LDAP
The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral, request-response protocol used to maintain distributed directory info. Active Directory (AD), for example, is the proprietary directory service provided by Microsoft. LDAP allows servers to communicate with Active Directory using queries to find, view, or edit information.
Distributed Directories, directory information services, or just Directories are network databases that store information in data trees. Each record in the tree includes (among other, less critical components) a Distinguished Name most often seen as DN
, a collection of attributes, and a collection of object classes.
Distinguished Name Codes
CN commonName Common Name
L localityName Locality Name
ST stateOrProvinceName State Or Province Name
O organizationName Organization Name
OU organizationalUnitName Organizational Unit Name
C countryName Country Name
STREET streetAddress Street Address
DC domainComponent Domain Component
UID userid User ID
DN Example
CN=dwatts,OU=users,OU=RAL,OU=Divisions,DC=cit,DC=ucar,DC=edu
From inside the edu
Domain Component find the ucar
Domain Component, and then inside it, find the cit
Domain Component.
In the cit
Domain Component find the Organizational Unit called Divisions
, then from inside it find the Organizational Unit called RAL
, then from inside that find the Organizational Unit called users
Then, from within the users
Organizational Unit find the the object that has a common name of dwatts
.