Last updated: 30-Oct-97
So, for some reason or another you have to figure out more about this stuff variously called X.500, LDAP, "the Directory", the "White Pages Project", etc.....and you're very confused and can't figure out where to start, which documents are relevant to what aspects of this crazy stuff, which ones to read first, which ones provide an overview, where to get what software or anything else. Well, I've been there and done that and thought that I'd put together a kind of road map and high-level FAQ (Frequently Asked Questions) that points off to other Web sites and various docs and kinda provide a helping hand to getting started with this complex, but way-cool, Directory stuff.
X.500 is an overall model for Directory Services in the OSI world. The model encompasses the overall namespace and the protocol for querying and updating it. The protocol is known as "DAP" (Directory Access Protocol). DAP runs over the OSI network protocol stack -- that, combined with its very rich data model and operation set makes it quite "heavyweight". It is rather tough to implement a full-blown DAP client and have it "fit" on smaller computer systems. Thus, the folks at University of Michigan, with help from the ISODE Consortium, designed and developed...
LDAP, or "Lightweight Directory Access Protocol". LDAP is, like X.500, both an information model and a protocol for querying and manipulating it. LDAP's overall data and namesapce model is essentially that of X.500. The major difference is that the LDAP protocol itself is designed to run directly over the TCP/IP stack, and it lacks some of the more esoteric DAP protocol functions.
A major part of X.500 is that it defines a global directory structure. It is essentially a directory web in much the same way that http & html are used to define & implement the gobal hypertext web. Anyone with an X.500 or LDAP client may peruse the global directory just as they can use a web browser to peruse the global Web. Additionally, with the help of web<->X.500 gateways, you can use your favorite web browser to peruse both!
Yes, I have personally done some nominal performance testing on UMich slapd. The results are available here.
Understanding LDAP and X.500, David Goodman & Colin Robbins, European Electronic Messaging Association; v2.0, August 1997.
The following is an annotated list of pointers to information sources. Start at the begining if you're an X.500/LDAP/Directory newbie. Else, peruse the list and start whereever seems appropriate. Happy hunting...
Additionally, below's the slides from a talk I've written. It provides an introduction to LDAP, discusses organization and content, and presents directory deployment considerations...
The Attendant Fine Print:
This document doesnot purport to be the last, best, or most recent word on LDAP or developments in the directory community. THIS DOCUMENT IS UPDATED AND OTHERWISE MAINTAINED ON A BEST-EFFORTS BASIS. This information is provided AS IS, with no guaranties at all. It is the readers' responsibility to keep themselves up-to-date and aware of developments by whatever means they have available. I trust the pointers and info here help in that effort.
Please be sure to peruse the pages pointed to in the last three (3) items above for information that is likely more current, in terms of recent developments, than that here. Thanks.
Start here if you're just beginning...
These are basic introductory documents to directory services in general, and X.500 and LDAP in particular. I've arranged them to be read nominally in this order -- but that's entirely up to the reader. There's a fair amount of overlap in the overview docs, fyi....
Sections 1.1 and 1.2 of the above gives a succinct definition of directory services, and then gives an introductory definition of LDAP based upon it.
This paper gives a good overview of the X.500 model, and then describes the LDAP model and rationale in detail.
These papers have salient information about directory services, though they are quite vendor-specific...
The PC Webopaedia is a good starting point to learn about many aspects of Internet technologies and to find definitions of and further resources for technical terms. It is a product of Sandy Bay Software and is advertiser-supported.
This RFC gives a good, concise overview of the X.500 model.
This RFC builds upon the one above to provide a more detailed technical introduction to how X.500-based directory services work.
This RFC provides an overview of both X.500 basics, plus how X.500-based Directory services globally work in a broad sense.
This RFC is an Internet "Draft Standard". It is the technical counterpart to the "Lightweight Directory Access Protocl: X.500 Lite" paper referenced above, and denotes version 2 of the LDAP protocol (LDAPv2). The Applications area director has stated that LDAPv2 will not progress to "full standard" because of various perceived dificiencies. Thus the IETF's Access and Sychronization of Internet Directories working group is working on LDAPv3. See the section about the IETF working groups, below.
This RFC documents the API that LDAP clients utilize to interact with the Directory. This API is implemented in "libldap.a", the code to which is available at the UMich LDAP/X.500 client, server, and general resource repository
This RFC is defines exactly what its title sez it defines. See RFC 1823 shows how search filters are used by the LDAP API.
This is The Book for folks who want to do exactly what its title says. In quality bookstores near you.
Look here if you understand the basics and are wondering about stuff such as attributes, their syntaxes, object classes, etc.
These documents discuss Directory attributes and their syntaxes. You need to read this stuff if you're setting up your directory and mapping your organization's information into the it and/or if you're creating new attributes.
