What is LDAP?

ldap

Solution 1:

I wrote this article a few years ago, which explains the basics of LDAP

Solution 2:

LDAP (Lightweight Directory Access Protocol) is an application level protocol that allows clients to interface with compliant directory services for the purposes of manipulating directory entities or querying the directory for information. One of its primary benefits is to provide a standardized interface for systems across multiple platforms.

On most directory systems LDAP is not the only interface available for communicating with the server. Other native interfaces usually exist which could provide performance and other benefits.

The standard concept behind an LDAP session is this:

  1. Connect to the LDAP compliant server
  2. Bind to the directory at some base level (called the BaseDN). This is usually a container object somewhere within the structure of the directory such as an OU. You may or may not be able to bind anonymously depending on whether or not the directory is configured to allow anonymous access
  3. Execute your query or statement

Queries can be executed as follows:

  • within the same level in the structure that you are bound to (a Base scope query)
  • within the same level or one level below where you are bound to (a One Level scope query)
  • recursively down the entire structure beginning where you are bound (a Subtree sceop query)

Because directories can be very distributed and contain an inordinate amount of information, directory administrators are usually given the option to limit LDAP queries to a certain number of results (1000 is a common max for a result set).

Solution 3:

Think of it as a database that is organized in a tree, so for example you can have a typical structure of a company organized in a natural way. A top level company, with groups/departments under it and employees at the end, which themself can have multiple properties (like name, telephone, mail, address, etc.). Then tell him that it's also suitable for every other data that is organized in a similar way and that it is accessed by an open protocol from various platforms/languages.

Also, from wikipedia: "A directory is a set of objects with attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names (either of persons or organizations) organized alphabetically, with each name having an address and phone number attached."

That's the most newbie friendly explanation i can think of, without going into technical details.

Related

Remote Desktop 100% through browser?
What are the main differences between SRV records and TXT records?
Apache mod_remoteip and access logs
Use Powershell to start a GUI program on a remote machine
Why are users created on the domain controller always part of the domain?
Which tool should I trust, mii-tool and ethtool don't show me the same values
How do I change to the directory I just moved that file to?
How can I set up Redmine => Active Directory authentication?
How can I reset my iPhone 1 without using the (broken) power button?
Does the iPhone 4 geo-tag photos without a data connection?
Deploy iOS app on personal devices
How to toggle between normal, vibrate and silent modes like in Android