This action might not be possible to undo. Are you sure you want to continue?
Page 1 of 12
From Wikipedia, the free encyclopedia
The Lightweight Directory Access Protocol (LDAP) (pronounced /ˈɛldæp/) is an application protocol for reading and editing directories over an IP network. A directory in this sense is an organized set of records: for example, a telephone directory is an alphabetical list of persons and organizations with an address and phone number in each "record". The latest version of LDAP is Version 3, which is specified in a series of Internet Engineering Task Force (IETF) Standard Track Requests for comments (RFCs) as detailed in RFC 4510.
■ ■ ■ ■ 1 Origin and influences 2 Protocol overview 3 Directory structure 4 Operations ■ 4.1 StartTLS ■ 4.2 Bind (authenticate) ■ 4.3 Search and Compare ■ 4.4 Update Data ■ 4.5 Extended operations ■ 4.6 Abandon ■ 4.7 Unbind 5 LDAP URLs 6 Schema 7 Variations 8 Other data models 9 Usage ■ 9.1 Naming structure 10 Terminology 11 See also 12 References 13 Further reading 14 External links ■ 14.1 Configuration ■ 14.2 RFCs
Internet Protocol Suite
Application Layer BGP · DHCP · DNS · FTP · HTTP · IMAP · IRC · LDAP · MGCP · NNTP · NTP · POP · RIP · RPC · RTP · SIP · SMTP · SNMP · SSH · Telnet · TLS/SSL · XMPP · (more) Transport Layer TCP · UDP · DCCP · SCTP · RSVP · ECN · (more) Internet Layer IP (IPv4, IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more) Link Layer ARP/InARP · NDP · OSPF · Tunnels (L2TP) · PPP · Media Access Control (Ethernet, DSL, ISDN, FDDI) · (more)
■ ■ ■ ■ ■ ■ ■ ■ ■ ■
Origin and influences
Telecommunication companies' understanding of directory requirements was well developed after some 70 years of producing and managing telephone directories. These companies introduced the concept of directory services to information technology and computer networking, their input culminating in the comprehensive X.500 specification, a suite of protocols produced by the International Telecommunication Union (ITU) in the 1980s.
The client may request the following operations: ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Start TLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection Bind — authenticate and specify LDAP protocol version Search — search for and/or retrieve directory entries Compare — test if a named entry contains a given attribute value Add a new entry Delete an entry Modify an entry Modify Distinguished Name (DN) — move or rename an entry Abandon — abort a previous request Extended Operation — generic operation used to define other operations Unbind — close the connection (not the inverse of Bind) http://en. and the server sends responses in return. This model of directory access was borrowed from the DIXIE and Directory Assistance Service protocols. as LDAP removed any need to deploy an OSI network.wikipedia. superseded LDAPv2 and added support for extensibility. LDAP has influenced subsequent Internet protocols.LDAP . The protocol was originally created by Tim Howes of the University of Michigan. It was given its Lightweight name because it was not as network intensive as its DAP predecessor and thus was more easily implemented over the internet due to its relatively modest bandwidth usage.500. With some exceptions. by default on TCP port 389.Wikipedia. In the early engineering stages of LDAP.500. as did directory servers supporting both DAP and LDAP. Steve Kille of Isode Limited.500 directory services were traditionally accessed via the X. which required the Open Systems Interconnection (OSI) protocol stack. and the server may send the responses in any order. Standalone LDAP directory servers soon followed. XML Enabled Directory (XED). LDAPv3.. Protocol overview A client starts an LDAP session by connecting to an LDAP server. integrated the Simple Authentication and Security Layer. LDAP was originally intended to be a lightweight alternative protocol for accessing X. circa 1993. Mark Wahl of Critical Angle Inc. and Steve Kille started work in 1996 on a new version of LDAP. and the Service Location Protocol (SLP).500 Directory Access Protocol (DAP). or LDBP. Service Provisioning Markup Language (SPML). the client does not need to wait for a response before sending the next request.500 directory services through the simpler (and now widespread) TCP/IP protocol stack. X. and Wengyik Yeong of Performance Systems International. LDAPv3. and better aligned the protocol to the 1993 edition of X. The client then sends an operation request to the server. The latter has become popular in enterprises. first published in 1997. under the aegis of the Internet Engineering Task Force (IETF). including later versions of X. called a Directory System Agent (DSA). Directory Service Markup Language (DSML). it was known as Lightweight Directory Browsing Protocol. the free encyclopedia Page 2 of 12 X. to include directory update functions. Tim Howes. Today. It was renamed with the expansion of the scope of the protocol beyond directory browsing and searching. Further development of the LDAPv3 specifications themselves and of numerous extensions adding features to LDAPv3 has come through the IETF.500 directory protocols including DAP can also be used directly over TCP/IP.org/wiki/LDAP 2/25/2011 .
The attributes are defined in a schema (see below). A common alternate method of securing LDAP communication is using an SSL tunnel.dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6789 telephoneNumber: +1 888 555 1232 mail: firstname.lastname@example.org would be the RDN). ■ Each entry has a unique identifier: its Distinguished Name (DN). then myfile. followed by the parent entry's DN. when entries are moved within a tree.Wikipedia. The default port for LDAP over SSL is 636. Be aware that a DN may change over the lifetime of the entry. and protocol messages are encoded in the binary format BER.dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top "dn" is the distinguished name of the entry. http://en. It uses textual representations for a number of ASN. "dc" for domain component. a UUID might be provided in the set of the entry's operational attributes. This is denoted in LDAP URLs by using the URL scheme "ldaps". for instance. Attribute names are typically mnemonic strings.g.dc=example. like "cn" for common name.g. The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification.ietf. ■ An entry consists of a set of attributes. which follow the 1993 edition of the X. and "dc=example.500 model: ■ A directory is a tree of directory entries. Directory structure The protocol accesses LDAP directories. which was officially retired in 2003 (http://tools. To reliably and unambiguously identify entries. if C:\foo\bar\myfile.com manager: cn=Barbara Doe. it's not an attribute nor part of the entry.txt were the DN. LDAP is defined in terms of ASN.org/html/draft-zeilenga-ldapv2-04) . This usage has been deprecated along with LDAPv2. The other lines show the attributes in the entry. however.dc=example. constructed from some attribute(s) in the entry. e. This consists of its Relative Distinguished Name (RDN).org/wiki/LDAP 2/25/2011 .1 fields/types. where "dc" denotes 'Domain Component'. Think of the DN as the full file path and the RDN as its relative filename in its parent folder (e.LDAP . before it times out a connection. An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol): dn: cn=John Doe.wikipedia. "mail" for e-mail address and "sn" for surname. "cn=John Doe" is the entry's RDN (Relative Distinguished Name).1. the free encyclopedia Page 3 of 12 In addition the server may send "Unsolicited Notifications" that are not responses to any request.dc=com" is the DN of the parent entry. ■ An attribute has a name (an attribute type or attribute description) and one or more values.