The above defines a small set of "short" attribute names, although it doesn't define the full set as is commonly in present use within the LDAP community. Clearly defining those is a topic of future work in the IETF directory-oriented working groups.
The above item is a good overview of the subject matter, though
with a Quipu orientation. Quipu is an (old) X.500 server
implementation from ISODE, Ltd.
This RFC discusses how to organize one's directory. It applies to standalone LDAP-based directories as well as X.500-based ones.
Once you have a directory with information in it, you need to be able to search for information. One uses "filters" to specify one's searches. The RFC below specifies LDAPv2 search filters..
The documents below discuss the details of how information in the LDAP protocol is actually encoded. Note that UTF-8 isn't actually used yet (I believe), but is being discussed in terms of being specified in the LDAP V3 Internet-Draft. See the section on IETF directory service work , below, for info about what's going on in the various IETF directory-services-oriented working groups.
Start here if you already know the basics and are wondering about underlying details or about what all can be built with them...
This paper describes how we might utilize LDAP and the DNS to achieve a directory service framework in the near term. It specifically proposes a new DNS record, "DX", to be used to locate an administrative domain's directory service. The DX concept has been recently superseeded however, by the "SRV" (service) record concept, which could be utilized instead. See rfc2052, below.
There is a fair amount of work going on currently in the IETF on directory services in general, and X.500/LDAP in particular. Most of this work is occuring within the Applications area of the IETF.
Do note, though, that the IETF doesn't "work on" X.500 directly. That is the domain of the International Telecommunications Union (ITU). The IETF's work in regards to X.500(93) (and future X.500 versions) is or will be in terms of...
Thus said, the three relevant working groups within the Applications Area are...
There is much current work going on in the ASID working group on the next version (i.e. V3) of LDAP (be sure to see this section below for links to additional LDAP info, including an LDAPv3 info repository), also an "application/directory" content type for MIME, URL syntax for LDAP, an objectclass and attribute to hold URIs, "dynamic directory" usage for LDAP-based directories, etc.
The best way to understand and follow the direction of current developments and get up-to-speed on it is to read the Internet Drafts. See the ASID web page for the current list of applicable internet drafts including the LDAPv3 ones (look towards the bottom of that page).
If you want to know about existing standards, refer to the above sections of this page, and/or visit an RFC repository.
The IDS working group is working on an "Internet White Pages Schema" for a generic "person". They are also working on guidelines for deploying and running an Internet white pages service, privacy issues, and other topics oriented towards actually using and building stuff on top of a directory infrastructure. See the IDS page for their precise charter and a list of applicable IDs (Internet Drafts).
The FIND group is working on a "common indexing protocol" which would help to ease the cost of high-level searches (and other stuff). An example of a high level search is "please find Joe User whom I believe works in some public job in the state of colorado". This work is intended to be independent of any particular directory access protocol -- specifically to be useful to LDAP, Whois++, and CCSO. See the FIND page for relevant info.
Note that there is a large intersection between the work of these three groups. For example, people deploying LDAP-based directories (perhaps for some enterprise, say) might desire to use the gneric white-pages schema for their people entries, and also support the common indexing protocol in whatever appropriate fashion such that their entries can be appropriately found in high-level searches.
This page simply lists just what it sez, but it also has links to the RFC and Internet-Draft repository at Information Sciences Institute (ISI).
These are places to pick up both more detailed info and actual implementations...
Get yer LDAP clients (for Mac, PC, and UNIX/X) here, as well as servers and other goodies. Note that this site also has the complete Standalone Ldap Daemon (slapd) documentation on-line, as well as other documents and pointers to further information. Be sure to see the link to the patch repository, below.
Get yer full-blown, native X.500 server technology and information here. Also a second site for LDAP stuff.
Here's pointers to other pages about LDAP in particular. Given that you are reading this page, you should also take the time to peruse these other pages -- I don't claim that this page has the last word on LDAP developments...
The above module is based on the Netscape LDAP SDK (aka client-side library) and includes example working CGI scripts which implement a web-based directory frontend.
Here's pointers to other Web pages about X.500 itself. Some of these, like Nexor's pages, are general info sources about the X.500/LDAP-based directory(ies). Other's, like SURFnet's and UMich's, are documents relating to their particular Directory infrastructure and are quite interesting as examples of how Internet-wide directory participants can package & deliver their product both to their users and to the Internet at large...
"LDAP and X.500 and not title:"Web500gw" with ranking spec of: "ldap X.500 repository FAQ experience"
Here's pointers to various organization's directories, and to pages with info about their directory projects (but be sure to peruse some of the links above too, such as the ISODE Consortium and Nexor)...
Please email me if you find any issues with links and/or the content of this document. Thanks.
This page is revised from time-to-time -- as are many documents, software, and race cars.
You're visitor number "one of many" since 2 May 1996