Lightweight Directory Access Protocol (LDAP) is described in RFC 2251-2256 and RFC 2829-2830. It defines a lightweight access mechanism in which clients send requests to and receive responses from LDAP servers.
The LDAP information model comes from X.500 and is based on the entry, which contains information about some object (for example, a person). Entries are composed of attributes, which have a type and one or more values. Each attribute has a syntax that determines what kinds of values are allowed in the attribute (for example, ASCII characters, a JPEG photograph, etc.) and how those values behave during directory operations (for example, case significant during comparisons).
Entries can be organized in a tree structure, usually based on political, geographical, and organizational boundaries. Other structures are possible, including a flat namespace. Each entry is uniquely named relative to its sibling entries by its relative distinguished name (RDN) consisting of one or more distinguished attribute values from the entry. At the most, one value from each attribute may be used in the RDN. For example, the entry for the person “James Smith” might be named with the “Jonathan Smith” value from the CN (commonName) attribute.
A globally unique name for an entry, called a distinguished name or DN, is constructed by concatenating the sequence of RDNs from the entry up to the root of the tree. For example, if James worked for the Novell Inc., the DN of his Novell entry might be “cn= Jonathan smith,o=Novell,c=US”. The DN format used by LDAP is defined in RFC2253.
Operations are provided to authenticate, search and retrieve information, modify, add and delete entries from the tree.
An LDAP server may return referrals if it cannot completely service a request (for example if the request specifies a directory base outside of the tree managed by the server).
The LDAP libraries for C# offers a programmer the following options: