Back to IMesh Toolkit Home Page
Back to IMesh Toolkit Homepage
Subject Gateway Requirements
Technology Review
Work In Hand
  Personalization
Annotation
Reading Lists
OAI Normalization tools
Metadata Exchange
RDF queries
Evaluation
Dissemination
Project Documentation
Related Links
Project Partners
IMesh Home Page

The IMesh Toolkit

[ Work In Hand > Technology Review > Standards and Protocols ]

Lightweight Directory Access Protocol (LDAP)

Overall Purpose
Lightweight Directory Access Protocol is a lightweight standardised directory access protocol. It runs on top of TCP/IP. The first widely available version was LDAP version 2, defined in RFCs 1777 and 1778. LDAP developed out of the X500 directory service, which was seen to be large, complex and difficult to implement.

Brief Overview of Functionality
Four models give guidance on the organisation of data in the directory. The LDAP information model defines the kind of data that can be put into the directory; the LDAP naming model defines how directory data is organised and referred to in the directory; the LDAP functional model defines how directory information is accessed and updated; the security model defines how the information can be protected from unauthorised access. The basic unit of the directory is an entry. Entries consist of attributes; each attribute has a type and one or more values. An entry has a globally-unique Distinguished Name, used to refer to the entry unambiguously. Directory entries are arranged in a hierarchical tree-like structure. LDAP is a client/server protocol. The LDAP protocol is message-based. Clients issue requests to servers (simultaneous multiple requests can be made) and servers return entries to the client. LDAP has nine basic protocol operations, divided into three categories:
  • Interrogation operations: search, compare
  • Update operations: add, delete, modify, modify DN (rename)
  • Authentication and control operations: bind, unbind, abandon.

Deployment
APIs

The original LDAP distribution from the University of Michigan (U-M LDAP) included a C programming library and several sample client programs built on this library. The LDAP C API for LDAP version 2 is documented in RFC 1823, and the University of Michigan Software Development Kit is available at: http://www.umich.edu/~dirsvcs/ldap/.

Other C SDKs are:

A Java API has also been developed by Netscape http://www.mozilla.org (source code). The API specification is at http://www.ietf.org.

PerlLDAP is available from http://www.mozilla.org. Another Perl LDAP SDK is Net::LDAP which is available from http://www.perl.com/CPAN.

Accessing multiple directory systems
JavaSoft and Microsoft have proprietary SDKs that define an interface for accessing multiple directory systems. Microsoft's ADSI (Active Directory Services Interface) is available for VisualBasic, C and C++ http://www.microsoft.com. The Javasoft product JNDI (Java Naming and Directory Interface) is available from http://www.javasoft.com. A number of different directory systems can be accessed from a Java application or applet.

Projects using or investigating LDAP

The Isaac Network
This is a project of the Internet Scout Project team, who are partners in the IMesh toolkit project. The Isaac Network proposes to link geographically distributed collections of metadata into a virtual collection searchable as a unified whole. It uses the Dublin Core as its standard metadata description format. It aims to provide a single user interface to the user for sending a single query, which will reach all relevant subject gateways and return relevant results back to the user. The Isaac Network is unique in achieving this goal in that it uses the shared indexing capabilities of the Common Indexing Protocol (CIP) and the query-routing capabilities of LDAP. The Isaac system claims to be the first to use an LDAP directory for metadata records about resources, and to combine LDAP with CIP in a distributed index-sharing and query-routing architecture.

Isaac consists of three main software components: the metadata repository, the search service and the index service. Within the system, LDAP is operated as follows: The metadata database of the metadata repository is made accessible via LDAP. Referral (query-routing) information is kept by each repository. Using the search service any user (or LDAP application) may have their queries routed to appropriate repositories and processed in parallel. This is possible because of the referral capabilities of the LDAP protocol.

A 1999 paper proposed using LDAP as the basis of a cataloguer's interface to the system, since LDAP supports add, delete and modify operations.

TF-LSD (Task Force - LDAP Services Deployment)

A task force has been established within the technical programme of TERENA [http://www.terena.nl/] the trans-European Research and Education Networking Association, to investigate the usability of LDAPv3 as a base for a wide range of Internet services. TF - LSD will operate for two years from 1st October 2000.

The major objectives of the TF-LSD [http://www.terena.nl/task-forces/] are:
  • to determine the suitability of the LDAPv3 protocol for establishing Directory based network and information services for the research community in Europe;
  • to prepare the establishment of the European-wide pilot White Pages index service;
  • to prepare and coordinate the activity to establish a directory-based Public Key Infrastructure in Europe;
  • to define other directory-based services, useful for the European research community.

Related Standards
LDAP runs over a TCP/IP connection. There is a variety of options for the backend database giving flexibility in the choice of storage for data.

Relevance to IMesh context
Use of LDAP for searching metadata has been demonstrated in the Isaac Network. LDAP is a protocol that could be used for making resource descriptions (metadata) available in a directory-based model.

References
Understanding and Deploying LDAP Directory Services, Howes, T.A., Smith, M.C. and Good, G.S., Macmillan (1999).
Sample chapter available at:
http://www.computerbooksonline.com/chapters/ldapchap.htm

The Isaac Network: LDAP and Distributed Metadata for Resource Discovery
http://computer.org/proceedings/meta/1999/papers/46/clukas.html

OpenLDAP version 2 administrator's guide.
http://www.openldap.org/doc/admin/intro.html#What is LDAP

Other Standards and Protocols
CIP DC LDAP OAI
RDF RSS SDLIP SOAP
WHOIS++ XHTML XML Z39.50

These pages were maintained by Monica Duke and Richard Waller of UKOLN, University of Bath.

This page was last updated on March 14th 2007.

The IMesh Toolkit project was funded under the NSF/JISC International Digital Libraries Initiative from September 1999 to July 2003.