A directory service is a software system that stores, organizes and provides access to information in a computer operating system’s directory. It helps us to detect names and their corresponding values very much like a dictionary. A directory is similar to a database, which links the names of network resources to their respective network addresses.
There are diverse ways to provide a directory service. Various mechanisms support different types of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, security measures to protect it against unauthorized access etc. Some directory services are local; others are global providing distributed service spread across many machines.
LDAP (Lightweight Directory Access Protocol), as the name itself implies, is a lightweight industry standard application protocol for accessing and maintaining information in X.500 directory services. LDAP is a compendium of four models models that fully describe how it operates, what data can be stored in LDAP directories, and what can be done with that data:
- An information model that describes what you can put in the directory.
- A naming model that describes how you arrange and refer to directory data.
- A functional model that describes what you can do with directory data.
- A security model that describes how directory data can be protected from unauthorized access.
LDAP is a message-oriented protocol. The client constructs an LDAP message which consists of a request and sends it to the server. The server processes the request and sends the result(s) back to the client as a series of one or more LDAP messages.
LDAP has nine basic protocol operations, which can be divided into three categories:
- Interrogation operations – search & compare: These two operations allow you to ask questions of the directory.
- Update operations: add, delete, modify, and rename DN (Distinguished Name): These operations allow you to update information in the directory.
- Authentication and control operations: bind, unbind, abandon: The bind operation allows a client to identify itself to the directory by providing an identity and authentication credentials; the unbind operation allows the client to terminate a session; and the abandon operation allows a client to indicate that it is no longer interested in the results of an operation it had previously submitted.