Information resources on LDAP and related issues

Back to TF-LSD page

LDAPv3 Core Specifications

RFC 2251 "Lightweight Directory Access Protocol (v3)", Wahl, M., Howes, T., and S. Kille,, December 1997 -
The protocol described in this document is designed to provide access to directories supporting the X.500 models, while not incurring the resource requirements of the X.500 Directory Access Protocol (DAP). This protocol is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. When used with a directory supporting the X.500 protocols, it is intended to be a complement to the X.500 DAP.

RFC 2252 "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions",Wahl, M., Coulbeck, A., Howes, T., and S. Kille, December 1997 -
The Lightweight Directory Access Protocol (LDAP) requires that the contents of AttributeValue fields in protocol elements be octet strings. This document defines a set of syntaxes for LDAPv3, and the rules by which attribute values of these syntaxes are represented as octet strings for transmission in the LDAP protocol. The syntaxes defined in this document are referenced by this and other documents that define attribute types. This document also defines the set of attribute types which LDAP servers should support.

RFC 2253  "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", Wahl, M., Howes, T., and S. Kille, December 1997  -
The X.500 Directory uses distinguished names as the primary keys to entries in the directory. Distinguished Names are encoded in ASN.1 in the X.500 Directory protocols. In the Lightweight Directory Access Protocol, a string representation of distinguished names is transferred. This specification defines the string format for representing names, which is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.

RFC 2254 "The String Representation of LDAP Search Filters", Howes, T., December 1997 -
The Lightweight Directory Access Protocol (LDAP) defines a network representation of a search filter transmitted to an LDAP server. Some applications may find it useful to have a common way of representing these search filters in a human-readable form. This document defines a human-readable string format for representing LDAP search filters.
This document replaces RFC 1960, extending the string LDAP filter definition to include support for LDAP version 3 extended match filters.

RFC 2255 "The LDAP URL Format", Howes T., Smith M., December 1997 -

LDAP is the Lightweight Directory Access Protocol, defined in RFC2251, RFC2252 and RFC2253. This document describes a format for an LDAP Uniform Resource Locator. The format describes an LDAP search operation to perform to retrieve information from an LDAP directory. This document replaces RFC 1959. It updates the LDAP URL format for version 3 of LDAP. This docu- ment also defines a second URL scheme prefix for LDAP running over the TLS protocol defined in.

RFC 2256 "A Summary of the X.500(96) User Schema for use with LDAPv3", Wahl, M., December 1997 -
This document provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients. This is the most widely used schema for LDAP/X.500 directories, and many other schema definitions for white pages objects use it as a basis. This document does not cover attributes used for the administration of X.500 directory servers, nor does it include attributes defined by other ISO/ITU-T documents.

RFC 2307 "An Approach for Using LDAP as a Network Information Service", Howard L., March 1998 -
This document describes an experimental mechanism for mapping entities related to TCP/IP and the UNIX system into X.500 entries so that they may be resolved with the Lightweight Directory Access Protocol. A set of attribute types and object classes are proposed, along with specific guidelines for interpreting them.
The intention is to assist the deployment of LDAP as an organizational nameservice. No proposed solutions are intended as standards for the Internet. Rather, it is hoped that a general consensus will emerge as to the appropriate solution to such problems, leading eventually to the adoption of standards. The proposed mechanism has already been implemented with some success.

RFC 2829  "Authentication Methods for LDAP" M. Wahl, H. Alvestrand, J. Hodges, R. Morgan. May 2000 -
This document specifies particular combinations of security mechanisms which are required and recommended in LDAP implementations.

RFC 2830 "Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security",  J. Hodges, R. Morgan, M. Wahl, May 2000 -
This document defines the "Start Transport Layer Security (TLS) Operation" for LDAP. This operation provides for TLS establishment in an LDAP association and is defined in terms of an LDAP extended request.

See also LDAP version 3 Specifications at Innosoft and Current State of the LDAPv3 Protocol Standard

IETF LDAP related working groups and other information

LDAP Duplication/Replication/Update Protocols (ldup)

LDAP Extension (ldapext)

Published RFCs

IETF LDAP (v3) Revision BOF (LDAPbis)

Mailing list at OpenLDAP

Published RFCs


Other RFCs

L. Daigle, R. Hedberg "TISDAG - Technical Infrastructure for Swedish Directory Access Gateways", RFC 2967, October 2000. -
L. Daigle, T. Eklof "Mesh of Multiple DAG servers - Results from TISDAG" - RFC 2967, October 2000. -
T. Eklof, L. Daigle  "Wide Area Directory Deployment - Experiences from TISDAG " - RFC 2969, October 2000. -
L. Daigle, T. Eklof  "Architecture for Integrated Directory Services - Result from TISDAG" - RFC 2970, October 2000. -
M. Meredith "Storing Vendor Information in the LDAP root DSE" - RFC 3045, January 2001. -

Information pages about LDAP, Directories and related issues


Legal and Privacy issues

Herbert Burkert, Some preliminary Comments on the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Lex Electronica, 1998. -
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995 p. 0031-0050. -
Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of Personal data and the protection of privacy in the telecommunications sector, Official Journal L 024 , 30/01/1998 p. 0001 - 0008  -
 Charter of Fundamental Rights of the European Union, 2000/C 364/01, in: Official Journal of the European Communities, C 364/1, 18.12.2000 -
Commission Decision of  15 June 2001 on standars contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC, Official Journal of the European Communities L 181/19, 4.7.2001 -
Lloyd, Ian: An outline of the European Data Protection Directive, 1 The Journal of Information, Law and Technology (JILT), 31. January 1996. -
OECD Recommendation concerning and Guidelines governing the protection of privacy and transborder flows of personal data, O.E.C.D. Document C(80)58(Final), October 1, 1980 -
Office of the Federal Privacy Commissioner: Draft National Privacy Principle Guidelines, A consultation document, 7 May 2001, Australia -
Martin Presler-Marshal: The Platform for Privacy Preferences 1.0 Deployment Guide, W3C Note, 11 February 2002-
Privacy aspects of directory services. Directory Services and the changes in privacy legislation, [n.d. ca. 2001] -
United Nations: Guidelines Concerning Computerized Personal Data Files adopted by the General Asembly on 14 December 1990. -

Forums and Mailing lists Additional information

Information resources on PKI and related issues

TERENA Technical Contact: Yuri Demchenko <>.

| Home | Information | Conferences | Innovation | Technical | Library | News |

Copyright TERENA