In 1987 the Comité Consultatif International Téléphonique
et Télégraphique (CCITT) X.500 recommendation on directory
services was adopted. The CCITT later became the International Telecommunications
Union (ITU). This recommendation included a specification for a Directory
Access Protocol (DAP) that defined a protocol used to control communication
between a user and the directory. This DAP was based on the Open Systems
Interconnect (OSI) protocol stack.
The X.500 recommendation
set the stage for several successful commercial implementations of
directory services. (One early implementation of particular note was
the Novell Directory Services (NDS) first introduced in NetWare Version
4.0.) However, one of the obstacles to broader acceptance of the X.500
standard was the reliance of the DAP on the OSI protocol stack. The
OSI stack has yet to gain widespread acceptance by the industry, in
part because of its complexity.
To address this issue,
the University of Michigan, with support from the Internet Engineering
Task Force (IETF), developed a simpler DAP called the Lightweight
Directory Access Protocol (LDAP). LDAP was developed to provide access
to a directory server without the overhead of the OSI protocol stack.
LDAP is based on TCP/IP and is therefore applicable for use on Local
Area Networks (LANs), Wireless Area Networks (WANs), as well as over
the Internet.
LDAP is an open, vendor-neutral
standard that enables you to work with any LDAP-compliant server.
LDAP specifies only the interface protocol to the directory and does
not specify how the actual directory is implemented. For example,
the Microsoft Active Directory in Windows 2000 is implemented quite
differently than the iPlanet Directory Server (previously known as
the Netscape Directory Server). However, because they both support
an LDAP interface, you can use the same applications to work with
them.
LDAP is supported in
most network operating systems and collaborative applications. LDAP
support has also been implemented in most network-oriented middleware
products.
Specific platform support
for LDAP access is broad. Client bindings are available for various
platforms in C/C++ from the OpenLDAP and Mozilla organizations as
well as commercial vendors. PERL support is available from Mozilla,
and Java support is provided through Sun Microsystems JNDI facility.
Support for Windows is provided through the Active Directory Services
Interface (ADSI) and third-party ActiveX controls.
Draft specifications
have been developed to extend LDAP by adding a standard access control
model, dynamic directories, server-side sorting of search results,
LDAP server discovery, and other extensions.