What is LDAP and why is it required for an organization?


This article presents a small introduction to LDAP – Lightweight Directory Access Protocol – explaining what it is and why you need to implement LDAP directory in an enterprise/organization. It also elucidates the advantages of LDAP implementation for an organization.

LDAP is Lightweight Directory Access Protocol. It is actually a network protocol that is used to access a special purpose database (for an organization, in our case) called a directory that stores information about people, organization and computers/devices.  LDAP is an IETF standard track protocol and is specified in the LDAP technical specification roadmap RFC4510.

Without a common directory, it would be very difficult to manage the various applications, as most of them require all the users to register with it. Now, imagine an organization of 5000 users – for each application, you may need to prepare a separate directory as most of the applications would require all the users to be registered with it, so that it can determine the service levels/ access control/ QOS etc. for example. Now imagine that all these users are spread across various countries. Then, these separate databases need to be replicated across the geographies too. To, simplify all this, it is better to have a common directory and access their attributes from various applications like Wi-Fi, PBX, Email etc.

LDAP is a directory that stores information about your organization in a hirarchial form – Tree like structure with the country name or domain name at the top of the tree and people, printers, etc. at the bottom of the tree, for example. Each entry in the directory is referenced using a special attribute called “distinguished name” which is unique to each entity. LDAP can hold information like name, email address, common name, country name, organization name, MAC address, IP address, domain names etc. Since there is a hirarchial structure, the directory can be highly distributed – different parts of the directory can be in different locations and on different servers, but still they act like a single directory. And these directories are tuned to give quick response to high volume look-up or search operations.

LDAP is based on a client-server model. The system consists of one or more LDAP servers and multiple clients connecting to the LDAP server to perform queries and retrieve results. The LDAP clients are built in to applications.

You can use the LDAP for querying/look-up – Suppose you want to send an email to a person called Chris in your organization, but you know only his name. So, the email client queries the LDAP server with the common name c=chris and gives you the email address that matches this particular common name.

An LDAP directory is also well suited for a single sign on mechanism. In a mixed Linux/Windows/Mac environment, for example, a Samba server can be configured as a primary domain controller and on the back-end there could be a LDAP based authentication.

Many commercial products/applications are already LDAP enabled. Some examples open source of LDAP servers are OpenLDAP, Redhat directory etc.

excITingIP.com

You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box mentioned as “Get email updates when new articles are published”