An LDAP Roadmap & FAQ
A tutorial aid to navigating various LDAP and X.500 resources on the Internet
This is v2.0a
-- a "beta" release -- it is still way under construction. You will find
version 1.5, which may or may not be more up-to-date, HERE.
Apologies for any confusion.
|Last updated: 21-Jan-2001
So, for some reason or another you have to figure out more about this stuff
variously called X.500, LDAP, "the Directory", the "White Pages Project",
etc.....and you're very confused and can't figure out where to start, which
documents are relevant to what aspects of this crazy stuff, which ones
to read first, which ones provide an overview, where to get what software
or anything else. Well, I've been there and done that and thought that
I'd put together a kind of road map and high-level FAQ (Frequently Asked
Questions) that points off to other Web sites and various docs and kinda
provide a helping hand to getting started with this complex, but way-cool,
X.500 is an overall model for Directory Services in the OSI world. The
model encompasses the overall namespace and the protocol for querying and
updating it. The protocol is known as "DAP" (Directory Access Protocol).
DAP runs over the OSI network protocol stack -- that, combined with its
very rich data model and operation set makes it quite "heavyweight". It
is rather tough to implement a full-blown DAP client and have it "fit"
on smaller computer systems. Thus, the folks at University of Michigan,
with help from the ISODE Consortium, designed and developed...
LDAP, or "Lightweight Directory Access Protocol". LDAP is, like X.500,
both an information model and a protocol for querying and manipulating
it. LDAP's overall data and namesapce model is essentially that of X.500.
major difference is that the LDAP protocol itself is designed to run directly
over the TCP/IP stack, and it lacks some of the more esoteric DAP protocol
A major part of X.500 is that it defines a global directory
structure. It is essentially a directory web in much the same way
that http & html are used to define & implement the gobal hypertext
web. Anyone with an X.500 or LDAP client may peruse the global directory
just as they can use a web browser to peruse the global Web. Additionally,
with the help of web<->X.500 gateways, you can use your favorite web
browser to peruse both!
Note: Please help me out and let me know if you find
any stale links in these pages or if you have any other feedback. Thanks,
The following is an annotated list of pointers to information sources.
Start at the begining if you're an X.500/LDAP/Directory newbie.
Else, peruse the list and start whereever seems appropriate. Happy hunting...
The Roadmap Table of Contents
This is not the LDAP FAQ, it is an LDAP FAQ. I don't think
there is "THE LDAP FAQ" (at the time of this writing) in the sense of "the"
FAQs at the Usenet
FAQ archive at rtfm.mit.edu.
This FAQ consists of the pointer below to Mark Wahl's LDAP FAQ (which is
explicitly about the UMich LDAP release), plus questions that aren't covered
in the aforementioned FAQ that I feel I can at least somewhat answer. I
will try to add to this from time-to-time (no guarantees),
but you can help...
An LDAP Frequently Asked Questions (FAQ) List
NOTE: Please do contribute to this FAQ. Feel free to submit
candidate FAQ questions with answers to me
I'll vet them with you over email/phone, and add 'em here (if
they pass editorial muster).
Additional LDAP questions and answers...
What's the significance of LDAP's implied promise of multi-vendor interoperability?
Has anyone done any LDAP performance testing?
What's the relationship between LDAP and X.500? Are they complementory
or competing? Are they diverging or converging? What's the mindset of the
two different standards bodies involved?
Here's an analysis from an X.500/OSI-oriented perspective:
and X.500, David Goodman & Colin Robbins, European Electronic Messaging
Association; v2.0, August 1997. Note: This paper has now become dated,
and is only of historic interest -- rather, you should read the one below..
What's the relationship between an LDAP-based directory and a relational
database (RDBMS)? Isn't an LDAP-based directory just another form of database?
Why shouldn't I just use an RDBMS?
Please do send me contributions and/or bug reports for these pages.
I will list you on the contributors page
if you wish. If I take a while to get back to you it is because
I'm juggling various balls and tend to "batch up" things to do before tackling
them, and also I get 100-200 email messages a day. I will try to at least
send a "I received your message and will add it to the to do list " message
when I receive something. Thanks, Jeff.
You may send your contributions/bug reports to the appropriate address:
Please email me if you
find any issues with links and/or the content of these pages. Thanks.
Currency of Information
and Links in these Roadmap webpages:
These pages are revised from time-to-time -- as are many documents,
and race cars.
Ros Halevi and Jing-Chyi Chao html-ized Tim Howes' LDAP paper.
Thanks to Tim Howes, Mark Smith, Gordon Good, Mark Wahl, Steve Kille, Chris
Apple, Chris Weider, Paul Hoffman, and a host of others for answering (and
continuing to answer) my many questions.
The Attendant Fine Print:
This document doesnot purport to be the
last, best, or most recent word on LDAP or developments in the directory
community. THIS DOCUMENT IS UPDATED AND OTHERWISE MAINTAINED ON A BEST-EFFORTS
BASIS. This information is provided AS IS, with no guaranties at
all. It is the readers' responsibility to keep themselves up-to-date and
aware of developments by whatever means they have available. I trust the
pointers and info here help in that effort.
© 1996-2000 Jeff Hodges, All Rights Reserved