LDAP, Lightweight Directory Access Protocol

Protocol suite:	TCP/IP.
Type:	Application layer directory service access protocol.
Port:	389 (TCP).
URI:	ldap:.
MIME subtype:
SNMP MIBs:	iso.org.dod.internet.directory.pcelsSchema (1.3.6.1.1.9).
Working groups:	asid, Access, Searching and Indexing of Directories. Concluded February 1999. calsch, Calendaring and Scheduling. Concluded September 2004. ldapbis, LDAP (v3) Revision. ldapext, LDAP Extension. ldup, LDAP Duplication/Replication/Update Protocols.
Links:	LDAP Directory Systems Names. LDAP parameters. OpenLDAP.

LDAP was designed to provide access to the X.500 Directory without incurring the resource requirements of the Directory Access Protocol (DAP).

RFC 1777:

This protocol is specifically targeted at simple management applications and browser applications that provide simple read/write interactive access to the X.500 Directory, and is intended to be a complement to the DAP itself. Key aspects of LDAP are:

Protocol elements are carried directly over TCP or other transport, bypassing much of the session/presentation overhead.

Many protocol data elements are encoding as ordinary strings (e.g.,Distinguished Names).

A lightweight BER encoding is used to encode all protocol elements.

MAC header

IP header

TCP header

LDAP message

Protocol Mechanisms.

OID	Type	Description	References
1.2.826.0.1.3344810.2.3	control	Matched Values Control.	RFC 3876
1.2.840.113556.1.4.473	control	Sort Request.	RFC 2891
1.2.840.113556.1.4.474	control	Sort Response.	RFC 2891
1.3.6.1.1.7.1	control	LCUP Sync Request Control.	RFC 3928
1.3.6.1.1.7.2	control	LCUP Sync Update Control.	RFC 3928
1.3.6.1.1.7.3	control	LCUP Sync Done Control.	RFC 3928
1.3.6.1.1.8	extension	Cancel Operation.	RFC 3909
1.3.6.1.1.12	control	Assertion Control.	RFC 4528
1.3.6.1.1.13.1	control	LDAP Pre-read Control.	RFC 4527
1.3.6.1.1.13.2	control	LDAP Post-read Control.	RFC 4527
1.3.6.1.1.14	feature	Modify-Increment.	RFC 4525
1.3.6.1.4.1.1466.101.119.1	extension	Dynamic Refresh.	RFC 2589
1.3.6.1.4.1.1466.20037	extension	Start TLS.	RFC 2830, RFC 4511, RFC 4513
1.3.6.1.4.1.4203.1.5.1	feature	All Operational Attributes.	RFC 3673
1.3.6.1.4.1.4203.1.5.2	feature	OC AD Lists.	RFC 4529
1.3.6.1.4.1.4203.1.5.3	feature	True/False filters.	RFC 4526
1.3.6.1.4.1.4203.1.5.4	feature	Language Tag Options.	RFC 3866
1.3.6.1.4.1.4203.1.5.5	feature	Language Range Options.	RFC 3866
1.3.6.1.4.1.4203.1.9.1.1	control	LDAP Content Synchronization Control.	RFC 4533
1.3.6.1.4.1.4203.1.10.1	control	Subentries.	RFC 3672
1.3.6.1.4.1.4203.1.11.1	extension	Modify Password.	RFC 3062
1.3.6.1.4.1.4203.1.11.3	extension	Who am I?	RFC 4532
1.3.6.1.1.17.1	extension	StartLBURPRequest LDAP ExtendedRequest message.	RFC 4373
1.3.6.1.1.17.2	extension	StartLBURPResponse LDAP ExtendedResponse message.	RFC 4373
1.3.6.1.1.17.3	extension	EndLBURPRequest LDAP ExtendedRequest message.	RFC 4373
1.3.6.1.1.17.4	extension	EndLBURPResponse LDAP ExtendedResponse message.	RFC 4373
1.3.6.1.1.17.5	extension	LBURPUpdateRequest LDAP ExtendedRequest message.	RFC 4373
1.3.6.1.1.17.6	extension	LBURPUpdateResponse LDAP ExtendedResponse message.	RFC 4373
1.3.6.1.1.17.7	feature	LBURP Incremental Update style OID.	RFC 4373
1.3.6.1.1.19	extension	LDAP Turn Operation.	RFC 4531
2.16.840.1.113730.3.4.2	control	ManageDsaIT.	RFC 3296
2.16.840.1.113730.3.4.15	control	Authorization Identity Response Control.	RFC 3829
2.16.840.1.113730.3.4.16	control	Authorization Identity Request Control.	RFC 3829
2.16.840.1.113730.3.4.18	control	Proxy Authorization Control.	RFC 4370

Object Identifier Descriptors:

OID	Type	Name	References
	Attribute Type	add (reserved for LDIF.)	RFC 2849
0.9.2342.19200300.100.4.5	Object Class	account	RFC 4524
1.3.6.1.1.10.4.1	Attribute Type	uddiBusinessKey	RFC 4403
1.3.6.1.1.10.4.2	Attribute Type	uddiAuthorizedName	RFC 4403
1.3.6.1.1.10.4.3	Attribute Type	uddiOperator	RFC 4403
1.3.6.1.1.10.4.4	Attribute Type	uddiName	RFC 4403
1.3.6.1.1.10.4.5	Attribute Type	uddiDescription	RFC 4403
1.3.6.1.1.10.4.6	Attribute Type	uddiDiscoveryURLs	RFC 4403
1.3.6.1.1.10.4.7	Attribute Type	uddiUseType	RFC 4403
1.3.6.1.1.10.4.8	Attribute Type	uddiPersonName	RFC 4403
1.3.6.1.1.10.4.9	Attribute Type	uddiPhone	RFC 4403
1.3.6.1.1.10.4.10	Attribute Type	uddiEMail	RFC 4403
1.3.6.1.1.10.4.11	Attribute Type	uddiSortCode	RFC 4403
1.3.6.1.1.10.4.12	Attribute Type	uddiTModelKey	RFC 4403
1.3.6.1.1.10.4.13	Attribute Type	uddiAddressLine	RFC 4403
1.3.6.1.1.10.4.14	Attribute Type	uddiIdentifierBag	RFC 4403
1.3.6.1.1.10.4.15	Attribute Type	uddiCategoryBag	RFC 4403
1.3.6.1.1.10.4.16	Attribute Type	uddiKeyedReference	RFC 4403
1.3.6.1.1.10.4.17	Attribute Type	uddiServiceKey	RFC 4403
1.3.6.1.1.10.4.18	Attribute Type	uddiBindingKey	RFC 4403
1.3.6.1.1.10.4.19	Attribute Type	uddiAccessPoint	RFC 4403
1.3.6.1.1.10.4.20	Attribute Type	uddiHostingRedirector	RFC 4403
1.3.6.1.1.10.4.21	Attribute Type	uddiInstanceDescription	RFC 4403
1.3.6.1.1.10.4.22	Attribute Type	uddiInstanceParms	RFC 4403
1.3.6.1.1.10.4.23	Attribute Type	uddiOverviewDescription	RFC 4403
1.3.6.1.1.10.4.24	Attribute Type	uddiOverviewURL	RFC 4403
1.3.6.1.1.10.4.25	Attribute Type	uddiFromKey	RFC 4403
1.3.6.1.1.10.4.26	Attribute Type	uddiToKey	RFC 4403
1.3.6.1.1.10.4.27	Attribute Type	uddiUUID	RFC 4403
1.3.6.1.1.10.4.28	Attribute Type	uddiIsHidden	RFC 4403
1.3.6.1.1.10.4.29	Attribute Type	uddiIsProjection	RFC 4403
1.3.6.1.1.10.4.30	Attribute Type	uddiLang	RFC 4403
1.3.6.1.1.10.4.31	Attribute Type	uddiv3BusinessKey	RFC 4403
1.3.6.1.1.10.4.32	Attribute Type	uddiv3ServiceKey	RFC 4403
1.3.6.1.1.10.4.33	Attribute Type	uddiv3BindingKey	RFC 4403
1.3.6.1.1.10.4.34	Attribute Type	uddiv3TmodelKey	RFC 4403
1.3.6.1.1.10.4.35	Attribute Type	uddiv3DigitalSignature	RFC 4403
1.3.6.1.1.10.4.36	Attribute Type	uddiv3NodeId	RFC 4403
1.3.6.1.1.10.4.37	Attribute Type	uddiv3EntityModificationTime	RFC 4403
1.3.6.1.1.10.4.38	Attribute Type	uddiv3SubscriptionKey	RFC 4403
1.3.6.1.1.10.4.39	Attribute Type	uddiv3SubscriptionFilter	RFC 4403
1.3.6.1.1.10.4.40	Attribute Type	uddiv3NotificationInterval	RFC 4403
1.3.6.1.1.10.4.41	Attribute Type	uddiv3MaxEntities	RFC 4403
1.3.6.1.1.10.4.42	Attribute Type	uddiv3ExpiresAfter	RFC 4403
