Lightweight Directory Access Protocol (LDAP)

To understand Lightweight Directory Access Protocol (LDAP) you must first understand directory services. This article defines directory services and how LDAP structures the entries in a directory service. Pay attention to the basic LDAP components such as attributes, entries, and data information trees (DITs). How does LDAP organize data, and what is LDAP inheritance? Note that there are some variations in LDAP protocols.

Basic LDAP Data Components

Entries

Attributes by themselves are not very useful. To have meaning, they must be associated with something. Within LDAP, you use attributes within an entry. An entry is basically a collection of attributes under a name used to describe something.

For instance, you can have an entry for a user in your system or for each item in an inventory. This is roughly analogous to a row in a relational database system or to a single page within an address book (the attributes here would represent the various fields in each of these models). While an attribute defines a quality or characteristic of something, an entry describes the item itself by simply collecting these attributes under a name.

An example entry as displayed in the LDIF (LDAP Data Interchange Format) would look something like this:

dn: sn=Ellingwood,ou=people,dc=digitalocean,dc=com
objectclass: person
sn: Ellingwood
cn: Justin Ellingwood

The above example could be a valid entry within an LDAP system.