharsAllowed
- ExtensibleObject
- FLAIM
- FacsimileTelephoneNumber
- FilteredReplicaUsage
- Filtering for Bit Fields
- ForestFunctionality
- FriendlyCountryName
- FullName
- Gecos
- Gender
- GeneralizedTime
- GetXbyY
- GidNumber
- GivenName
- Glossary Of LDAP And Directory Terminology
- Gluu LDAP
- GroupType
- Groups Are Bad
- History of LDAP
- HomeDirectory
- HomePhone
- HostResourceName
- How Domain Controllers Are Located in Windows
- How To Get Your Own OID
- HttpSessionTimeout
- I-number
- IDM Tricks
- Identity Cube
- Identity Governance Framework
- Import Conversion Export
- Importing Certificates In Imanager
- IndexDefinition
- InetOrgPerson
- Initials
- Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
- Internet Draft
- Introduction To LDAP
- IpProtocol
- IpProtocolNumber
- IpService
- IpServicePort
- IpServiceProtocol
- IsDefunct
- IsDeleted
- IsEphemeral
- IsRecycled
- Isode Limited
- JAVA LDAP SDKs
- Java Naming and Directory Interface
- JpegPhoto
- Kerberos
- Kerberos SSP
- Key Distribution Center
- Key-value
- Kurt Zeilenga
- L
- LDAP Authentication
- LDAP Authentication Methods
- LDAP Client
- LDAP Client Configuration
- LDAP Client Error And Result Codes
- LDAP Connection Maintenance
- LDAP Data Interchange Format
- LDAP Dereference Control
- LDAP Descriptor
- LDAP Directory Information Models
- LDAP Family
- LDAP Group
- LDAP Indexes
- LDAP Internationalized String Preparation
- LDAP Message
- LDAP Monitoring Overview
- LDAP Overview
- LDAP Programing
- LDAP Protocol Exchanges
- LDAP Protocol dependencies
- LDAP Proxy User
- LDAP Query Examples
- LDAP Request
- LDAP Result Codes
- LDAP Schema
- LDAP Schema Element Extensions
- LDAP Schema for NDS
- LDAP SearchFilters
- LDAP Server
- LDAP Server Standards and Specifications
- LDAP Signing
- LDAP Syntaxes and Matching Rules
- LDAP Tools From Others
- LDAP URL
- LDAP and Active Directory
- LDAP and Bind Throttling
- LDAP filters Syntax and Choices
- LDAP for Linux and Unix Clients
- LDAP ping
- LDAP policy in Active Directory
- LDAP schema used by autofs
- LDAPAdminLimits
- LDAPDisplayName
- LDAPS
- LDAPServerIntegrity
- LDAPSyntaxes
- LDAP_ADMINLIMIT_EXCEEDED
- LDAP_CONTROL_NOT_FOUND
- LDAP_SERVER_DOWN
- LDAP_SERVER_EXTENDED_DN_OID
- LDAP_SERVER_RANGE_OPTION_OID
- LDAP_SERVER_SD_FLAGS_OID
- LDAP_TIMELIMIT_EXCEEDED
- LDAP_TIMEOUT
- LDAPv2
- LDAPv3
- LDIF Examples Of NIS Migrated Entries
- LabeledUri
- Language
- LanguageId
- LdapBindRestrictions
- LdapGroup
- LdapGroupDN
- LdapInterfaces
- LdapKeyMaterialName
- LdapPermissiveModify
- LdapServerIdleTimeout
- LdapStdCompliance
- Ldapconfig
- LeftMenu
- LegacyExchangeDN
- Lightweight Directory Access Protocol
- Lightweight Directory Access Protocol (LDAP) Authentication Methods and Security Mechanisms
- Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
- Lightweight Directory Access Protocol (LDAP) Parameters
- Lightweight Directory Access Protocol (LDAP) The Protocol
- Lightweight Directory Access Protocol (LDAP) Transactions
- Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
- Limber
- LinkID
- Local Security Authority
- LocalEntryID
- LocalReceivedUpTo
- Locality
