LDAP is an open standard protocol for accessing directory information services. The LDAP protocol runs over TCP protocols and other Internet transport protocols. LDAP can be used to access either standalone directory services or X.500 directories. The hardest part about LDAP is its X.500 heritage. X.500 was part of the now failed OSI network protocol suite. There are many good reasons for the OSI suite failing, and one of them is complexity. The suite was designed by a committee, and the old joke "a camel is a horse designed by a committee" is not without justification. From X.500, the IETF (Internet Engineering Task Force) derived and specified LDAP (Lightweight Directory Access Protocol).

LDAP provides the same kind of services as DNS and NIS. When it is combined with SSL (Secure Sockets Layer) and some tricks, it should also be quite secure—unlike DNS and NIS.

LDAP directory service is based on a client/server model, quite similar to NIS. One (or more) LDAP servers contain the data used to make up the LDAP directory tree or backend database. An LDAP client connects to the LDAP server to make a request. The server responds to the request with either an answer or a pointer to where the client can get an answer to its request. One of the biggest benefits of LDAP over NIS is that LDAP servers synchronize in increments that can be pushed immediately to slave servers, whereas NIS synchronizations transfer all the data every time.

The LDAP implementation ...