TF-LSD Information resources on LDAP and related issues

• LDAP/Directory based projects and services in Europe
• Other projects related to LDAP/PKI deployment
• Information resources on LDAP and related issues - RFCs, I-Ds, mailing lists, etc.
• Tools and Software for LDAP/Directory based Internet applications

LDAPv3 Core Specifications

RFC 2251 "Lightweight Directory Access Protocol (v3)", Wahl, M., Howes, T., and S. Kille,, December 1997 - http://www.ietf.org/rfc/rfc2251.txt
The protocol described in this document is designed to provide access to directories supporting the X.500 models, while not incurring the resource requirements of the X.500 Directory Access Protocol (DAP). This protocol is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. When used with a directory supporting the X.500 protocols, it is intended to be a complement to the X.500 DAP.

RFC 2252 "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions",Wahl, M., Coulbeck, A., Howes, T., and S. Kille, December 1997 - http://www.ietf.org/rfc/rfc2252.txt
The Lightweight Directory Access Protocol (LDAP) requires that the contents of AttributeValue fields in protocol elements be octet strings. This document defines a set of syntaxes for LDAPv3, and the rules by which attribute values of these syntaxes are represented as octet strings for transmission in the LDAP protocol. The syntaxes defined in this document are referenced by this and other documents that define attribute types. This document also defines the set of attribute types which LDAP servers should support.

RFC 2253  "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", Wahl, M., Howes, T., and S. Kille, December 1997  - http://www.ietf.org/rfc/rfc2253.txt
The X.500 Directory uses distinguished names as the primary keys to entries in the directory. Distinguished Names are encoded in ASN.1 in the X.500 Directory protocols. In the Lightweight Directory Access Protocol, a string representation of distinguished names is transferred. This specification defines the string format for representing names, which is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.

RFC 2254 "The String Representation of LDAP Search Filters", Howes, T., December 1997 - http://www.ietf.org/rfc/rfc2254.txt
The Lightweight Directory Access Protocol (LDAP) defines a network representation of a search filter transmitted to an LDAP server. Some applications may find it useful to have a common way of representing these search filters in a human-readable form. This document defines a human-readable string format for representing LDAP search filters.
This document replaces RFC 1960, extending the string LDAP filter definition to include support for LDAP version 3 extended match filters.
 

RFC 2255 "The LDAP URL Format", Howes T., Smith M., December 1997 - http://www.ietf.org/rfc/rfc2255.txt

LDAP is the Lightweight Directory Access Protocol, defined in RFC2251, RFC2252 and RFC2253. This document describes a format for an LDAP Uniform Resource Locator. The format describes an LDAP search operation to perform to retrieve information from an LDAP directory. This document replaces RFC 1959. It updates the LDAP URL format for version 3 of LDAP. This docu- ment also defines a second URL scheme prefix for LDAP running over the TLS protocol defined in.

RFC 2256 "A Summary of the X.500(96) User Schema for use with LDAPv3", Wahl, M., December 1997 - http://www.ietf.org/rfc/rfc2256.txt
This document provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients. This is the most widely used schema for LDAP/X.500 directories, and many other schema definitions for white pages objects use it as a basis. This document does not cover attributes used for the administration of X.500 directory servers, nor does it include attributes defined by other ISO/ITU-T documents.

RFC 2829  "Authentication Methods for LDAP" M. Wahl, H. Alvestrand, J. Hodges, R. Morgan. May 2000 - http://www.ietf.org/rfc/rfc2829.txt
This document specifies particular combinations of security mechanisms which are required and recommended in LDAP implementations.

RFC 2830 "Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security",  J. Hodges, R. Morgan, M. Wahl, May 2000 -  http://www.ietf.org/rfc/rfc2830.txt
This document defines the "Start Transport Layer Security (TLS) Operation" for LDAP. This operation provides for TLS establishment in an LDAP association and is defined in terms of an LDAP extended request.