- LoginAllowedTimeMap
- LoginDisabled
- LoginMaximumSimultaneous
- LoginShell
- Lsss
- MAY
- MONO
- MULTI-VALUE
- MUST
- MacAddress
- ManagedBy
- Manager
- MapiID
- MaxActiveQueries
- MaxBatchReturnMessages
- MaxConnIdleTime
- MaxConnections
- Maximum Database Record Size
- Member
- MemberNisNetgroup
- MemberOf
- MemberQueryURL
- MemberUid
- Memory
- Microsoft Active Directory
- Microsoft Active Directory Anomalies
- Microsoft Active Directory Group Synchronization
- MicrosoftLdapApi
- Mobile
- ModifiersName
- Modify
- Modify Response
- ModifyDNRequest
- ModifyTimestamp
- Monitor Entry
- Ms-DS-Password-Settings-Container
- MsDS-AdditionalSamAccountName
- MsDS-GroupManagedServiceAccount
- MsDS-HasInstantiatedNCs
- MsDS-LockoutDuration
- MsDS-LockoutObservationWindow
- MsDS-LockoutThreshold
- MsDS-MaximumPasswordAge
- MsDS-MinimumPasswordAge
- MsDS-MinimumPasswordLength
- MsDS-PSOAppliesTo
- MsDS-PasswordComplexityEnabled
- MsDS-PasswordHistoryLength
- MsDS-PasswordReversibleEncryptionEnabled
- MsDS-PasswordSettingsPrecedence
- MsDS-PhoneticCompanyName
- MsDS-PhoneticDepartment
- MsDS-SupportedEncryptionTypes
- MsDS-TrustForestTrustInfo
- MsDS-User-Account-Control-Computed
- NDAP
- NDS Master Replica
- NDS Thread Pool
- NDS Threads
- NDSD Loadable Module
- NDSPKIKeyMaterialDN
- NDSPKISDKeyAccessPartition
- NDSRightsToMonitor
- NDSTRACE Examples
- NICISDITreeKeyProviderFaultTolerance
- NIS
- NIS Maps And LDAP Attributes
- NIS Performance Vs LDAP
- NIS To LDAP Tool
- NMAS
- NMAS_LOGIN
- NTDSDSA
- NTDSService
- NTDSSiteSettings
- Name
- Name Form
- Name Service Switch Sources
- NameForms
- NamingContext
- NdsStatusLimber
- Ndsconfig
- Ndsconfig Parameters
- NdspkiIssueTime
- Ndstrace
- Netgroup
- NetworkAddress
- NewRDN
- NewSuperior
- Newsuperior
- NickName
- NisDomain
- NisDomainObject
- NisMap
- NisMapEntry
- NisMapName
- NisNetgroup
- NisNetgroupTriple
- NisObject
- Nldap
- Novell Directory Services
- NovellS Challenge Response System
- NsimRandomQuestions
- NsimRequiredQuestions
- NspmAdminsDoNotExpirePassword
- NspmComplexityRules
- NspmConfigurationOptions
- NspmDoNotExpirePassword
- NspmExtendedCharactersAllowed
- NspmMaximumLength
- NspmPassword
- NspmPasswordHistory
- NspmPasswordHistoryExpiration
- NspmPasswordHistoryLimit
- NspmPasswordKey
- NspmPasswordPolicyDN
- NspmPolicyAgentAIX
- Ntdsutil.exe
- NumericString
- NxsettingsDriver
- O
- OID
- OMObjectClass
- OMSyntax
- Obituary
- ObituaryNotify
- Object
- ObjectClass
- ObjectClasses
- ObjectGUID
- ObjectSID
- Obtain a Certificate from Server
- OctetString
- On-Demand Password Synchronization
- OncRpc
- OpenAssertionType
- OpenDJ
- OpenDS
- OperationalAttribute
- Opportunities
- Optimize Modify
- Oracle Internet Directory and DirXML Moves
- Organization
- OrganizationalUnitName
- Ou
- Owner
- Partition
- PartitionStatus
- Passwd
- Password Expiration
- Password Expiration Warning
- Password Management
- Password Maximum Age
- Password Modify Operation
- Password Policy
- PasswordExpirationTime
- PasswordMinimumLength
- PasswordsUsed
- Permission
- Person
- Phone Number
- Photo
- PhysicalDeliveryOfficeName
- PlaceOfBirth
