• LDAP/Directory based projects and services in Europe
• Other projects related to LDAP/PKI deployment
• Information resources on LDAP and related issues - RFCs, I-Ds, mailing lists, etc.
• Tools and Software for LDAP/Directory based Internet applications

LDAPv3 Core Specifications

RFC 2251 "Lightweight Directory Access Protocol (v3)", Wahl, M., Howes, T., and S. Kille,, December 1997 - http://www.ietf.org/rfc/rfc2251.txt
The protocol described in this document is designed to provide access to directories supporting the X.500 models, while not incurring the resource requirements of the X.500 Directory Access Protocol (DAP). This protocol is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. When used with a directory supporting the X.500 protocols, it is intended to be a complement to the X.500 DAP.

RFC 2252 "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions",Wahl, M., Coulbeck, A., Howes, T., and S. Kille, December 1997 - http://www.ietf.org/rfc/rfc2252.txt
The Lightweight Directory Access Protocol (LDAP) requires that the contents of AttributeValue fields in protocol elements be octet strings. This document defines a set of syntaxes for LDAPv3, and the rules by which attribute values of these syntaxes are represented as octet strings for transmission in the LDAP protocol. The syntaxes defined in this document are referenced by this and other documents that define attribute types. This document also defines the set of attribute types which LDAP servers should support.

RFC 2253  "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", Wahl, M., Howes, T., and S. Kille, December 1997  - http://www.ietf.org/rfc/rfc2253.txt
The X.500 Directory uses distinguished names as the primary keys to entries in the directory. Distinguished Names are encoded in ASN.1 in the X.500 Directory protocols. In the Lightweight Directory Access Protocol, a string representation of distinguished names is transferred. This specification defines the string format for representing names, which is designed to give a clean representation of commonly used distinguished names, while being able to represent any distinguished name.

RFC 2254 "The String Representation of LDAP Search Filters", Howes, T., December 1997 - http://www.ietf.org/rfc/rfc2254.txt
The Lightweight Directory Access Protocol (LDAP) defines a network representation of a search filter transmitted to an LDAP server. Some applications may find it useful to have a common way of representing these search filters in a human-readable form. This document defines a human-readable string format for representing LDAP search filters.
This document replaces RFC 1960, extending the string LDAP filter definition to include support for LDAP version 3 extended match filters.
 

RFC 2255 "The LDAP URL Format", Howes T., Smith M., December 1997 - http://www.ietf.org/rfc/rfc2255.txt

LDAP is the Lightweight Directory Access Protocol, defined in RFC2251, RFC2252 and RFC2253. This document describes a format for an LDAP Uniform Resource Locator. The format describes an LDAP search operation to perform to retrieve information from an LDAP directory. This document replaces RFC 1959. It updates the LDAP URL format for version 3 of LDAP. This docu- ment also defines a second URL scheme prefix for LDAP running over the TLS protocol defined in.

RFC 2256 "A Summary of the X.500(96) User Schema for use with LDAPv3", Wahl, M., December 1997 - http://www.ietf.org/rfc/rfc2256.txt
This document provides an overview of the attribute types and object classes defined by the ISO and ITU-T committees in the X.500 documents, in particular those intended for use by directory clients. This is the most widely used schema for LDAP/X.500 directories, and many other schema definitions for white pages objects use it as a basis. This document does not cover attributes used for the administration of X.500 directory servers, nor does it include attributes defined by other ISO/ITU-T documents.

RFC 2829  "Authentication Methods for LDAP" M. Wahl, H. Alvestrand, J. Hodges, R. Morgan. May 2000 - http://www.ietf.org/rfc/rfc2829.txt
This document specifies particular combinations of security mechanisms which are required and recommended in LDAP implementations.

RFC 2830 "Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security",  J. Hodges, R. Morgan, M. Wahl, May 2000 -  http://www.ietf.org/rfc/rfc2830.txt
This document defines the "Start Transport Layer Security (TLS) Operation" for LDAP. This operation provides for TLS establishment in an LDAP association and is defined in terms of an LDAP extended request.

