More about Directory Server and OpenDS Margin Notes

In the LDAP client-server model, directory servers make information about people, organizations, and resources accessible to LDAP client applications. LDAP defines operations that clients use to search and update the directory. An LDAP client can perform these operations, among others:

• Search for and retrieve entries from the directory
• Add new entries to the directory
• Update entries in the directory
• Delete entries from the directory
• Rename entries in the directory

For example, to update an entry, an LDAP client submits the distinguished name (DN) of the entry with updated attribute information to the LDAP server. The LDAP server uses the distinguished name to find the entry. The server then performs a modify operation to update the entry in the directory.

To perform any of these LDAP operations, an LDAP client needs to establish a connection with an LDAP server. The LDAP protocol specifies the use of TCP/IP port number 389, although servers can listen on other ports, such as 636 for LDAP/SSL for example.

The LDAP protocol also defines a simple method for authentication. LDAP servers can be set up to restrict permissions to the directory. Before an LDAP client can perform an operation on an LDAP server, the client must authenticate to the server. Clients typically authenticate by supplying a distinguished name and password. If the user identified by the distinguished name does not have permission to perform the operation, the server does not execute the operation.

On the web you can find free LDAP directory client software development kits for creating your own LDAP clients.

Java

• Java Naming and Directory Interface (JNDI) technology supports directory access through LDAP and DSML from Java applications, and is part of the Java platform. With JNDI, you can build powerful, portable, directory-enabled applications that do not depend on classes outside the Java platform. The upside is that you do not need to install additional client libraries. JNDI provides an abstract model that lets you access not only directories, but also naming services in general, including DNS, RMI, COS, and file systems. The downside is that even if you already know LDAP, you still have to learn JNDI. The JNDI Tutorial contains descriptions and examples of how to use JNDI. The tutorial is at http://java.sun.com/products/jndi/tutorial/.
• The Mozilla LDAP Java SDK offers an API that is more readily comprehensible than JNDI if you already know LDAP. The API was the subject of Internet-Draft work that did not result in a standard. The code is published in open source form as part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.
• LDAP SDK for Java from UnboundID provides a recent Java implementation of an LDAP API, with additional features not available in older Java APIs. For more, see http://www.unboundid.com/products/ldapsdk/.
  
• LDAP Classes for Java follow the Internet-Draft work. Novell makes the LDAP Classes for Java available through their developer community. See http://developer.novell.com/wiki/index.php/LDAP_Classes_for_Java.
  

C

• The Mozilla LDAP C SDK, also based on the Internet-Draft work that did not become a standard, is available on a wide range of platforms. The Mozilla LDAP C SDK also provides support for core LDAP operations, and for LDAP v3 extensions and widely used controls. Sun Directory Server uses this API, as does the address book applications associated with Firefox. (Try a valid LDAP URL in your browser.)  Mozilla LDAP C SDK code is published in open source form as part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.
• OpenLDAP C API  Many GNU/Linux distributions provide OpenLDAP support. The OpenLDAP C API is based on an Internet-Draft for that never became a standard. The API closely follows LDAPv3, providing support for core LDAP operations and for LDAPv3 extensions and widely used controls. LDAP support for languages such as PHP and Python is available through wrappers for OpenLDAP. For an introduction to the OpenLDAP API, see the LDAP(3) man page.
  
• Solaris LDAP C API  The native LDAP library on Solaris systems provides nearly the same API as the Mozilla C SDK. Many clients need only be recompiled to work with Solaris libldap. The LDAP library on Solaris systems is not however compatible with libldap from OpenLDAP. For an introduction to the Solaris OS libldap library, see the ldap(3LDAP) man page. (Thanks for reading my non-cross-platform plug. ;-)
  

Perl

• Perl Net::LDAP is the official collection of modules, written in pure Perl. For more, see http://ldap.perl.org/. 
• PerLDAP is written in Perl and C. PerLDAP is part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.

PHP

PHP can be compiled with LDAP wrappers for the OpenLDAP C implementation. You must download the OpenLDAP libraries to use the PHP LDAP API. See http://php.net/manual/en/book.ldap.php.

Python

The python-ldap package wraps the OpenLDAP C implementation, with additional capabilities to handle LDIF, LDAP URLs, and so forth. See http://www.python-ldap.org/.

Other Languages

The list here is a start. A number of other languages also provide LDAP support. Ruby has the Ruby/LDAP extension module. An Objective-C LDAP framework is available. So is LDAP support in C#. There are no doubt others.