What is it?
Lightweight Directory Access Protocol (LDap) is an implementation of the industry standard X.500 directory protocol developed for PCs and the internet. Adoption of X.500 was slow because of its complexity and large footprint - LDap is sometimes called X.500-Lite.
Most of the big platform suppliers have an LDap-based directory product. Analyst firm Meta Group said, "Directory integration is becoming the mainstream issue facing many IT organisations - linking multiple disparate directories in the enterprise as part of an overall identity management strategy."
Directories can be organised to reflect both the geographical and hierarchical structure of organisations and business processes.
Where did it originate?
At the University of Michigan in the early 1990s, as a way of enabling devices with limited computing resources, such as PCs, to access X.500 directories. The Internet Engineering Task Force took over responsibility for LDap, which has become the standard for directory service applications running over IP.
Successive versions of LDap have added security, integration with databases and other applications, and support for different language character sets.
What is it for?
Directories are read more often than written to, so their structure and functionality differs from relational databases, being optimised for fast access to information which does not change often. Directories are used to manage user log-ins, passwords and other authentications, authorisations, e-mail addresses, user profiles, and device locations and configurations.
LDap directories of personal contact information can include physical, telephone, e-mail and other addresses. Parts of this information can be made universally accessible, parts can be updated by the user, and others are under the control of authorised administrators.
Much of this was previously handled by multiple application- or platform-specific directories. LDap allows these to be unified and managed centrally.
What makes it special?
Unlike X.500, LDap is designed for IP. It has a small footprint, is simple to implement and operate and is much faster and less network-intensive than its parent protocol. Unlike application-specific proprietary directories, it supports integration of multiple products, centralisation and unified naming.
How difficult is it to master?
LDap uses a small, simplified set of operations, making it easy for end-users and administrators, and a standardised API for multiple platforms, enabling developers to use the directory information in new and integrated applications.
Where is it used?
As well as user and IT resource directories, LDap products are used for human resources and security management, catalogues of product information, customer profiles and preferences, and student or patient records.
What systems does it run on?
LDap directory software suppliers include Novell, Sun, IBM, Microsoft, Oracle and OpenLDap. Meta said Sun and Novell are the suppliers of choice for systems integrators building identity management systems.
What is coming up?
Integration with other standards and more functionality and security for building identity management applications.
Rates of pay
Network and systems administrators with LDap among their skills can expect a salary of £30,000 and upwards. The highest rates are in security and identity management work.
LDap training is available from directory suppliers - for example, the IBM Directory Server LDap course - or frNiom independent providers such as QA. Free online tutorials are available from the OpenLDap community and Sun.
This was first published in March 2005