Lightweight Directory Access Protocol (LDAP)

What is LDAP?

The Lightweight Directory Access Protocol, often referred to as LDAP, is an open source application protocol that is used for accessing directory information services over a network. It is considered an industry standard tool. LDAP can be used to look up things such as users’ contact information or encryption certificates. It can point to printers and other services on either the public Internet or on a local network. It even allows for a single login service across a variety of services. LDAP is common for most informational directories, where speedy searches and small updates are the norm.

LDAP-aware programs can ask their servers to search for a huge variety of information, and the parameters of the search can be greatly customized. These servers index all of the data in the entries, after which filters can be used to sift out irrelevant data, returning just the information you’re looking for.

If you have an email program such as Apple Mail or Microsoft Outlook (as opposed to a web-based client like Gmail or Yahoo), it most likely supports LDAP. Often, LDAP is used to provide a central location to store account information like passwords and usernames. This allows many different applications and services to connect to the LDAP server to validate users.

LDAP Hierarchy

An LDAP directory is organized by a basic hierarchy consisting of the following levels:

  • The root directory
  • Countries
  • Organizations
  • Organizational Units (Divisions, Departments, Sectors, etc.)
  • Individuals (Files, People, Printers, other shared Hardware)

LDAP Terminology and Functions

A single LDAP server is called a Directory System Agent. An LDAP server that receives a request from someone using the system receives the initial request, but it can pass that request along to alternative DSAs if it’s necessary.

However, this occurs behind the scenes, as the user who initiated the request will receive a single coordinated response from the initial DSA. LDAP directories can be distributed among any number of servers within a network. Each of these servers can have a mirrored version of the main directory, and LDAP allows for the copied servers to sync with the main server periodically.

LDAP has a number of functions that allow users to define data within the directory. One of these is Permissions. Set up by a server admin, permissions allow certain defined groups of people access to parts of the database. Permissions also allow some data to be kept hidden from users who do not have the proper privileges.

The other common function of LDAP is the Schema. This is a way to describe both the format and attributes of data within the directory. This, when joined with filtered searches, allows for a structured hierarchy and organization of information.

Why LDAP is Important

All major directory services are fundamental in elevating local and world wide network applications. LDAP allows large organized bodies of information to be shared throughout networks. These directory services can provide any organized set of records, often with a hierarchical structure, such as a corporate email directory, a telephone directory, a list prospective clients, the options are limitless. It is for this reason that LDAP is so essential to shared networks. That is why LDAP continues to be a industry standard protocol for communicating and sharing directory-like data between programs and people.

Learn More About LDAP

Further Reading:

How Barracuda Can Help:

The Barracuda Email Security Gateway is able to perform LDAP and Active Directory recipient verification on all incoming e-mail. This means a Email Security Gateway is able to block all e-mails addressed to users that don't exist, in addition to providing award-winning email protection from advanced threats.

Do you have more questions about LDAP? Contact us now.