1.3.6.1.1.10.4.43	Attribute Type	uddiv3BriefResponse	RFC 4403
1.3.6.1.1.10.4.44	Attribute Type	uddiv3EntityKey	RFC 4403
1.3.6.1.1.10.4.45	Attribute Type	uddiv3EntityCreationTime	RFC 4403
1.3.6.1.1.10.4.46	Attribute Type	uddiv3EntityDeletionTime	RFC 4403
1.3.6.1.1.10.6.1	Object Class	uddiBusinessEntity	RFC 4403
1.3.6.1.1.10.6.2	Object Class	uddiContact	RFC 4403
1.3.6.1.1.10.6.3	Object Class	uddiAddress	RFC 4403
1.3.6.1.1.10.6.4	Object Class	uddiBusinessService	RFC 4403
1.3.6.1.1.10.6.5	Object Class	uddiBindingTemplate	RFC 4403
1.3.6.1.1.10.6.6	Object Class	uddiTModelInstanceInfo	RFC 4403
1.3.6.1.1.10.6.7	Object Class	uddiTModel	RFC 4403
1.3.6.1.1.10.6.8	Object Class	uddiPublisherAssertion	RFC 4403
1.3.6.1.1.10.6.9	Object Class	uddiv3Subscription	RFC 4403
1.3.6.1.1.10.6.10	Object Class	uddiv3EntityObituary	RFC 4403
1.3.6.1.1.10.15.1	Name Form	uddiBusinessEntityNameForm	RFC 4403
1.3.6.1.1.10.15.2	Name Form	uddiContactNameForm	RFC 4403
1.3.6.1.1.10.15.3	Name Form	uddiAddressNameForm	RFC 4403
1.3.6.1.1.10.15.4	Name Form	uddiBusinessServiceNameForm	RFC 4403
1.3.6.1.1.10.15.5	Name Form	uddiBindingTemplateNameForm	RFC 4403
1.3.6.1.1.10.15.6	Name Form	uddiTModelInstanceInfoNameForm	RFC 4403
1.3.6.1.1.10.15.7	Name Form	uddiTModelNameForm	RFC 4403
1.3.6.1.1.10.15.8	Name Form	uddiPublisherAssertionNameForm	RFC 4403
1.3.6.1.1.10.15.9	Name Form	uddiv3SubscriptionNameForm	RFC 4403
1.3.6.1.1.10.15.10	Name Form	uddiv3EntityObituaryNameForm	RFC 4403
1.3.6.1.1.11.1.1	Object Class	vPIMUser	RFC 4237
1.3.6.1.1.11.2.1	Attribute Type	vPIMTelephoneNumber	RFC 4237
1.3.6.1.1.11.2.2	Attribute Type	vPIMRfc822Mailbox	RFC 4237
1.3.6.1.1.11.2.3	Attribute Type	vPIMSpokenName	RFC 4237
1.3.6.1.1.11.2.4	Attribute Type	vPIMSupportedUABehaviors	RFC 4237
1.3.6.1.1.11.2.5	Attribute Type	vPIMSupportedAudioMediaTypes	RFC 4237
1.3.6.1.1.11.2.6	Attribute Type	vPIMSupportedMessageContext	RFC 4237
1.3.6.1.1.11.2.7	Attribute Type	vPIMTextName	RFC 4237
1.3.6.1.1.11.2.8	Attribute Type	vPIMExtendedAbsenceStatus	RFC 4237
1.3.6.1.1.11.2.9	Attribute Type	vPIMMaxMessageSize	RFC 4237
1.3.6.1.1.11.2.10	Attribute Type	vPIMSubMailboxes	RFC 4237
1.3.6.1.4.1.1466.101.120.1	Attribute Type	administratorsAddress
2.5.13.40	Matching Rule	algorithmIdentifierMatch	RFC 4523
2.5.18.5	Attribute Type	administrativeRole	RFC 3672
2.5.23.2	Administrative Role	accessControlSpecificArea	RFC 3672
2.5.23.3	Administrative Role	accessControlInnerArea	RFC 3672
2.5.23.4	Administrative Role	subschemaAdminSpecificArea	RFC 3672
2.5.23.5	Administrative Role	collectiveAttributeSpecificArea	RFC 3672

Glossary:

DIT, Directory Information Tree.

