Central store for user accounts
An LDAP directory is a hierarchical database. It is typically employed to store user information and passwords in one location, simplifying account administration and centralising credentials authentication.
LDAP directories fall under the category of NoSQL databases and have existed long before the term became popular :-)
The filesystem analogy
A good way to explain the essence of LDAP is by drawing a comparison to a computer file system.
LDAP directories share many similarities with a file system
A file system consists of files in a tree-like structure.
An LDAP directory consists of entries in a tree-like structure.
- A file in a file system is an arbitrary blob of text or binary data.
- A directory entry is a collection of attributes, or name / value pairs. Attributes may be text or binary. They may be mandatory or optional, single or multi-valued.
A file in a file system has a name, e.g.
tax-report-2010.xml. The file name must be unique within the containing folder.
An entry in a directory branch has a relative distinguished name (RDN), e.g.
cn=Alice Wonderland. The RDN comes from an existing name/value pair in the entry that was chosen to become the entry’s name (or title). RDNs must also be unique within the containing directory branch.
A file in a file system is uniquely identified by its path, e.g.
An entry in a directory is identified by its distinguished name (DN), which is formed by the chain of RDNs leading all the way to the directory root, e.g.
cn=Alice Wonderland, ou=people, dc=wonderland, dc=net.
Here is a truncated example directory entry of a user, in LDIF (LDIF stands for LDAP data interchange format).
The distinguished name (DN) is on the first line, the name/value pair serving as RDN on the second.
dn: uid=alice,ou=people,dc=wonderland,dc=net uid: alice objectClass: inetorgperson objectClass: organizationalperson objectClass: person objectClass: top cn: Alice Wonderland sn: Wonderland employeeNumber: 18001 givenName: Alice initials: AA mail: firstname.lastname@example.org mobile: +1 010 154 3228 userPassword:: c2VjcmV0
If you want to learn more about LDAP in here is a good resource to start with: