1.2 - LDAP in a few words

LDAP is not a new technlology. It has been around since the 90’s to mitigate complexities inherent in X.500 usage. Its name refers to Lightweight Directory Access Protocol. Soon after the first standard was issued, the first full LDAP server was created and X.500 became obsolete.

We’ll use the term LDAP to represent the protocol and LDAP server to represent the server that implements it.


The LDAP protocol provides access to entries stored in a LDAP Server’s database. It provides the mechanism for fast searching and retrieval of entries. Its data structures are hierarchical, and uses a schema to manage the definition of data formats allowed across those entries.

An LDAP client must first connect to a server and disconnect when finished. Some operations may be performed on the data itself, e.g. searches, modifications and deletions, along with a few others.

LDAP servers are extensible, but they all use a common protocol providing access to the data in a way that isn’t tied to a particular vendor’s implementation.


LDAP servers are fast for retrievals, having been designed specifically for this purpose. But modifications can be costly. These characteristics must be understood when writing applications that use an LDAP server for data storage.

Each entry is associated with a location within its corresponding Directory Information Tree, and we use what is known as a Distinguished Name (or Dn) to describe this address. The base entry is known as the suffix. The suffix along with all entries beneath it are collectively known as the DIT.


LDAP is a part of the IT landscape and so it’s necessary to learn how to deal with it. LDAP servers are used to manage authentications, authorizations, demographic information about users and more. It’s very likely that you will have to write some code to access data with LDAP at some point, and existing APIs aren’t quite up to the task. This LDAP API has been designed to simplify usage and ensure proper interaction with the server.

Going further

This was a short introduction, there’s more literature about LDAP on the web : Wikipedia provides a good starting point.