LDAP, Lightweight Directory Access Protocol

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: TCP/IP.
Protocol type:Application layer directory service access protocol.
Port:389 (TCP).
MIME subtype:
SNMP MIBs: iso.org.dod.internet.directory.pcelsSchema (
Working groups: asid, Access, Searching and Indexing of Directories. Concluded February 1999.
calsch, Calendaring and Scheduling. Concluded September 2004.
ldapbis, LDAP (v3) Revision.
ldapext, LDAP Extension.
ldup, LDAP Duplication/Replication/Update Protocols.
Links: IANA: LDAP Directory Systems Names.
IANA: LDAP parameters.

LDAP was designed to provide access to the X.500 Directory without incurring the resource requirements of the Directory Access Protocol (DAP).

RFC 1777:

This protocol is specifically targeted at simple management applications and browser applications that provide simple read/write interactive access to the X.500 Directory, and is intended to be a complement to the DAP itself. Key aspects of LDAP are:

  1. Protocol elements are carried directly over TCP or other transport, bypassing much of the session/presentation overhead.
  2. Many protocol data elements are encoding as ordinary strings (e.g.,Distinguished Names).
  3. A lightweight BER encoding is used to encode all protocol elements.

MAC header IP header TCP header LDAP message

Protocol Mechanisms.

1.2.826.0.1.3344810.2.3controlMatched Values Control. RFC 3876
1.2.840.113556.1.4.473controlSort Request. RFC 2891
1.2.840.113556.1.4.474controlSort Response. RFC 2891 Sync Request Control. RFC 3928 Sync Update Control. RFC 3928 Sync Done Control. RFC 3928 Operation. RFC 3909 Control. RFC 4528 Pre-read Control. RFC 4527 Post-read Control. RFC 4527 RFC 4525 Transaction Extended Request. RFC 5805 Specification Control. RFC 5805 Transaction Extended Request. RFC 5805 noticeAborted Transaction Notice.RFC 5805 Don't Use Copy Control. RFC 6171 Refresh. RFC 2589 TLS. RFC 2830, RFC 4511, RFC 4513 Operational Attributes. RFC 3673 AD Lists. RFC 4529 filters. RFC 4526 Tag Options. RFC 3866 Range Options. RFC 3866 Content Synchronization Control. RFC 4533 RFC 3672 Password. RFC 3062 am I? RFC 4532 LDAP ExtendedRequest message. RFC 4373 LDAP ExtendedResponse message. RFC 4373 LDAP ExtendedRequest message. RFC 4373 LDAP ExtendedResponse message. RFC 4373 LDAP ExtendedRequest message. RFC 4373 LDAP ExtendedResponse message. RFC 4373 Incremental Update style OID. RFC 4373 Turn Operation. RFC 4531
2.16.840.1.113730.3.4.2controlManageDsaIT. RFC 3296
2.16.840.1.113730.3.4.15controlAuthorization Identity Response Control. RFC 3829
2.16.840.1.113730.3.4.16controlAuthorization Identity Request Control. RFC 3829
2.16.840.1.113730.3.4.18controlProxy Authorization Control. RFC 4370

Object Identifier Descriptors:

 Attribute Typeadd (reserved for LDIF.)RFC 2849
0.9.2342.19200300.100.1.1Attribute Typeuid, userId RFC 4519
0.9.2342.19200300.100.1.3Attribute Typemail RFC 4524
0.9.2342.19200300.100.1.4Attribute Typeinfo RFC 4524
0.9.2342.19200300.100.1.5Attribute Typedrink RFC 4524
0.9.2342.19200300.100.1.6Attribute TyperoomNumber RFC 4524
0.9.2342.19200300.100.1.8Attribute TypeuserClass RFC 4524
0.9.2342.19200300.100.1.9Attribute Typehost RFC 4524
0.9.2342.19200300.100.1.11Attribute TypedocumentIdentifier RFC 4524
0.9.2342.19200300.100.1.10Attribute Typemanager RFC 4524
0.9.2342.19200300.100.1.12Attribute TypedocumentTitle RFC 4524
0.9.2342.19200300.100.1.13Attribute TypedocumentVersion RFC 4524
0.9.2342.19200300.100.1.14Attribute TypedocumentAuthor RFC 4524
0.9.2342.19200300.100.1.15Attribute TypedocumentLocation RFC 4524
0.9.2342.19200300.100.1.20Attribute TypehomePhone RFC 4524
0.9.2342.19200300.100.1.21Attribute Typesecretary RFC 4524
0.9.2342.19200300.100.1.25Attribute TypeDC, domainComponent RFC 4519
0.9.2342.19200300.100.1.31Attribute TypecNAMERecordRFC 1274
0.9.2342.19200300.100.1.37Attribute TypeassociatedDomain RFC 4524
0.9.2342.19200300.100.1.38Attribute TypeassociatedName RFC 4524
0.9.2342.19200300.100.1.39Attribute TypehomePostalAddress RFC 4524
0.9.2342.19200300.100.1.40Attribute TypepersonalTitle RFC 4524
0.9.2342.19200300.100.1.41Attribute Typemobile RFC 4524
0.9.2342.19200300.100.1.42Attribute Typepager RFC 4524
0.9.2342.19200300.100.1.43Attribute Typeco RFC 4524
0.9.2342.19200300.100.1.44Attribute TypeuniqueIdentifier RFC 4524
0.9.2342.19200300.100.1.45Attribute TypeorganizationalStatus RFC 4524
0.9.2342.19200300.100.1.47Attribute TypemailPreferenceOptionRFC 1274
0.9.2342.19200300.100.1.48Attribute TypebuildingName RFC 4524
0.9.2342.19200300.100.1.50Attribute TypesingleLevelQuality RFC 4524
0.9.2342.19200300.100.1.56Attribute TypedocumentPublisher RFC 4524
0.9.2342.19200300.100.4.5Object Classaccount RFC 4524
0.9.2342.19200300.100.4.6Object Classdocument RFC 4524
0.9.2342.19200300.100.4.7Object Classroom RFC 4524
0.9.2342.19200300.100.4.8Object ClassdocumentSeries RFC 4524
0.9.2342.19200300.100.4.13Object Classdomain RFC 4524
0.9.2342.19200300.100.4.14Object ClassRFC822LocalPart RFC 4524
0.9.2342.19200300.100.4.15Object ClassdNSDomainRFC 1274
0.9.2342.19200300.100.4.17Object ClassdomainRelatedObject RFC 4524
0.9.2342.19200300.100.4.18Object ClassfriendlyCountry RFC 4524
0.9.2342.19200300.100.4.19Object ClasssimpleSecurityObject RFC 4524 ClassuidObject RFC 4519 TypeuddiBusinessKey RFC 4403 TypeuddiAuthorizedName RFC 4403 TypeuddiOperator RFC 4403 TypeuddiName RFC 4403 TypeuddiDescription RFC 4403 TypeuddiDiscoveryURLs RFC 4403 TypeuddiUseType RFC 4403 TypeuddiPersonName RFC 4403 TypeuddiPhone RFC 4403 TypeuddiEMail RFC 4403 TypeuddiSortCode RFC 4403 TypeuddiTModelKey RFC 4403 TypeuddiAddressLine RFC 4403 TypeuddiIdentifierBag RFC 4403 TypeuddiCategoryBag RFC 4403 TypeuddiKeyedReference RFC 4403 TypeuddiServiceKey RFC 4403 TypeuddiBindingKey RFC 4403 TypeuddiAccessPoint RFC 4403 TypeuddiHostingRedirector RFC 4403 TypeuddiInstanceDescription RFC 4403 TypeuddiInstanceParms RFC 4403 TypeuddiOverviewDescription RFC 4403 TypeuddiOverviewURL RFC 4403 TypeuddiFromKey RFC 4403 TypeuddiToKey RFC 4403 TypeuddiUUID RFC 4403 TypeuddiIsHidden RFC 4403 TypeuddiIsProjection RFC 4403 TypeuddiLang RFC 4403 Typeuddiv3BusinessKey RFC 4403 Typeuddiv3ServiceKey RFC 4403 Typeuddiv3BindingKey RFC 4403 Typeuddiv3TmodelKey RFC 4403 Typeuddiv3DigitalSignature RFC 4403 Typeuddiv3NodeId RFC 4403 Typeuddiv3EntityModificationTime RFC 4403 Typeuddiv3SubscriptionKey RFC 4403 Typeuddiv3SubscriptionFilter RFC 4403 Typeuddiv3NotificationInterval RFC 4403 Typeuddiv3MaxEntities RFC 4403 Typeuddiv3ExpiresAfter RFC 4403 Typeuddiv3BriefResponse RFC 4403 Typeuddiv3EntityKey RFC 4403 Typeuddiv3EntityCreationTime RFC 4403 Typeuddiv3EntityDeletionTime RFC 4403 ClassuddiBusinessEntity RFC 4403 ClassuddiContact RFC 4403 ClassuddiAddress RFC 4403 ClassuddiBusinessService RFC 4403 ClassuddiBindingTemplate RFC 4403 ClassuddiTModelInstanceInfo RFC 4403 ClassuddiTModel RFC 4403 ClassuddiPublisherAssertion RFC 4403 Classuddiv3Subscription RFC 4403 Classuddiv3EntityObituary RFC 4403 FormuddiBusinessEntityNameForm RFC 4403 FormuddiContactNameForm RFC 4403 FormuddiAddressNameForm RFC 4403 