See also LDAP version 3 Specifications at Innosoft and Current State of the LDAPv3 Protocol Standard

LDAP Duplication/Replication/Update Protocols (ldup)
 http://www.ietf.org/html.charters/ldup-charter.html

Current Internet-Drafts

• LDUP Update Reconciliation Procedures
• LDAPv3 Replication Requirements
• LDAP Replication Architecture
• LDUP Replication Information Model
• LDAP Subentry Schema
• The LDUP Replication Update Protocol
• Extended Operations for Framing LDAP Operations

LDAP Extension (ldapext)
 http://www.ietf.org/html.charters/ldapext-charter.html

Current Internet-Drafts

• The Java LDAP Application Program Interface
• LDAP Extensions for Scrolling View Browsing of Search Results
• Persistent Search: A Simple LDAP Change Notification Mechanism
• Access Control Model for LDAP
• X.509 Authentication SASL Mechanism
• LDAP Control for a Duplicate Entry Representation of Search Results
• Returning Matched Values with LDAPv3
• A Taxonomoy of Methods for LDAP Clients Finding Servers
• Discovering LDAP Services with DNS
• Connection-less Lightweight Directory Access Protocol
• Referrals in LDAP Directories
• General Usage Profile for LDAPv3 Replication

IETF LDAP (v3) Revision BOF (LDAPbis)

• Mailing list: ietf-ldapbis@openldap.org

Subscription: ietf-ldapbis-request@openldap.org
• Minutes of LDAPbis BoF @IETF48

• Lightweight Directory Access Protocol (v3): Technical Specification by J. Hodges, R. Morgan -  http://www.ietf.org/internet-drafts/draft-hodges-ldapbis-ldapv3-ts-00.txt

This document specifies the set of RFCs comprising LDAPv3, and documents the addressing of the 'IESG Note' attached to RFCs 2251 through 2256.
• Lightweight Directory Access Protocol (v3) by J. Sermersheim - http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-protocol-01.txt

The protocol described in this document is designed to provide access to directories supporting the [X.500] models, while not incurring the
resource requirements of the X.500 Directory Access Protocol (DAP). This protocol is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. When used with a directory supporting the X.500 protocols, it is intended to be a complement to the X.500 DAP.
• Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names by K. Zeilenga - http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-dn-01.txt

The X.500 Directory uses distinguished names as the primary keys to entries in the directory.  Distinguished Names are encoded in ASN.1 in
the X.500 Directory protocols.  In the Lightweight Directory Access Protocol, a string representation of distinguished names is
transferred.  This specification defines the string format for representing names, which is designed to give a clean representation
of commonly used distinguished names, while being able to represent any distinguished name.
• LDAPv3: All Operational Attributes by K. Zeilenga - http://www.ietf.org/internet-drafts/draft-zeilenga-ldapv3bis-opattrs-04.txt

X.500 provides a mechanism for clients to request all operational attributes be returned with entries provided in response to a search operation.   This mechanism is often used by clients to discover which operatinal attributes are present in an entry.  LDAP does not provide a similar mechanism to clients.
• The LDAP URL Format by M. Smith, T. Howes - http://www.ietf.org/internet-drafts/draft-ietf-ldapbis-url-00.txt

LDAP is the Lightweight Directory Access Protocol, defined in [RFC2251], [RFC2253], and [RFC2252].  This document describes a format for an LDAP Uniform Resource Locator.

Common Name Resolution Protocol WG
LDAP Schema Update Procedures
A Structural Object Class for Arbitrary Auxiliary
Named Subordinate References in LDAP Directories
A Configuration Schema for LDAP Based Directory User
 