See also LDAP version 3 Specifications at Innosoft and Current State of the LDAPv3 Protocol Standard

LDAP Duplication/Replication/Update Protocols (ldup)
 http://www.ietf.org/html.charters/ldup-charter.html
 

LDAP Extension (ldapext)
 http://www.ietf.org/html.charters/ldapext-charter.html

Published RFCs

• Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services (RFC 2589) (26855 bytes)
• Use of Language Codes in LDAP (RFC 2596) (17413 bytes)
• An LDAP Control and Schema for Holding Operation Signatures (RFC 2649) (20470 bytes)
• LDAP Control Extension for Simple Paged Results Manipulation (RFC 2696) (12809 bytes)
• Access Control Requirements for LDAP (RFC 2820) (18172 bytes)
• Authentication Methods for LDAP (RFC 2829) (33471 bytes)
• Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security (RFC 2830) (24469 bytes)
• LDAP Control Extension for Server Side Sorting of Search Results (RFC 2891) (15833 bytes)

Mailing list at OpenLDAP

Published RFCs

• Lightweight Directory Access Protocol (v3):Technical Specification (RFC 3377) (9981 bytes)

This document specifies the set of RFCs comprising LDAPv3, and documents the addressing of the 'IESG Note' attached to RFCs 2251 through 2256.
• Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP) (RFC 3383) (45893 bytes)

• LDAP:String Representation of Distinguished Names (27423 bytes)

The X.500 Directory uses distinguished names (DNs) as primary keys to entries in the directory.  This document defines the string representation used in the Lightweight Directory Access Protocol (LDAP) to transfer distinguished names.  The string representation is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.
• LDAP: The Protocol (138185 bytes)

This document describes the protocol elements, along with their semantics and encodings, for the Lightweight Directory Access Protocol (LDAP). LDAP provides access to distributed directory services that act in accordance with X.500 data and service models. These protocol elements are based on those described in the X.500 Directory Access Protocol (DAP).
• LDAP: String Representation of Search Filters (20968 bytes)

LDAP search filters are transmitted in the LDAP protocol using a binary representation that is appropriate for use on the network. This document defines a human-readable string representation of LDAP search filters that is appropriate for use in LDAP URLs and in other applications.
• LDAP: Uniform Resource Locator (26117 bytes)

This document describes a format for an LDAP Uniform Resource Locator (URL).  An LDAP URL describes an LDAP search operation that is used to retrieve information from an LDAP directory, or, in the context of an LDAPv3 referral or reference, an LDAP URL describes a service where an LDAP operation may be progressed.
• LDAP: Directory Information Models (94951 bytes)

The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services which act in accordance with X.500 data and service models.  This document describes the X.500 Directory Information Models, as used in LDAP.

Other RFCs

L. Daigle, R. Hedberg "TISDAG - Technical Infrastructure for Swedish Directory Access Gateways", RFC 2967, October 2000. -  http://www.ietf.org/rfc/rfc2967.txt
L. Daigle, T. Eklof "Mesh of Multiple DAG servers - Results from TISDAG" - RFC 2967, October 2000. -  http://www.ietf.org/rfc/rfc2968.txt
T. Eklof, L. Daigle  "Wide Area Directory Deployment - Experiences from TISDAG " - RFC 2969, October 2000. -  http://www.ietf.org/rfc/rfc2969.txt
L. Daigle, T. Eklof  "Architecture for Integrated Directory Services - Result from TISDAG" - RFC 2970, October 2000. -  http://www.ietf.org/rfc/rfc2970.txt
M. Meredith "Storing Vendor Information in the LDAP root DSE" - RFC 3045, January 2001. - http://www.ietf.org/rfc/rfc3045.txt
 

• LDAP Roadmap & FAQ - by Jeff Hodges

A tutorial aid to navigating various LDAP and X.500 resources on the Internet
• The Basics: An Introduction to LDAP and X.500
• Behind the Basics: The LDAP Protocol itself, plus Schema, Attributes, and Directory Organization
• Beyond the Basics: Directory Services for the Internet at Large

 
• LDAP Central - Directory Services & LDAP information site by Oblix
• Understanding X.500 - The Directory by D.W.Chadwick - Online version
• A Recipe for Configuring and Operating LDAP Directories by Michael R Gettes (Internet2 Middleware Project)
• Directory related RFCs list  at DANTE - http://www.dante.net/np/ds/rfc.html
• Introduction to LDAP under Linux - by Atif Ghaffar
• Linux Directory Services

Project to integrate LDAP and SSL to provide a secure next-generation network directory services archetecture to replace the aging Network Information Service (NIS).
• http://www.redbooks.ibm.com/abstracts/sg245110.html

LDAP Implementation Cookbook, from IBM
• DSML (Directory Services Markup Language)
• DSML v2 Specification published by OASIS
• http://www.directoryservice.com/

Resource site to support book "Implementing Directory Services" by Archie Reed
• Directory Services Resource Center - InternetWeek Online
• Pilot Project: VeriSign's Referral LDAP Service
• LDAP Linux HOWTO
• Storing DNS data in LDAP
• LDAP sdb back-end for BIND 9.1.x/9.2.x
• The Burton Group - Directory and Security Strategies Content
• Directory Name Space And Best Practices Workshop
• Policy-Based Networking: A White Paper

• Innosoft's LDAP World by Mark Wahl - Updated December 1998
• Lightweight Directory Access Protocol - University of Michigan

Contents: Overview, LDAP Client Software, LDAP Gateway Software, LDAP Server Software, Resources for Developers, and Mailing Lists
• The X.500 Online Directory FAQ - February 1996

Herbert Burkert, Some preliminary Comments on the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Lex Electronica, 1998. - http://www.lex-electronica.org/articles/v2-3/burkerfr.html
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995 p. 0031-0050. - http://www2.echo.lu/legal/en/dataprot.html
Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of Personal data and the protection of privacy in the telecommunications sector, Official Journal L 024 , 30/01/1998 p. 0001 - 0008  - http://europa.eu.int/eur-lex/en/lif/dat/1997/en_397L0066.html
 Charter of Fundamental Rights of the European Union, 2000/C 364/01, in: Official Journal of the European Communities, C 364/1, 18.12.2000 - http://europa.eu.int/comm/external_relations/human_rights/doc/charter_364_01en.pdf
Commission Decision of  15 June 2001 on standars contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC, Official Journal of the European Communities L 181/19, 4.7.2001 - http://europa.eu.int/comm/internal_market/en/dataprot/news/1539en.pdf
Lloyd, Ian: An outline of the European Data Protection Directive, 1 The Journal of Information, Law and Technology (JILT), 31. January 1996. - http://elj.warwick.ac.uk/elj/jilt/dp/intros/
OECD Recommendation concerning and Guidelines governing the protection of privacy and transborder flows of personal data, O.E.C.D. Document C(80)58(Final), October 1, 1980 - http://europa.eu.int/comm/internal_market/en/dataprot/inter/priv.htm
Office of the Federal Privacy Commissioner: Draft National Privacy Principle Guidelines, A consultation document, 7 May 2001, Australia - http://www.privacy.gov.au/publications/dnppg.html
Martin Presler-Marshal: The Platform for Privacy Preferences 1.0 Deployment Guide, W3C Note, 11 February 2002- http://www.w3.org/TR/p3pdeployment
Privacy aspects of directory services. Directory Services and the changes in privacy legislation, [n.d. ca. 2001] - http://www.surfnet.nl/en/publications/privacybrochure/Privacybrochure-en.pdf
United Nations: Guidelines Concerning Computerized Personal Data Files adopted by the General Asembly on 14 December 1990. - http://europa.eu.int/comm/internal_market/en/dataprot/inter/un.htm
 

• OpenLDAP.org mailing lists
• Directory Interoperability Forum

The Directory Interoperability Forum was created in its present form in July 2000, when the organization of that name joined forces with The Open Group's Directory Program to accelerate the interoperability of open directory-enabled applications. The new Forum retained the name "Directory Interoperability Forum" and is part of The Open Group.
Mailing list - directory@opengroup.org
• Directory Enabled Networks Ad Hoc Working Group

Information resources on PKI and related issues

| Home | Information | Conferences | Innovation | Technical | Library | News |