FormuddiBusinessServiceNameForm RFC 4403 FormuddiBindingTemplateNameForm RFC 4403 FormuddiTModelInstanceInfoNameForm RFC 4403 FormuddiTModelNameForm RFC 4403 FormuddiPublisherAssertionNameForm RFC 4403 Formuddiv3SubscriptionNameForm RFC 4403 Formuddiv3EntityObituaryNameForm RFC 4403 ClassvPIMUser RFC 4237 TypevPIMTelephoneNumber RFC 4237 TypevPIMRfc822Mailbox RFC 4237 TypevPIMSpokenName RFC 4237 TypevPIMSupportedUABehaviors RFC 4237 TypevPIMSupportedAudioMediaTypes RFC 4237 TypevPIMSupportedMessageContext RFC 4237 TypevPIMTextName RFC 4237 TypevPIMExtendedAbsenceStatus RFC 4237 TypevPIMMaxMessageSize RFC 4237 TypevPIMSubMailboxes RFC 4237 UUID RFC 4530 RuleuuidMatch RFC 4530 RuleuuidOrderingMatch RFC 4530 TypeentryUUID RFC 4530 TypeadministratorsAddress RulecaseExactIA5Match RFC 4517 RulecaseIgnoreIA5Match RFC 4517 RulecaseIgnoreIA5SubstringsMatch RFC 4517 ClassdcObject RFC 4519 Typecn, commonName RFC 4519 Typesn, surname RFC 4519 TypeserialNumber RFC 4519 Typec, countryName RFC 4519 TypeL, localityName RFC 4519 Typest RFC 4519 Typestreet RFC 4519 Typeo, organizationName RFC 4519 TypeorganizationalUnitName RFC 4519 Typetitle RFC 4519 Typedescription RFC 4519 TypesearchGuide RFC 4519 TypebusinessCategory RFC 4519 TypepostalAddress RFC 4519 TypepostalCode RFC 4519 TypepostOfficeBox RFC 4519 TypephysicalDeliveryOfficeName RFC 4519 TypetelephoneNumber RFC 4519 TypetelexNumber RFC 4519 TypeteletexTerminalIdentifier RFC 4519 TypefacsimileTelephoneNumber RFC 4519 Typex121Address RFC 4519 TypeinternationaliSDNNumber RFC 4519 TyperegisteredAddress RFC 4519 TypedestinationIndicator RFC 4519 TypepreferredDeliveryMethod RFC 4519 Typemember RFC 4519 Typeowner RFC 4519 TyperoleOccupant RFC 4519 TypeseeAlso RFC 4519 TypeuserPassword RFC 4519 TypeuserCertificate RFC 4523 TypecACertificate RFC 4523 TypeauthorityRevocationList RFC 4523 TypecertificateRevocationList RFC 4523 TypecrossCertificatePair RFC 4523 Typename RFC 4519 TypegivenName RFC 4519 Typeinitials RFC 4519 TypegenerationQualifier RFC 4519 Typex500UniqueIdentifier RFC 4519 TypednQualifier RFC 4519 TypeenhancedSearchGuide RFC 4519 TypedistinguishedName RFC 4519 TypeuniqueMember RFC 4519 TypehouseIdentifier RFC 4519 TypesupportedAlgorithms RFC 4523 TypedeltaRevocationList RFC 4523 Classcountry RFC 4519 Classlocality RFC 4519 Classorganization RFC 4519 ClassorganizationalUnit RFC 4519 ClasspersonRFC 4519 ClassorganizationalPersonRFC 4519 ClassorganizationalRoleRFC 4519 ClassgroupOfNamesRFC 4519 ClassresidentialPersonRFC 4519 ClassapplicationProcessRFC 4519 ClassdeviceRFC 4519 ClassstrongAuthenticationUser RFC 4523 ClasscertificationAuthority RFC 4523 ClasscertificationAuthority-V2 RFC 4523 ClassgroupOfUniqueNamesRFC 4519 ClassuserSecurityInformation RFC 4523 ClasscRLDistributionPoint RFC 4523 ClasspkiUser RFC 4523 ClasspkiCA RFC 4523 ClassdeltaCRL RFC 4523 RuleobjectIdentifierMatch RFC 4517 RuledistinguishedNameMatch RFC 4517 RulecaseIgnoreMatch RFC 4517 RulecaseIgnoreOrderingMatch RFC 4517 RulecaseIgnoreSubstringsMatch RFC 4517 RulecaseExactMatchRFC 4517 RulecaseExactOrderingMatchRFC 4517 RulecaseExactSubstringsMatchRFC 4517 RulenumericStringMatchRFC 4517 RulenumericStringOrderingMatchRFC 4517 RulenumericStringSubstringsMatchRFC 4517 RulecaseIgnoreListMatchRFC 4517 RulecaseIgnoreListSubstringsMatchRFC 4517 RulebooleanMatchRFC 4517 RuleintegerMatchRFC 4517 RuleintegerOrderingMatchRFC 4517 RulebitStringMatchRFC 4517 RuleoctetStringMatchRFC 4517 RuleoctetStringOrderingMatchRFC 4517 RuletelephoneNumberMatchRFC 4517 RuletelephoneNumberSubstringsMatchRFC 4517 RuleuniqueMemberMatchRFC 4517 RulegeneralizedTimeMatchRFC 4517 RulegeneralizedTimeOrderingMatchRFC 4517 RuleintegerFirstComponentMatch RFC 4517 RuleobjectIdentifierFirstComponentMatch RFC 4517 RuledirectoryStringFirstComponentMatch RFC 4517 RulewordMatch RFC 4517 RulekeywordMatch RFC 4517 RulecertificateExactMatch RFC 4523 RulecertificateMatch RFC 4523 RulecertificatePairExactMatch RFC 4523 RulecertificatePairMatch RFC 4523 RulecertificateListExactMatch RFC 4523 RulecertificateListMatch RFC 4523 RulealgorithmIdentifierMatch RFC 4523 TypeadministrativeRoleRFC 3672 RoleautonomousArea                        RRFC 3672 RoleaccessControlSpecificArea RFC 3672 RoleaccessControlInnerArea RFC 3672 RolesubschemaAdminSpecificArea RFC 3672 RolecollectiveAttributeSpecificAreaRFC 3672


