1. Introduction
X.500, the OSI directory standard [1], defines a comprehensive directory
service, including an information model, a namespace, a functional model,
and an authentication framework. X.500 also defines the Directory Access
Protocol (DAP) used by clients to access the directory. DAP is a full OSI
protocol that contains extensive functionality, much of which is not used
by most applications.
DAP is significantly more complicated than the more prevalent TCP/IP stack
implementations and requires more code and computing horsepower to run.
The size and complexity of DAP make it difficult to run on smaller machines
such as the PC and Macintosh where TCP/IP functionality often comes bundled
with the machine. When the DAP stack implementations are used, they typically
require an involved customization process, which has limited the acceptance
of X.500.
The Lightweight Directory Access Protocol (LDAP) was designed to remove
some of the burden of X.500 access from directory clients, making the directory
available to a wider variety of machines and applications. Building on similar
ideas in the DAS [7] and DIXIE [4] protocols, LDAP runs directly over TCP/IP
or other reliable transport. As we shall see, it simplifies many X.500 operations,
leaving out little-used features and emulating some operations with others.
LDAP uses simple string encodings for most attributes. The result is a low-overhead
access method for the X.500 directory, suitable for use on virtually any
platform.
Section 2 of this paper gives a quick introduction to X.500. Section 3 gives
an overview of LDAP, describing the simplifications it makes to X.500. Section
4 summarizes the key advantages of the LDAP protocol. Section 5 briefly
describes our implementation of LDAP, including our server and client library.
Section 6 compares the performance of DAP and LDAP. Finally, Section 7 describes
some work we are doing that builds on LDAP.
[Contents] [Next]