What is Ldap?
Ldap (Lightweight Directory Access Protocol) is a way of communicating with a directory. Originally intended as a lightweight replacement for X500 it has grown organically to be just as comprehensive. It is defined in a number of rfcs (indexed at RFC 4510), but in essence it is simply a way of working with a directory to:
- Connect to a directory (with varying levels of security)
- Read the entries in a directory
- Write entries in a directory
- Search a directory
- Rename entries in a directory
- Delete entries in a directory
The rest is simply details :-)...
So What is a Directory?
A directory is a type of hierarchical database. It is made up of entries, that have a globally unique name, and contain attributes that are named collections of data values. A simple conceptual example:
A country { relative name 'c=au' , description = 'Australia' }
|
|
---- A company { relative name = 'o=computer associates', web address = 'www.ca.com' }
|
|
----- A person { relative name = 'cn=Chris', favorite drink = 'japanese slipper' }
|
----- A person { relative name = 'cn=Trudi', favorite drink = 'beer' }
|
----- A person { relative name = 'cn=Jay', favorite drink = 'mineral water' }
This shows a simple directory with five entries. Each entry has a unique name relative to its parent called its 'relative distinguished name' or RDN. The combination of all its ancestors RDNs is called the 'distinguished name' - hence the distinguished name of the last entry above would be "c=au, o=computer associates, cn=Jay".
What are the benefits of directories?
Amongst other features, directories are optimised for fast look up, they have a strong security model and they scale well. Because they are a tree structure, different parts of the tree can be maintained by different directories and different administrators. The tree data structure also fits some cases much better than a relational database. (BTW - If you're familiar with relational databases, ldap is conceptually similar to SQL.)
What is it all used for?
Directories are often used for storing large amounts of user information for security authentication engines. Large ISPs, banks etc. use these to check users accessing web sites and so on. However they can be used for many other applications, such as persistant storage of java objects, classification trees, arbitrary heirarchical data etc.
More Information?
See the Ldap links page for ldap specific links, or type 'ldap directory' or 'X500 directory' into your favourite search engine. There is a good open source directory available at openldap.org, or (gratuitous plug) the directory group at Computer Associates that JXplorer came out of build a heavy duty commercial directory called eTrust Directory.
Links regarding the use of java and directories can be found on the java links page.