Exploring LDAP — Part I (Basics)

For years now, every time anyone put together a list of hot system administration topics, LDAP was sure to be near the top. This is the first article in a three-part series about LDAP and, specifically, OpenLDAP on Linux systems. In this first part, we will explore some basic LDAP concepts and show a few example queries and configuration options. In the second part, we’ll look at how to integrate LDAP into normal system functions like user authentication. In part three, we will close the series by considering some advanced LDAP topics, including authentication, security, and data replication among multiple servers.

Tuesday, January 15th, 2002

Share This:

About LDAP and OpenLDAP

As its name implies, LDAP (which stands for Lightweight Directory Access Protocol) is a protocol for accessing a directory, which is a database that’s been optimized for frequent reading and fast searching.

The best real-life analogy for a directory service is the phone company’s directory assistance. It’s a mechanism for customers to quickly find information they need by delegating the search to someone faster and more knowledgeable. Traditionally, human operators provided the (hopefully friendly) interface between the user (customer) and the database (the list of phone numbers). A computer-based directory service provides similar functionality.

Compared to a database made for transaction processing, an LDAP directory service differs in that: