LDAP (Lightweight Directory Access Protocol) Reference Information

Lightweight Directory Access Protocol (LDAP) is, technically, a protocol for connecting to an enterprise directory. In recent years, the original X.500 standard has been largely supplanted by LDAP protocol servers that also implement the back-end data repository, so "LDAP" has become practically synonymous with "directory." This page provides commonly-needed reference information and links to LDAP-related standards.

LDAP Request-For-Comment (RFC) standards

RFC 2251: LDAP Protocol v3

http://www.ietf.org/rfc/rfc2251.txt

RFC 2252: LDAP Attribute Syntax

http://www.ietf.org/rfc/rfc2252.txt

RFC 2253: LDAP Distinguished Names

http://www.ietf.org/rfc/rfc2253.txt

RFC 2254: LDAP Search Filter Syntax

http://www.ietf.org/rfc/rfc2254.txt

RFC 2255: LDAP URL Format

http://www.ietf.org/rfc/rfc2255.txt

RFC 2256: LDAP X.500 Schema

http://www.ietf.org/rfc/rfc2256.txt

RFC 3383: LDAP and IANA

http://www.ietf.org/rfc/rfc3383.txt

LDAP Object Identifiers (OIDs)

Entities in an LDAP directory are defined by object identifiers (OIDs) that use a syntax similar to that used for the Simple Network Management Protocol (SNMP), a string of decimal numbers separated by periods. The string can be of arbitrary length and arbitrary number of segments, and the leftmost segments are considered "most significant." An OID can be subdivided simply by adding more segments to the end; the collective group of all OIDs beginning with a specific series of numbers is commonly called an "arch."

Many OID arches are reserved by the standard X.500 schema and other LDAP schemas, but there is a specific arch that is reserved for private use within an enterprise. That arch is 1.3.6.1.4.1. Following the private-OID arch, organizations add their own Private Enterprise Number (PEN) to form a sub-arch that belongs totally to that organization and is globally unique. Sine Nomine Associates has been assigned Private Enterprise Number 17297, so our LDAP arch is 1.3.6.1.4.1.17297.

In addition to the publicly-defined and private-enterprise arches, there is a specific arch (1.3.6.1.3) which is reserved by the IANA for experimentation. You can assign OIDs within this arch for temporary purposes, such as testing or for experimenting with your LDAP schema while awaiting assignment of a permanent PEN. OIDs within the experimental arch are not guaranteed to be globally unique, and therefore should not be published external to your organization nor used for production LDAP directories.

Other LDAP Resources

OpenLDAP

An Open Source LDAP directory server
http://www.openldap.org/

PADL Software

A private corporation which has published online technical articles, available for free download, about LDAP and related technologies.
http://www.padl.com/

Sine Nomine Associates provides the above information and links for reference only; corporations mentioned here are not necessarily endorsed or recommended by Sine Nomine Associates.