wikipedia. Bind also sets the LDAP protocol version. and modern software should only use StartTLS. The server typically checks the password against the userPassword attribute in the named entry. so the connection should be protected using Transport Layer Security (TLS).dc=example. but is not required in LDAPv3 (the current LDAP version). LDAPS was used with LDAPv2. During TLS negotiation the server sends its X. After doing so. Anonymous Bind (with empty DN and password) resets the connection to anonymous state. and an attribute is a set of values. Kerberos or the client certificate sent with TLS. commonly known as "LDAP over SSL") protocol on a separate port. It can provide data confidentiality (to protect data from being observed by third parties) and/or data integrity protection (which protects the data from tampering). Operations Expand discussion of referral responses to various operations.dc=com" could return a referral or continuation reference to a server which holds that part of the directory tree. the free encyclopedia Page 4 of 12 A server holds a subtree starting from a specific entry. especially modify. which is the default in the protocol but not always in LDAP libraries. http://en. so an attempt to access "ou=department. the client requests the server derive its identity from credentials provided at a lower level (such as TLS). the attributes in an entry.g. "dc=example. Bind (authenticate) The Bind operation authenticates the client to the server. By using the SASL/EXTERNAL. by default 636. This follows from the formal definitions . Bind had to be the first operation in a session in LDAPv2. and the entries found by a search operation in any order. e.g. StartTLS The StartTLS operation establishes Transport Layer Security (the descendant of SSL) on the connection.LDAP . the client and server establish TLS before any LDAP messages are transferred (without a StartTLS operation) and 2) the LDAPS connection must be closed upon TLS closure. Some servers also support chaining. SASL (Simple Authentication and Security Layer) Bind provides authentication services through a wide range of mechanisms. LDAPS differs from LDAP in two ways: 1) upon connect. for example where all modifies must be directed from replicas to a master directory.Wikipedia. LDAP rarely defines any ordering: The server may return the values of an attribute. The use of LDAPS is deprecated. typically the server will use the identity information established by TLS. Normally clients should use LDAPv3. the client may then use SASL/EXTERNAL. Servers also often support the non-standard "LDAPS" ("Secure LDAP".dc=com" and its children. which means the server contacts the other server and returns the results to the client. The client may also send a certificate to prove its identity. e. Servers may also hold references to other servers. Though technically the server may use any identity information established at any lower level. Simple Bind can send the user's DN and password in plaintext. because the StartTLS operation had not yet been defined.509 certificate to prove its identity.an entry is defined as a set of attributes. and sets need not be ordered. The client can then contact the other server.org/wiki/LDAP 2/25/2011 .
org/wiki/LDAP 2/25/2011 . and maximum time to allow search to run. scope What elements below the baseObject to search. the filter (& (objectClass=person)(|(givenName=John)(mail=john*))) will select "persons" (elements of objectClass person) who either have the given name "John" or an e-mail address that begins with the string "john". singleLevel (entries immediately below the base DN). derefAliases Whether and how to follow alias entries (entries which refer to other entries). The server may support renaming of entire directory subtrees. timeLimit Maximum number of entries to return. the free encyclopedia Page 5 of 12 Search and Compare The Search operation is used to both search for and read entries. The Compare operation takes a DN. sizeLimit. LDAP does not define transactions of multiple operations: If you read an entry and then modify it. For example. add new values. The server returns the matching entries and potentially continuation references. The final result will include the result code. or wholeSubtree (the entire subtree starting at the base DN). This can be BaseObject (search just the named entry. optionally the new parent's DN. attributes Which attributes to return in result entries.LDAP . Servers may implement extensions  which support this. These may be returned in any order. typically used to read one entry). or replace the current values with the new ones.Wikipedia. another client may have updated the entry in the mean time. and Modify DN . On the other hand. Update Data Add.wikipedia. though. http://en. Delete. Modify takes a list of attributes to modify and the modifications to each: Delete the attribute or some values. an attribute name and an attribute value. typesOnly Return attribute types only. Add operations also can have additional attributes and values for those attributes.all require the DN of the entry that is to be changed. An update operation is atomic: Other operations will see either the new entry or the old one. and a flag which says whether to delete the value(s) in the entry which match the old RDN. Modify DN (move/rename entry) takes the new RDN (Relative Distinguished Name). Its parameters are: baseObject The DN (Distinguished Name) of the entry at which to start the search. not attribute values. filter Criteria to use in selecting elements within scope. and checks if the named entry contains that attribute with that value.
