By: Gary Sims
The Lightweight Directory Access Protocol (LDAP) is a network protocol used to access a special purpose database (called a directory) that stores information about people, organizations, and computers. What can LDAP do for your business and your network?
LDAP was developed as an easier version of the Directory Access Protocol that is part of the X.500 directory standard. It is the network language spoken between a piece of client software (such as an email client) and a directory. A directory is a type of database that stores information about your enterprise in a hierarchical form. Each entry in the directory is referenced using what is called a “distinguished name,” which consists of the name of the entry itself as well as the names, from bottom to top, of the entries above it in the directory.
How does this work in practice? Suppose you wanted to write an email to Wile E. Coyote, a colleague in your organization, Acme Products. Rather than needing to know his email address or already have him in your personal address book, your email client can look up Mr. Coyote in the directory (using LDAP) and get his email address. It will discover his distinguished name to be “CN=Wile E. Coyote, O=Acme, C=US”. Here CN means Common Name, O means Organization, and C stands for Country; all may be in upper or lower case.