<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}]

The most obvious differences between the two [LDAP] [versions] are in the [LDAP Message] and [LDAP Result] structures. [LDAPv3] has replaced the [Search Response] field with these new fields.
* [SearchResultEntry] 
* [SearchResultDone]
* [SearchResultReference]  

The Search operation uses the [extendedResp|Extended Response] field if the original [LDAP Message] used the [extendReq|Extended Request] field.

[LDAPv3] [LDAP Result] added these new fields:
* [referral|LDAP Referral] (10)
* [adminLimitExceeded] (11)
* [unavailableCriticalExtension] (12)
* [confidentialityRequired] (13)
* [saslBindInProgress] (14)
* [affectsMultipleDSAs] (71)

LDAPv3 adds the following features to [LDAP] which were not available in [LDAPv2]:
* Strong authentication and data security services via [SASL]
* [Certificate] [authentication] and data security services via [TLS] ([SSL])
* Internationalization through the use of [Unicode] ([UTF-8])
* [LDAP Referrals] and Continuations
** In [LDAPv2] servers are supposed to handle [LDAP Referrals] and not return them to the client. ([Chaining]) 
* [LDAP Schema] [Discovery Mechanism]
** In [LDAPv2] had little consistency within the [LDAP Schema]
* Extensibility ([SupportedControl], [Extended Request] operations, and more)
** In [LDAPv2] the only common field was the [Message ID]. [LDAPv3] adds a common [SupportedControl] field so that the [LDAP] [protocol] can be extended.
* [Modrdn] would only rename an entry with the same [context]. To move an entry it needed to be deleted and then use an [Add Request]
* [OperationalAttribute] was not available in [LDAPv2]

%%warning
[LDAPv2] is considered [historic] ([RFC 3494]). Interoperability amongst [LDAP Server Implementations] claiming [LDAPv2] support is limited. [LDAPv2] should be avoided. 
%%

%%zebra-table
%%sortable
%%table-filter
||Protocol element||Must||RFC||[LDAPv2] Should||[LDAPv2] May||[LDAPv3] Must||[LDAPv3] Should||[LDAPv3] May||Standard||Compliant
|Auxiliary classes assigned to entries|2252 section 4.4, 6.1| | | |X| | 
|Bind authentication Cleartext|1777 section 4.1, 6| | | | | |

/%
/%
/%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Differences between LDAP 2 and 3 Protocols|https://support.novell.com/techcenter/articles/dnd19980802.html|target='_blank'] - based on information obtained 2019-03-19 
























</pre>