- Policy Based Management System
- Policy Core Extension LDAP Schema
- PostalCode
- PreferredServerList
- PresentationAddress
- PrimaryGroupID
- Protocol Data Unit
- ProxyAddresses
- PurgeVector
- PwdAccountLockedTime
- PwdExpireWarning
- PwdInHistory
- PwdMinAge
- PwdPolicySubEntry
- PwdProperties
- QUIPU
- QueryPolicy
- QueryPolicyObject
- Queue
- RECMAN
- RFC 2164
- RFC 2247
- RFC 2739
- RFC 3060
- RFC 3062
- RFC 3112
- RFC 3671
- RFC 3672
- RFC 3712
- RFC 3866
- RFC 4373
- RFC 4403
- RFC 4510
- RFC 4517
- RFC 4519
- RFC 4523
- RFC 4529
- RFC 4531
- RFC 5020
- RFC 7612
- RFC 8284
- RdnAttId
- RdnMatch
- Red Hat
- Reference
- Remote Authentication Dial-In User Service
- Replica
- ReplicaUpTo
- Replication
- Request For Comment
- Requesting Attributes by Object Class
- Resolution_AttrubuteType
- Resource
- Resource Action
- Revision
- SASL
- SASLoginSecretKey
- SASSecurity
- SASService
- SCIM Resource
- SINGLE-VALUE
- SLAPD
- SOAPDSMLDriver
- SPNEGO
- SSL Handshake Failed
- SUP
- SYNTAX
- SamAccountName
- Samba
- SambaLMPassword
- SapAddOnUM
- Schema Extensions
- SchemaFlagsEx
- SearchFlags
- SearchGuide
- SearchResultReference
- SearchSizeLimit
- SearchTimeLimit
- Secure Socket Layer
- Security Controls For This Wiki
- Security Descriptor
- Security Identifier
- SeeAlso
- SerialNumber
- ServerHolds
- ServiceDNSName
- Services.willeke.biz
- Shadow
- ShadowAccount
- ShadowExpire
- ShadowFlag
- ShadowInactive
- ShadowLastChange
- ShadowMax
- ShadowMin
- ShadowWarning
- Simple Authentication
- Simple and Protected GSSAPI Negotiation Mechanism
- Site
- Skulker
- Smssmdrclass
- Sources of Authority
- SslEnableMutualAuthentication
- Ssldp
- StartTLS
- Status
- Street
- String Representation of Distinguished Names
- Subentries
- Subject Attributes
- SubmitEventRequest
- SubordinateSubtree
- Substrings
- SudoRole
- Synchronization
- SynchronizedUpTo
- Synchronous Operation
- System-Id-Guid
- SystemOnly
- TLS
- TargetDN
- TelephoneNumber
- The COSINE and Internet X.500 Schema
- The LDAP Controller
- ThisWilki
- Timezone
- Tips using UnboundID LDAP SDK
- TokenGroups
- TombstoneLifetime
- Tomcat And LDAP
- Toolbox
- Transitioning NIS Maps To LDAP
- TransitiveVector
- Transport Layer Security
- TrustedDomain
- URL
- USAGE
- UTCTime
- UUID
- Uid
- UidNumber
- Understanding Name Forms
- UnderstandingSchemaInOpenDS
- UniqueIdentifier
- UniqueMember
- UniversalPasswordSecretBits
- University of Michigan
- UnixHomeDirectory
- UnknownBaseClass
- User
- User-agent
- UserAccountControl
- Using LDAP over IPC Mechanisms
- Using User Attribute Values for Tomcat Roles
- UsnChanged
- Value Object
- Verifiable Claims
- Verify DNS Records
- Virtual Directory
- Virtual List View Control
- Web Blog_blogentry_020117_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_180317_1
- Web Blog_blogentry_200217_2
- Web Blog_blogentry_210615_1
- Web Blog_blogentry_250816_1
- WhenChanged
- Which Jane Doe
- Who Am I Extended Operation
- Why OpenID Connect
- Windows Security Log Event
- X-HIDDEN
- X-NDS_CONTAINMENT
- X-NDS_NAME
- X.500
- X500UniqueIdentifier
- XDAS Trust Management Events
- authoritative
- shadowLastChange