DN, Distinguished Name.

DSE, DSA-specific Entry.

DUA, Directory User Agent.

OID, Object identifier.

RDN, Relative distinguished name.

RFCs:

[RFC 1823] The LDAP Application Program Interface.

[RFC 1959] An LDAP URL Format.

[RFC 1960] A String Representation of LDAP Search Filters.

Obsoletes: RFC 1558.

[RFC 2164] Use of an X.500/LDAP directory to support MIXER address mapping.

Obsoletes: RFC 1838.

[RFC 2247] Using Domains in LDAP/X.500 Distinguished Names.

[RFC 2251] Lightweight Directory Access Protocol (v3).

Updated by: RFC 3771.

[RFC 2252] Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions.

[RFC 2253] Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names.

Obsoletes: RFC 1779.

[RFC 2254] The String Representation of LDAP Search Filters.

[RFC 2255] The LDAP URL Format.

Defines URI scheme ldap:.

[RFC 2256] A Summary of the X.500(96) User Schema for use with LDAPv3.

[RFC 2307] An Approach for Using LDAP as a Network Information Service.

[RFC 2587] Internet X.509 Public Key Infrastructure LDAPv2 Schema.

[RFC 2589] Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services.

Defines LDAP Protocol Mechanism 1.3.6.1.4.1.1466.101.119.1 (Dynamic Refresh).

[RFC 2649] An LDAP Control and Schema for Holding Operation Signatures.

[RFC 2657] LDAPv2 Client vs. the Index Mesh.

[RFC 2696] LDAP Control Extension for Simple Paged Results Manipulation.

[RFC 2713] Schema for Representing Java(tm) Objects in an LDAP Directory.

[RFC 2714] Schema for Representing CORBA Object References in an LDAP Directory.

[RFC 2739] Calendar Attributes for vCard and LDAP.

[RFC 2798] Definition of the inetOrgPerson LDAP Object Class.

Updated by: RFC 3698.

[RFC 2820] Access Control Requirements for LDAP.

[RFC 2829] Authentication Methods for LDAP.

[RFC 2830] Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security.

Defines LDAP Protocol Mechanism 1.3.6.1.4.1.1466.20037 ( Start TLS).

[RFC 2849] The LDAP Data Interchange Format (LDIF) - Technical Specification.

[RFC 2891] LDAP Control Extension for Server Side Sorting of Search Results.

Defines LDAP Protocol Mechanism 1.2.840.113556.1.4.473 (Sort Request) and 1.2.840.113556.1.4.474 (Sort Response).

[RFC 2926] Conversion of LDAP Schemas to and from SLP Templates.

[RFC 2927] MIME Directory Profile for LDAP Schema.

[RFC 3045] Storing Vendor Information in the LDAP root DSE.

[RFC 3062] LDAP Password Modify Extended Operation.

Defines LDAP Protocol Mechanism 1.3.6.1.4.1.4203.1.11.1 ( Modify Password).

[RFC 3088] OpenLDAP Root Service, An experimental LDAP referral service.

[RFC 3112] LDAP Authentication Password Schema.

[RFC 3296] Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories.

Defines LDAP Protocol Mechanism 2.16.840.1.113730.3.4.2 (ManageDsaIT).

[RFC 3377] Lightweight Directory Access Protocol (v3): Technical Specification.

[RFC 3383] Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP).

[RFC 3384] Lightweight Directory Access Protocol (version 3) Replication Requirements.

[RFC 3494] Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status.

Obsoletes: RFC 1484, RFC 1485, RFC 1487, RFC 1488, RFC 1777, RFC 1778, RFC 1779, RFC 1781, RFC 2559.

[RFC 3663] Domain Administrative Data in Lightweight Directory Access Protocol (LDAP).

[RFC 3671] Collective Attributes in the Lightweight Directory Access Protocol (LDAP).

[RFC 3672] Subentries in the Lightweight Directory Access Protocol (LDAP).

Defines LDAP Protocol Mechanism 1.3.6.1.4.1.4203.1.10.1 (Subentries).

[RFC 3673] Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes.

Defines LDAP Protocol Mechanism 1.3.6.1.4.1.4203.1.5.1 (All Operational Attributes).

[RFC 3674] Feature Discovery in Lightweight Directory Access Protocol (LDAP).

[RFC 3687] Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules.

[RFC 3698] Lightweight Directory Access Protocol (LDAP): Additional Matching Rules.

Updates: RFC 2798.

[RFC 3703] Policy Core Lightweight Directory Access Protocol (LDAP) Schema.

Updated by: RFC 4104.
Defines SNMP MIB iso.org.dod.internet.directory.pcimSchema (1.3.6.1.1.6).

[RFC 3712] Lightweight Directory Access Protocol (LDAP): Schema for Printer Services.

[RFC 3727] ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules.

[RFC 3771] The Lightweight Directory Access Protocol (LDAP) Intermediate Response Message.

Updates: RFC 2251.

[RFC 3829] Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls.

Defines LDAP Protocol Mechanism 2.16.840.1.113730.3.4.15 (Authorization Identity Response Control) and 2.16.840.1.113730.3.4.16 (Authorization Identity Request Control).

[RFC 3866] Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP).

Category: Standards Track
Defines LDAP Protocol Mechanism 1.3.6.1.4.1.4203.1.5.4 (Language Tag Options) and 1.3.6.1.4.1.4203.1.5.5 (Language Range Options).
Obsoletes:
RFC 2596.

[RFC 3876] Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3).

Category: Standards Track.
Defines LDAP Protocol Mechanism 1.2.826.0.1.3344810.2.3 (Matched Values Control).

[RFC 3909] Lightweight Directory Access Protocol (LDAP) Cancel Operation.

Category: Standards Track.
Defines LDAP Protocol Mechanism 1.3.6.1.1.8 (Cancel Operation).

[RFC 3928] Lightweight Directory Access Protocol (LDAP) Client Update Protocol (LCUP).

Category: Standards Track.
Defines LDAP Protocol Mechanism 1.3.6.1.1.7.1 (LCUP Sync Request Control).
Defines LDAP Protocol Mechanism 1.3.6.1.1.7.2 (LCUP Sync Update Control).
Defines LDAP Protocol Mechanism 1.3.6.1.1.7.3 (LCUP Sync Done Control).
Defines LDAP result codes 113 to 117.

[RFC 3944] H.350 Directory Services.

Category: Informational.

[RFC 4104] Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS).

Category: Standards Track.
Defines SNMP MIB iso.org.dod.internet.directory.pcelsSchema (1.3.6.1.1.9).
Updates:
RFC 3703.

[RFC 4237] Voice Messaging Directory Service.

Category: Standards Track.

[RFC 4370] Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control.

Category: Informational.
Defines LDAP Protocol Mechanism 2.16.840.1.113730.3.4.18 (Proxy Authorization Control).

[RFC 4373] Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP).

Category: Informational.
Defines LDAP Protocol Mechanisms 1.3.6.1.1.17.1 through 1.3.6.1.1.17.7.

[RFC 4403] Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3).

Category: Informational.

Publications:

[ISBN 1578700000] LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol.

[ISBN 1578700701] Understanding And Deploying LDAP Directory Services.

Obsolete RFCs:

[RFC 1487] X.500 Lightweight Directory Access Protocol.

Obsoleted by: RFC 1777, RFC 3494.

[RFC 1488] The X.500 String Representation of Standard Attribute Syntaxes.

Obsoleted by: RFC 1778.

[RFC 1558] A String Representation of LDAP Search Filters.

Obsoleted by: RFC 1960.

[RFC 1777] Lightweight Directory Access Protocol.

Obsoleted by: RFC 3494.
Obsoletes: RFC 1487.

[RFC 1778] The String Representation of Standard Attribute Syntaxes.

Obsoleted by: RFC 3494.
Updated by: RFC 2559.
Obsoletes: RFC 1488.

[RFC 1779] A String Representation of Distinguished Names.

Obsoleted by: RFC 2253, RFC 3494.
Obsoletes: RFC 1485.

[RFC 1838] Use of the X.500 Directory to support mapping between X.400 and RFC 822 Addresses.

Obsoleted by: RFC 2164.

[RFC 2559] Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2.

Obsoleted by: RFC 3494.
Updates: RFC 1778.

[RFC 2596] Use of Language Codes in LDAP.

Obsoleted by: RFC 3866.
Describes how language codes are carried in LDAP and are to be interpreted by LDAP servers.