The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. In a network, a directory tells you where in the network something is located. On TCP/IPnetworks (including the Internet), the domain name system (DNS) is the directory system used to relate the domain name to a specific network address (a unique location on the network). LDAP allows you to search a user on somewhere without knowing where it is located. Thanks to that, you do not have to manage your users or groups from different servers. It provides a centralized user management mechanism.

Directory structure

  • An entry consists of a set of attributes.
  • An attribute has a name (an attribute typeor attribute description) and one or more values. The attributes are defined in a schema (see below).
  • Each entry has a unique identifier: its Distinguished Name(DN). This consists of its Relative Distinguished Name (RDN), constructed from some attribute(s) in the entry, followed by the parent entry’s DN. Think of the DN as the full file path and the RDN as its relative filename in its parent folder (e.g. if /foo/bar/myfile.txt were the DN, then txt would be the RDN).

A DN may change over the lifetime of the entry, for instance, when entries are moved within a tree. To reliably and unambiguously identify entries, a UUID might be provided in the set of the entry’s operational attributes.

You can find openldap server and client installation demo under “tutorials” tab.

An example from LDIF format:

dn: cn=Johnny,dc=example,dc=com

cn: Johnny Walker

givenName: Johnny

sn: Walker

telephoneNumber: +1 888 987 3523

telephoneNumber: +1 777 435 4543

mail: johnny@example.com

manager: cn=Jack Daniel,dc=example,dc=com

objectClass: inetOrgPerson

objectClass: organizationalPerson

objectClass: person

objectClass: top