switch theme

Functional LDAP knowledge

Written on : 2023-10-19

Est. Reading time:

LDAP - Lightweight Directory Access Protocol

LDAP is simply another protocol, this protocol doesnt care about how data is stored in the background. All it wants is for the protocol to be mapped to existing persistance system.

This makes this protocol powerfull. A lot of legacy systems implement this as they sole way of authentication and user retrieval system.

Note : Information in this blog maybe conflicting, and this is by design. I think that's what makes this a functional guide. This guide even with it's wrong assumptions make it possible to get started with ldap quickly.

Points that helped me understand ldap terms :

  • Each user profile or record can be considered an object.
  • Each record has a unique identifier, this is what DN - Distinguished names are.
  • A rootDN identifies the server/tree. A given server can serve many trees of data.
  • A rootDN along with a bunch of RDN (0 or more) make up a typical DN.

So so far : rootDN point to the subtree to search in and RDN's on top of that point to the record.

the DN “uid=john.doe,ou=People,dc=example,dc=com” has four RDNs, with the parent DN being “ou=People,dc=example,dc=com”.
uid is an RDN. A tree wihtout ou=People may not exist