Unbind The Unbind operation abandons any outstanding operations and closes the connection. This should not be confused with LDAP with TLS. omitting the host. It also instructs the server to cancel operations that can be canceled. and to not send responses for operations that cannot be canceled. but not all implementations support this. special characters must be percent-encoded. DN is the distinguished name to use as the search base. http://en. It has no response. and which servers return in referrals and continuation references (see RFC 4516): ldap://host:port/DN?attributes?scope?filter?extensions Most of the components. neither Abandon nor a successfully abandoned operation send a response. Abandon The Abandon operation requests that the server abort an operation named by a message ID. Clients can abort a session by simply closing the connection. There is a similar non-standard ldaps: URL scheme for LDAP over SSL.Wikipedia. which is achieved using the StartTLS operation using the standard ldap: scheme. the free encyclopedia Page 6 of 12 Extended operations The Extended Operation is a generic LDAP operation which can be used to define new operations. The name is of historical origin.dc=com" refers to all user attributes in John Doe's entry in ldap. As in other URLs. but they should use Unbind. "ldap://ldap. and the double question mark. and is not the opposite of the Bind operation. Unfortunately. which are described below.com/cn=John%20Doe. The server need not honor the request. scope specifies the search scope and can be "base" (the default). A similar Cancel extended operation has therefore been defined which does send responses. For example (objectClass=*) as defined in RFC 4515. are optional.example. ■ ■ ■ ■ ■ ■ ■ host is the FQDN or IP address of the LDAP server to search. "one" or "sub". For example.dc=com??sub? (givenName=John)" searches for the entry in the default server (note the triple slash.example. Unbind allows the server to gracefully close the connection and free resources that it would otherwise keep for some time until discovering the client had abandoned the connection.com. port is the network port of the LDAP server. Examples include the Cancel and Password Modify. omitting the attributes).LDAP .dc=example.org/wiki/LDAP 2/25/2011 . attributes is a comma-separated list of attributes to retrieve.wikipedia. extensions are extensions to the LDAP URL format. filter is a search filter. while "ldap:///dc=example.  LDAP URLs An LDAP URL format exists which clients support in varying degree.
For example. and other attributes. The schema definition of the classes of an entry defines what kind of object the entry may represent . It has a number of elements. a person. and allow the entry also to contain "userPassword". ■ Attribute Types—Define an OID and a set of names that may be used to refer to a given attribute. the free encyclopedia Page 7 of 12 Schema The contents of the entries in a subtree are governed by a schema known as a directory information tree (DIT).g. organization or domain. Each entry must have an objectClass attribute. http://en. A schema for representing individual people within organizations is termed a white pages schema. Since entries may have multiple ObjectClasses values.) Server administrators can add additional schema entries in addition to the provided schema elements.wikipedia. and associates that attribute with a syntax and set of matching rules. A parallel to the schema of an objectClass is a class definition and an instance in Object-oriented programming. containing named classes defined in the schema. Directory servers may publish the directory schema controlling an entry at a base DN given by the entry's subschemaSubentry operational attribute.org/wiki/LDAP 2/25/2011 . The schema of a Directory Server defines a set of rules that govern the kinds of information that the server can hold. ■ Matching Rules—Provide information about how to make comparisons against attribute values.Wikipedia. Attributes are the elements responsible for storing information in a directory. and the schema defines the rules for which attributes may be used in an entry.LDAP . and how clients may interact with those values. respectively. ■ Content Rules—Define additional constraints about the object classes and attributes that may be used in conjunction with an entry. The object class definitions also define the list of attributes that must contain values and the list of attributes which may contain values. "telephoneNumber". including: ■ Attribute Syntaxes—Provide information about the kind of information that can be stored in an attribute. and a single entry can have multiple ObjectClasses values which define the available and required attributes of the entry itself. the kinds of values that those attributes may have. representing LDAP objectClass and LDAP entry. an entry representing a person might belong to the classes "top" and "person". ■ Matching Rule Uses—Indicate which attribute types may be used in conjunction with a particular matching rule. ObjectClasses can be inherited. (An operational attribute describes operation of the directory rather than user information and is only returned from a search when it is explicitly requested. Clients may learn about the schema elements that the server supports by retrieving an appropriate subschema subentry. ■ Name Forms—Define rules for the set of attributes that should be included in the RDN for an entry. ■ Object Classes—Define named collections of attributes and classify them into sets of required and optional attributes. Membership in the "person" class would require the entry to contain the "sn" and "cn" attributes. ■ Structure Rule—Define rules that govern the kinds of subordinate entries that a given entry may have. The schema defines object classes.e. each entry has a complex of optional and mandatory attribute sets formed from the union of the object classes it represents.
others arise when used with nonX. Below the top level.g. and impose various limits.the server may use flat files.500 servers may support LDAP as well. the organization's top level LDAP URL becomes ldap://ldap. Attributes can have options that may modify their semantics. Access control is not standardized. data storage in the server is not specified .500 services that use different terminology. data which were previously held in other types of data stores are sometimes moved to LDAP directories. Most parts of LDAP are extensible. to request sorted search results. even though LDAP does not readily lend itself to this.wikipedia. there is software to access SQL databases through LDAP. databases. a naming structure for LDAP entries is needed so one can find a server holding a given DN. or just be a gateway to some other server. For example. other examples are due to its historical origins. Users' passwords may be stored in their entries or elsewhere.dc=org. X. If the LDAP server is also named ldap. its top level LDAP entry will typically have the DN dc=example. For example.dc=org (where dc means domain component). but how closely this model is followed varies.example. The implementation then recasts the data to mimic the LDAP/X. Similarly. Terminology The LDAP terminology one can encounter is rather cumbersome. Some of this is due to misunderstandings. If an organization has domain name example. Examples: One can define new operations. e. servers' top level names often mimic DNS names. the entry names will typically reflect the organization's internal structure or needs rather than DNS names. For example. New search scopes and Bind methods can be defined.org.LDAP . An "LDAP directory" may be the data or also the http://en. The server may refuse to perform operations when it wishes. Usage Naming structure Since an LDAP server can return referrals to other servers for requests the server itself will not/can not serve. as they do in X. vendors have provided it as an access protocol to other services.Wikipedia. Controls may modify requests and responses.org. Accordingly. Unix user and group information can be stored in LDAP and accessed via PAM and NSS modules. LDAP is often used by other services for authentication.500.org/dc=example.org/wiki/LDAP 2/25/2011 . Other data models As LDAP has gained momentum. the free encyclopedia Page 8 of 12 Variations A lot of the server operation is left to the implementor or administrator to decide. other times to the protocol and the data. servers may be set up to support a wide variety of scenarios. For example. Since such a structure already exists in the Domain name system (DNS).500 model.example. "LDAP" is sometimes used to refer to the protocol. though there has been work on it and there are commonly used models.
iana.informit. LDAP System Administration (http://oreilly.aspx?isbn=020178792X) . Canonical.2004.690.500 References 1.txt) 4.Simple Authentication and Security Layer (SASL) ■ SASL mechanisms (http://www.org/assignments/sasl-mechanisms) registered at IANA ■ This article was originally based on material from the Free On-line Dictionary of Computing. ^ http://www.informit. or the contents of an attribute in a directory. ^ LDAP: Framework.ITU-T Rec. Practices.ietf. ISBN 1565924916. so both terms are being used for both variants.org/html/rfc4511#section-5. LDAP Directories Explained: An Introduction and Analysis (http://www. ^ http://tools.computer.3 5.521 3.Wikipedia. ^ http://tools.ITU-T Rec. X. or an attribute description (an attribute type with options).wikipedia. 1994 ■ RFC 4346 . ^ INTERNET-DRAFT LDAP Transactions draft-zeilenga-ldap-txn-15. http://en.500 to X. An "attribute" may be the attribute type.1 encoding rules: Basic. 1994 ■ Basic encoding rules (BER) .com/store/product.500 series .org/portal/web/csdl/doi/10.Specification of Basic Notation". O'Reilly Media. "Abstract Syntax Notation One (ASN. "Specification of ASN. which is licensed under the GFDL. ^ http://tools.aspx?isbn=020178792X.org/internet -drafts/draft-zeilenga-ldap-txn-15.1 ■ RFC 4422 .org/doc/admin24/backends. and Distinguished Encoding Rules". ■ Carter.1 7.org/wiki/LDAP 2/25/2011 .680.txt (http://www.html#SQL ■ ITU-T Rec.3 6. ISBN 020178792X. B (2003).ietf.ietf.com/catalog/9781565924918) .com/store/product.The TLS Protocol Version 1.1109/MIC. http://www. ^ The X.com/catalog/9781565924918.openldap. Addison-Wesley Professional. X. G (2003).org/html/rfc4511#section-4. X. and Trends (http://www2. An "anonymous" and an "unauthenticated" Bind are different Bind methods that both produce anonymous authentication state.1) . http://oreilly.44) 2. Further reading ■ Arkills.rfc-editor.LDAP . the free encyclopedia Page 9 of 12 access point.org/html/rfc4511#section-3. See also ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Federated Naming Service Global Directory Server Hesiod (name service) Hierarchical database model Directory service Key server (cryptographic) LDAP Application Program Interface LDAP Data Interchange Format (LDIF) List of LDAP software Simple Authentication and Security Layer (SASL) Transport Layer Security (TLS) X.
org/web/20080713040421/http://www. Run. Smith.LDAP: The Protocol (Obsoletes RFC 2251. R (2003).aspx?isbn=0672323168) . C (2002).informit. RFC 2256. The ABCs of LDAP: How to Install. LDAP schema design .LDAP . RFC 3771) ■ RFC 4511 .uk/papers/ldap-schema-design-feb-2005/index. Understanding LDAP. ■ Howes.LDAP: String Representation of Search Filters (Obsoletes RFC 2254) ■ RFC 4516 . M.com/articles/troubleshooting-ldap-ssl-connection-issuesbetween-microsoft-ilmmiis--novell-edirectory-873. ISBN 0849313465. A comprehensive Linux LDAP Configuration Guide RFCs LDAP is specified in a series of Request for Comments documents: ■ RFC 4510 . IMAP. RFC 3377.com (http://capitalhead.skills-1st.com/store/product.archive.aspx?isbn=0672323168.3 ■ Prasannatech.manning. Understanding and Deploying LDAP Directory Services (http://www. Last official documentation of OpenLDAP (2. http://www. RFC 2829. RFC 2798 & RFC 2377) http://en.co. J (1999). and LDAP.LDAP: Directory Information Models (Obsoletes RFC 2251. Updates RFC 2247.org/doc/admin24/) . light introductory tutorial for LDAP.wikipedia.LDAP: Authentication Methods and Security Mechanisms (Obsoletes RFC 2251. External links ■ Devshed. G (2003). LDAP Programming.uk (http://www. A simple. ■ Rhoton. Programmer's Guide to Internet Mail: SMTP. Addison-Wesley Professional. RFC 2830 & RFC 3771) ■ RFC 4512 . the free encyclopedia Page 10 of 12 ■ Donley.aspx) . RFC 2830. and Administer LDAP Services. Good.Wikipedia.LDAP: Uniform Resource Locator (Obsoletes RFC 2255) ■ RFC 4517 .org/wiki/LDAP 2/25/2011 . ISBN 1555582125.co.7. Troubleshooting LDAP SSL connection issues between Microsoft ILM/MIIS & Novell eDirectory 8. POP. ■ Skills-1st.LDAP: Internationalized String Preparation ■ RFC 4519 . RFC 2255.com/store/product.4) ■ Segetech. RFC 2256 & RFC 3674) ■ RFC 4513 .devshed. T.segetech. Manning Publications.LDAP: Technical Specification Road Map (Obsoletes: RFC 2251.html) .prasannatech. ■ Voglmaier.com (http://web. Auerbach Publications.openldap. Elsevier. ISBN 1930110405. RFC 2252. RFC 2253.LDAP: String Representation of Distinguished Names (Obsoletes RFC 2253) ■ RFC 4515 .com/donley/. Updates RFC 3698) ■ RFC 4518 .LDAP: Syntaxes and Matching Rules (Obsoletes RFC 2252 & RFC 2256.com/c/a/Administration/Understanding-LDAP-part-1/) .html) .LDAP: Schema for User Applications (Obsoletes RFC 2256.com (http://www. RFC 2254.html) . http://www. LDAP schema design ■ Capitalhead.com/donley/) . ISBN 0672323168. RFC 2252.com/ldapdesign. RFC 2829 & RFC 2830) ■ RFC 4514 . Management. and Integration (http://www.com/linux-ldap-configuration.com (http://oss.A Case Study Configuration ■  (http://www.manning.informit.
Considerations for Lightweight Directory Access Protocol (LDAP) Extensions The following is a partial list of RFCs specifying LDAPv3 extensions: ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ RFC 2247 .LDAP: X.LDAP Who am I? Operation RFC 4533 .LDAP Schema for UDDI RFC 4522 .LDAPv3: All Operational Attributes RFC 3687 .LDAPv3: Dynamic Directory Services Extensions RFC 2649 .LDAP Authorization Identity Controls RFC 3866 .LDAP Simple Paged Result Control RFC 2798 .LBURP RFC 4403 .LDAP: Requesting Attributes by Object Class RFC 4530 .LDAPv3: Extension for Transport Layer Security RFC 2849 .Using LDAP as a Network Information Service RFC 2589 . the free encyclopedia Page 11 of 12 The following RFCs detail LDAP-specific Best Current Practices: ■ RFC 4520 (also BCP 64) .LDAP Cancel Operation RFC 3928 .Configuration Profile Schema for LDAP-Based Agents RFC 5020 .LDAP Password Modify Extended Operation RFC 3296 .LDAP: Modify-Increment Extension RFC 4526 .LDAP Turn Operation RFC 4532 .Collective Attributes in LDAP RFC 3672 .LDAP: Read Entry Controls RFC 4528 .LDAP Client Update Protocol RFC 4370 .LDAP: Assertion Control RFC 4529 .LDAP: Additional Matching Rules RFC 3829 .LDAP: Absolute True and False Filters RFC 4527 .Lightweight Directory Access Protocol (replaced RFC 1487) http://en.LDAP: Binary Encoding Option RFC 4523 .Subentries in LDAP RFC 3673 .wikipedia.LDAP: entryUUID RFC 4531 .LDAP .LDAP: COSINE Schema (replaces RFC 1274) RFC 4525 .Storing Vendor Information in the LDAP root DSE RFC 3062 . RFC 4519 & RFC 4524) RFC 2830 .org/wiki/LDAP 2/25/2011 .LDAPv3 Operational Signatures RFC 2696 .Use of DNS domains in distinguished names (Updated by RFC 4519 & RFC 4524) RFC 2307 .LDAP Content Sync Operation RFC 4876 .Named Subordinate References in LDAP Directories RFC 3671 .LDAP entryDN Operational Attribute LDAPv2 was specified in the following RFCs: ■ RFC 1777 .LDAP Proxied Authorization Control RFC 4373 .The LDAP Data Interchange Format (LDIF) RFC 2891 .Server Side Sorting of Search Results RFC 3045 .509 Certificate Schema RFC 4524 .Language Tags and Ranges in LDAP RFC 3909 .Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) (replaced RFC 3383) ■ RFC 4521 (also BCP 118) .inetOrgPerson LDAP Object Class (Updated by RFC 3698.LDAP Component Matching Rules RFC 3698 .Wikipedia.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.