1.1. What's LDAP ?
LDAP stands for Lightweight Directory Access Protocol. As the name suggests,
it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory
services. LDAP runs over TCP/IP or other connection oriented transfer services.
LDAP is defined in RFC2251 "The Lightweight Directory Access Protocol (v3).
A directory is similar to a database, but tends to contain more descriptive,
attribute-based information. The information in a directory is generally read
much more often than it is written. Directories are tuned to give quick-response to
high-volume lookup or search operations. They may have the ability to replicate
information widely in order to increase availability and reliability, while reducing
response time. When directory information is replicated, temporary inconsistencies
between the replicas may be OK, as long as they get in sync eventually.
There are many different ways to provide a directory service. Different methods
allow different kinds of information to be stored in the directory, place
different requirements on how that information can be referenced, queried and
updated, how it is protected from unauthorized access, etc. Some directory
services are local, providing service to a restricted context (e.g., the finger
service on a single machine). Other services are global, providing service to
a much broader context.