1. Introduction

X.500, the OSI directory standard [1], defines a comprehensive directory service, including an information model, a namespace, a functional model, and an authentication framework. X.500 also defines the Directory Access Protocol (DAP) used by clients to access the directory. DAP is a full OSI protocol that contains extensive functionality, much of which is not used by most applications.

DAP is significantly more complicated than the more prevalent TCP/IP stack implementations and requires more code and computing horsepower to run. The size and complexity of DAP make it difficult to run on smaller machines such as the PC and Macintosh where TCP/IP functionality often comes bundled with the machine. When the DAP stack implementations are used, they typically require an involved customization process, which has limited the acceptance of X.500.

The Lightweight Directory Access Protocol (LDAP) was designed to remove some of the burden of X.500 access from directory clients, making the directory available to a wider variety of machines and applications. Building on similar ideas in the DAS [7] and DIXIE [4] protocols, LDAP runs directly over TCP/IP or other reliable transport. As we shall see, it simplifies many X.500 operations, leaving out little-used features and emulating some operations with others. LDAP uses simple string encodings for most attributes. The result is a low-overhead access method for the X.500 directory, suitable for use on virtually any platform.

Section 2 of this paper gives a quick introduction to X.500. Section 3 gives an overview of LDAP, describing the simplifications it makes to X.500. Section 4 summarizes the key advantages of the LDAP protocol. Section 5 briefly describes our implementation of LDAP, including our server and client library. Section 6 compares the performance of DAP and LDAP. Finally, Section 7 describes some work we are doing that builds on LDAP.

[Contents] [Next]