The LDAP protocol enables organizations to arrange and access directory information in a hierarchy. In this context, directory refers to a collection of information, such as a telephone directory, not a collection of files in a folder on a disk drive.
LDAP originated in the mid-1990s as a response to the need to access ISO X.500 directories from computers that had limited processing power. Since then, products such as iPlanet Server have been developed that are native LDAP directory servers. Several companies now provide LDAP access to their directory servers, including Novell NDS, Microsoft Active Directory Services (ADS), Lotus Domino, and Oracle.
An LDAP directory is typically a hierarchically structured database. Each layer in the hierarchy typically corresponds to a level of organizational structure.
The following image shows a simple directory structure:
This example is fully symmetrical: all the entries at each layer are of the same type.
You can also structure an LDAP directory so that the layers under one entry contain different information from the layers under another entry.
The following image shows such an asymmetric directory:
In this directory structure, the second level of the tree divides the directory into two organizational units: people and groups. The third level contains entries with information that is specific to the organizational unit. Each person's entry includes a name, e-mail address, and telephone number. Each group's entry includes the names of group members.
This complexity and flexibility is a key to the usefulness. of LDAP. With it, you can represent any organizational structure.
LDAP offers performance advantages over conventional databases for accessing hierarchical, directory-like information that is read frequently, and changed infrequently.
Although LDAP is often used for e-mail, address, telephone, or other organizational directories, it is not limited to these types of applications. For example, you can store ColdFusion Advanced Security information in an LDAP database.