What is LDAP?
We often hear people talking about LDAP or "the directory" when we talk about identity security. But what is it exactly? Well there are really two parts to this discussion really. The first is the technical definition of LDAP itself. Like so many things in IT, the term LDAP has been muddied by common, and incorrect, usage of the term. The second is what people are actually talking about when they say LDAP. Let's cover both of these parts separately.
The directory, what is it?
We will talk about the second topic first. When people talk about LDAP what they are typically actually referring to is a directory. However, LDAP is not the directory. We will get to that in a minute. A directory is a specialized database designed to hold identity information. This identity information could be about a person, the groups the person is in, or it could also be about a printer, router, telephone, or any other object you want to define and interact with. The most typical use is for describing people though. The directory will hold the obvious information about a person, their name, address, login name, etc. But it can also hold other information that describes the person. Who is their boss? What department do they work for? What is their employee number? We will talk more about these things later. The important thing is to remember that a directory holds information on people and objects. This information is then available for use by programs to direct how the program works when the user uses it.
When you log into a computer, a website, a database, and you give your username and password, the program will contact the directory to validate that the information is correct. If the program needs to know what department you work in then it will pull the information from the directory. So the directory is a common source of information on users for all the various applications to reference. You can also directly query the directory with programs to find out information about yourself and others.
When you log into a computer, a website, a database, and you give your username and password, the program will contact the directory to validate that the information is correct. If the program needs to know what department you work in then it will pull the information from the directory. So the directory is a common source of information on users for all the various applications to reference. You can also directly query the directory with programs to find out information about yourself and others.
What is this LDAP if it is not the directory?
Ah, now we get to the crux of the confusion about LDAP. Technically the file on old mainframe and Unix computers that held a users name and login information was a directory. But it was small, and very limited. The first real directories as we know them today did not show up until the early 1990s. The very first large scale commercially used directory was probably the Novell Directory Services directory, or NDS. It was used with NetWare 4 in an epic change of the Novell server products. It followed the X.500 standard for directories. It was hierarchical, and extensible. But you had to write complex C programs using a specialized API to access the information, or by other X.500 directory access protocols that were not easy to use. Other directories came out shortly after NDS. They also suffered from the same issue of being hard to get to. Some computer scientists, from University of Michigan came up with what they called the Lightweight Directory Access Protocol. This was a simple language to query X.500 compliant directories. LDAP is to directories what SQL is to databases (sort of). It is technically nothing more than a language, or communication protocol, to interact with a directory. Now days most directories (but not all) are X.500 compliant, and are accessible using LDAP tools. So when we talk about LDAP directories we are technically talking about LDAP compliant directories. This is a high level overview of LDAP directories, but it will work for us here.
Home |
About |
Services |
Copyright © 2016