LDAP (Lightweight Directory Access Protocol)

Contributor(s): Stephen Briggs and Steve Spence

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. LDAP is lighter because in its initial version it did not include security features. LDAP originated at the University of Michigan and has been endorsed by at least 40 companies. Netscape includes it in its latest Communicator suite of products. Microsoft includes it as part of what it calls Active Directory in a number of products including Outlook Express. Novell's NetWare Directory Services interoperates with LDAP. Cisco also supports it in its networking products.

In a network, a directory tells you where in the network something is located. On TCP/IP networks (including the Internet), the domain name system (DNS) is the directory system used to relate the domain name to a specific network address (a unique location on the network). However, you may not know the domain name. LDAP allows you to search for an individual without knowing where they're located (although additional information will help with the search).

An LDAP directory is organized in a simple "tree" hierarchy consisting of the following levels:

  • The root directory (the starting place or the source of the tree), which branches out to
  • Countries, each of which branches out to
  • Organizations, which branch out to
  • Organizational units (divisions, departments, and so forth), which branches out to (includes an entry for)
  • Individuals (which includes people, files, and shared resources such as printers)

An LDAP directory can be distributed among many servers. Each server can have a replicated version of the total directory that is synchronized periodically. An LDAP server is called a Directory System Agent (DSA). An LDAP server that receives a request from a user takes responsibility for the request, passing it to other DSAs as necessary, but ensuring a single coordinated response for the user.

This was last updated in November 2008

Continue Reading About LDAP (Lightweight Directory Access Protocol)

Dig Deeper on Mobile data, back-end services and infrastructure

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.


This post is really good. I want to use LDAP authentication on my new project as per our client RFQ. Could you please help me to understand following things?
1) While starting a project (PHP), what are the prerequisites to use LDAP
2) Is it compatible in all server versions like Apache, Nginx etc
3) On every documentation I have seen that we can access data (usernames/passwords) for login from LDAP directory. So firstly how this data is inserted into this directory?
4) On login form how to write code to access LDAP data /


File Extensions and File Formats

Powered by: