LDAP Overview

The Lightweight Directory Access Protocol (LDAP) is a standard that enables clients to query and update data in directory services.

An LDAP directory includes a series of entries. An entry is a collection of attributes, plus a Distinguished Name that uniquely identifies the entry.

In the following example, the first line specifies the DN. The succeeding lines specify the attributes.

dn: cn=all, ou=Roles, dc=company, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: all
ou: Roles

The components of a DN are ordered hierarchically from most specific to least specific. Thus, the last component in the DN identifies the root entry of the directory.

Each attribute contains a type and one or more values. For example, the attribute ou: Roles has a type of ou (organizational unit) and a value of Roles. An object class is an attribute that specifies the required and optional attributes for an entry. You can find definitions of many object classes in RFC 2256.

The preceding example is represented in the LDAP Data Interchange Format (LDIF). The entry could also be represented graphically.

When searching an LDAP directory, you use a search filter to specify the search criteria. You can use an asterisk as a wildcard character. For example:

(cn=John S*)