DIT, Directory Information Tree.

DN, Distinguished Name.

DSE, DSA-specific Entry.

DUA, Directory User Agent.

OID, Object identifier.

RDN, Relative distinguished name.


[RFC 1823] The LDAP Application Program Interface.

[RFC 1959] An LDAP URL Format.

[RFC 1960] A String Representation of LDAP Search Filters.

[RFC 2164] Use of an X.500/LDAP directory to support MIXER address mapping.

[RFC 2247] Using Domains in LDAP/X.500 Distinguished Names.

[RFC 2307] An Approach for Using LDAP as a Network Information Service.

[RFC 2589] Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services.

[RFC 2649] An LDAP Control and Schema for Holding Operation Signatures.

[RFC 2657] LDAPv2 Client vs. the Index Mesh.

[RFC 2696] LDAP Control Extension for Simple Paged Results Manipulation.

[RFC 2713] Schema for Representing Java(tm) Objects in an LDAP Directory.

[RFC 2714] Schema for Representing CORBA Object References in an LDAP Directory.

[RFC 2739] Calendar Attributes for vCard and LDAP.

[RFC 2798] Definition of the inetOrgPerson LDAP Object Class.

[RFC 2820] Access Control Requirements for LDAP.

[RFC 2849] The LDAP Data Interchange Format (LDIF) - Technical Specification.

[RFC 2891] LDAP Control Extension for Server Side Sorting of Search Results.

[RFC 2926] Conversion of LDAP Schemas to and from SLP Templates.

[RFC 2927] MIME Directory Profile for LDAP Schema.

[RFC 3045] Storing Vendor Information in the LDAP root DSE.

[RFC 3062] LDAP Password Modify Extended Operation.

[RFC 3088] OpenLDAP Root Service, An experimental LDAP referral service.

[RFC 3112] LDAP Authentication Password Schema.

[RFC 3296] Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories.

[RFC 3384] Lightweight Directory Access Protocol (version 3) Replication Requirements.

[RFC 3494] Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status.

[RFC 3663] Domain Administrative Data in Lightweight Directory Access Protocol (LDAP).

[RFC 3671] Collective Attributes in the Lightweight Directory Access Protocol (LDAP).

[RFC 3672] Subentries in the Lightweight Directory Access Protocol (LDAP).

[RFC 3673] Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes.

[RFC 3687] Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules.

[RFC 3698] Lightweight Directory Access Protocol (LDAP): Additional Matching Rules.

[RFC 3703] Policy Core Lightweight Directory Access Protocol (LDAP) Schema.

[RFC 3712] Lightweight Directory Access Protocol (LDAP): Schema for Printer Services.

[RFC 3727] ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules.

[RFC 3829] Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls.

[RFC 3866] Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP).

[RFC 3876] Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3).

[RFC 3909] Lightweight Directory Access Protocol (LDAP) Cancel Operation.

[RFC 3928] Lightweight Directory Access Protocol (LDAP) Client Update Protocol (LCUP).

[RFC 3944] H.350 Directory Services.

[RFC 4104] Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS).

[RFC 4237] Voice Messaging Directory Service.

[RFC 4370] Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control.

[RFC 4373] Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP).

[RFC 4403] Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3).

[RFC 4510] Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map.

[RFC 4511] Lightweight Directory Access Protocol (LDAP): The Protocol.

[RFC 4512] Lightweight Directory Access Protocol (LDAP): Directory Information Models.

[RFC 4513] Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms.

[RFC 4514] Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names.

[RFC 4515] Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters.

[RFC 4516] Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator.

[RFC 4517] Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules.

[RFC 4518] Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation.

[RFC 4519] Lightweight Directory Access Protocol (LDAP): Schema for User Applications.

[RFC 4520] Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP).

[RFC 4521] Considerations for Lightweight Directory Access Protocol (LDAP) Extensions.

[RFC 4522] Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option.

[RFC 4523] Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates.

[RFC 4524] COSINE LDAP/X.500 Schema.

[RFC 4525] Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension.

[RFC 4526] Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters.

[RFC 4527] Lightweight Directory Access Protocol (LDAP) Read Entry Controls.

[RFC 4528] Lightweight Directory Access Protocol (LDAP) Assertion Control.

[RFC 4529] Requesting Attributes by Object Class in the Lightweight Directory Access Protocol (LDAP).

[RFC 4530] Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute.

[RFC 4531] Lightweight Directory Access Protocol (LDAP) Turn Operation.

[RFC 4532] Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation.

[RFC 4533] The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation.


Obsolete RFCs:

[RFC 1487] X.500 Lightweight Directory Access Protocol.

[RFC 1488] The X.500 String Representation of Standard Attribute Syntaxes.

[RFC 1558] A String Representation of LDAP Search Filters.

[RFC 1777] Lightweight Directory Access Protocol.

[RFC 1778] The String Representation of Standard Attribute Syntaxes.

[RFC 1779] A String Representation of Distinguished Names.

[RFC 1838] Use of the X.500 Directory to support mapping between X.400 and RFC 822 Addresses.

[RFC 2251] Lightweight Directory Access Protocol (v3).

[RFC 2252] Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions.

[RFC 2253] Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names.

[RFC 2254] The String Representation of LDAP Search Filters.

[RFC 2255] The LDAP URL Format.

[RFC 2256] A Summary of the X.500(96) User Schema for use with LDAPv3.

[RFC 2559] Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2.

[RFC 2587] Internet X.509 Public Key Infrastructure LDAPv2 Schema.

[RFC 2596] Use of Language Codes in LDAP.

[RFC 2829] Authentication Methods for LDAP.

[RFC 2830] Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security.

[RFC 3377] Lightweight Directory Access Protocol (v3): Technical Specification.

[RFC 3383] Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP).

[RFC 3674] Feature Discovery in Lightweight Directory Access Protocol (LDAP).

[RFC 3771] The Lightweight Directory Access Protocol (LDAP) Intermediate Response Message.

Description Glossary RFCs Publications Obsolete RFCs