Lightweight Directory Access Protocol (LDAP)

To understand Lightweight Directory Access Protocol (LDAP) you must first understand directory services. This article defines directory services and how LDAP structures the entries in a directory service. Pay attention to the basic LDAP components such as attributes, entries, and data information trees (DITs). How does LDAP organize data, and what is LDAP inheritance? Note that there are some variations in LDAP protocols.

LDAP Protocol Variations

We mentioned at the beginning that LDAP is actually just the protocol that defines the communication interface for working with directory services. This is generally just known as the LDAP or ldap protocol.

It is worth mentioning that you might see some variants on the regular format:

ldap://: This is the basic LDAP protocol that allows for structured access to a directory service.
ldaps://: This variant is used to indicate LDAP over SSL/TLS. Normal LDAP traffic is not encrypted, although most LDAP implementations support this. This method of encrypting LDAP connections is actually deprecated and the use of STARTTLS encryption is recommended instead. If you are operating LDAP over an insecure network, encryption is strongly recommended.
ldapi://: This is used to indicate LDAP over an IPC. This is often used to connect securely with a local LDAP system for administrative purposes. It communicates over internal sockets instead of using an exposed network port.

All three formats utilize the LDAP protocol, but the last two indicate additional information about how it is being used.