LDAP is a request/response based binary protocol. The client can connect to the server on a channel at TCP/389 port and send REQUESTs. The client can request several operations in parallel. The following operations can be performed:
Bind: Identify the client and optionally perform authentication.
Unbind: Terminate a protocol session.
Search: Search for entries using filters.
Modify: Modify tree entries and attributes.
Add: Request the addition of an entry into the directory.
Delete: Request the deletion of an entry from the directory.
Modify DN: Change the leftmost component of the name of an entry in the directory, or to move a subtree of entries to a new location in the directory.
Compare: Compare an assertion provided with an entry in the directory.
Abandon: Request the server to cancel an outstanding operation.
Extended: This operation is for additional operations to be defined for services not available elsewhere in the protocol.
The protocol operates according to the following general scheme:
The client opens a connection at TCP/389 and binds to an object in the directory tree. The server authenticates the client to this object. If authentication is not required, the client can use the given tree anonymously.
If the authentication process is successful the client can perform requests (i.e. the above mentioned operations: modify, add, delete etc.).
Finally the client unbinds and closes the connection.
The LDAP protocol is described using ASN.1 (Abstract Syntax Notation), and is typically transferred using the Basic Encoding Rules, a subset of ASN.1.
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu