A directory is a set of objects with attributes organized logically in a hierarchical manner. A simple example is the telephone directory, which consists of a list of names (of either persons or organizations) organized alphabetically, with each name having an address and phone number associated with it.
A directory information tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries).
A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default onTCP port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order.
The client may request the following operations:
§ Start TLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
§ Bind — authenticate and specify LDAP protocol version
§ Search — search for and/or retrieve directory entries
§ Compare — test if a named entry contains a given attribute value
§ Add a new entry
§ Delete an entry
§ Modify an entry
§ Modify Distinguished Name (DN) — move or rename an entry
§ Abandon — abort a previous request
§ Extended Operation — generic operation used to define other operations
§ Unbind — close the connection (not the inverse of Bind)
In addition the server may send "Unsolicited Notifications" that are not responses to any request, e.g. before it times out a connection.
A common alternate method of securing LDAP communication is using an SSL tunnel. This is denoted in LDAP URLs by using the URL scheme "ldaps". The default port for LDAP over SSL is 636. The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification. This usage has been deprecated along with LDAPv2, which was officially retired in 2003.