What Is Lightweight Directory Access Protocol (LDAP)?

Lightweight directory access protocol (LDAP) is an application protocol for accessing and managing an organisation’s widely used directory information. It is a vendor-neutral protocol that provides a means for accessing and modifying directory services over a network. LDAP builds upon a client-server model and operates over TCP/IP, making it suitable for distributed computing environments like the Internet.

LDAP is lightweight, efficient, and extensible, making it an ideal choice for directory services. A directory service is a centralised database that stores and organises information hierarchically. Such information is typically about users, systems, networks, and other resources. LDAP allows clients to search, read, and modify data in the directory service. Regardless of the specific implementation or underlying technology, it provides a standard way to interact with directory services.

At its core, LDAP defines a protocol for communication between LDAP clients and servers. The protocol uses a simple string-based format for querying and exchanging messages, eliminating the requirement of manually entering multiple queries for a specific task. LDAP messages travel over a network using the lightweight directory access protocol data units (PDUs).

LDAP operates on a directory information tree (DIT) structure, a hierarchical organisation of entries representing objects or resources in the directory. The organisation of entries in the DIT uses a naming scheme called the distinguished name (DN). The DN uniquely identifies each entry in the directory and specifies its position in the tree.

LDAP examples

Consider an organisation that uses LDAP to manage employee information. The directory contains entries for each employee, storing attributes such as name, email address, phone number, and department. 

Each entry in the directory has a unique DN that identifies its position in the tree. For example, the DN for Jane Smith would be ‘cn=Jane Smith, ou=Employees, ou=Marketing, o=Acme.’ The ‘cn’ stands for common name, ‘ou’ for organisational units, and ‘o’ for organisation.

LDAP clients can perform various operations on directory entries, such as searching, adding, modifying, or deleting. Let's consider a scenario where an LDAP client wants to search for employees in the marketing department whose names start with "J."

The LDAP server receives the search request, traverses the DIT starting from the base DN, and returns the matching entries. 

The client receives the search results and processes them according to its needs. It can extract the employee name from the returned entry and display it, perform further operations on the entry, or retrieve additional attributes.

Related terms

• Information technology (IT) infrastructure

• DHCP

• Transmission control protocol/internet protocol (TC/IP)

• CPU

Get started in information technology

The Lightweight Directory Access Protocol (LDAP) is an essential vendor-neutral application protocol with a hierarchical structure known as the directory information tree (DIT). The DIT provides organisation in a tree-like structure for efficient search and information retrieval, making it a powerful tool for managing and accessing directory information over a network. 

Continue learning about LDAP and other information technology concepts with the Google IT Support Professional Certificate on Coursera. This course requires no prior experience, offers a flexible schedule, and takes an estimated six months to complete. The topics covered include technical support fundamentals, operating systems, IT security, and more. Upon completion, gain a Professional Certificate to include in your CV or LinkedIn profile.