eXtensible Directory Access Protocol
eXtensible Directory Access Protocol - http://www.ietf.org/internet-drafts/draft-newton-xdap-00.txt
This document describes an application layer client-server protocol for a framework of representing the query and result operations of directory services.  Specified in XML, the protocol defines generic directory query and result operations and a mechanism for extending these operations for specific directory service needs.
XDAP Domain Directory Schema - http://www.ietf.org/internet-drafts/draft-newton-xdap-domdir-00.txt
This document describes an XDAP directory namespace and schema for registered DNS information.  The schema extends the necessary query and result operations of XDAP to provide a functional equivalent of the whois command syntaxes and results often used by domain registries and registrars.
XDAP IP Directory Schema - http://www.ietf.org/internet-drafts/draft-newton-xdap-ipdir-00.txt
This document describes an XDAP directory namespace and schema for registered Internet address information.  The schema extends the necessary query and result operations of XDAP to provide a functional equivalent of the whois command syntaxes and results often used by IP registries.
 

RFCs

L. Daigle, R. Hedberg "TISDAG - Technical Infrastructure for Swedish Directory Access Gateways", RFC 2967, October 2000. -  http://www.ietf.org/rfc/rfc2967.txt
L. Daigle, T. Eklof "Mesh of Multiple DAG servers - Results from TISDAG" - RFC 2967, October 2000. -  http://www.ietf.org/rfc/rfc2968.txt
T. Eklof, L. Daigle  "Wide Area Directory Deployment - Experiences from TISDAG " - RFC 2969, October 2000. -  http://www.ietf.org/rfc/rfc2969.txt
L. Daigle, T. Eklof  "Architecture for Integrated Directory Services - Result from TISDAG" - RFC 2970, October 2000. -  http://www.ietf.org/rfc/rfc2970.txt
M. Meredith "Storing Vendor Information in the LDAP root DSE" - RFC 3045, January 2001. - http://www.ietf.org/rfc/rfc3045.txt

ACP 133 Common Content and LDAP
Extended Partial Response Protocol Enhancement to LDAP v3

Internet-Drafts

ACP 133 Common Content and LDAP
Policy Inheritance Mechanisms for LDAP
Extended Partial Response Protocol Enhancement to LDAP v3
 

• LDAP Roadmap & FAQ - by Jeff Hodges

A tutorial aid to navigating various LDAP and X.500 resources on the Internet
• The Basics: An Introduction to LDAP and X.500
• Behind the Basics: The LDAP Protocol itself, plus Schema, Attributes, and Directory Organization
• Beyond the Basics: Directory Services for the Internet at Large
• Current State of the LDAPv3 Protocol Standard

 
• LDAP Central - Directory Services & LDAP information site by Oblix
• Understanding X.500 - The Directory by D.W.Chadwick - Online version
• A Recipe for Configuring and Operating LDAP Directories by Michael R Gettes (Internet2 Middleware Project)
• Directory related RFCs list  at DANTE - http://www.dante.net/np/ds/rfc.html
• Introduction to LDAP under Linux - by Atif Ghaffar
• Linux Directory Services

Project to integrate LDAP and SSL to provide a secure next-generation network directory services archetecture to replace the aging Network Information Service (NIS).
• http://www.redbooks.ibm.com/abstracts/sg245110.html

LDAP Implementation Cookbook, from IBM
• DSML.org is a home of DSML (Directory Services Markup Language)
• DSML 1.0 Specification submitted by Bowstreet, IBM, Microsoft, Novell, Oracle and Sun-Netscape to industry standards bodies
• http://www.directoryservice.com/

Resource site to support book "Implementing Directory Services" by Archie Reed
• Directory Services Resource Center - InternetWeek Online
• Clayton Donley - Directory and Internet Technology Consultant
• LDAP resources (LDAP servers, X.500 Directory Servers w/ LDAP support, LDAP clients, LDAP Integration, LDAP Development Tools)
• Securing IT Resources with Digital Certificates - March 31, 1998

Overview of digital certificates and use of LDAP for PKI.
• The Burton Group - Network Strategy Services
• Directory Name Space And Best Practices Workshop
• Policy-Based Networking: A White Paper
• NSI/VeriSign's Referral LDAP Service
• LDAP Linux HOWTO
• Deploying LDAP
• Lightweight Trigger Access Process Gateway to LDAP

Standards Compliant Layering of Triggers on top of the LDAP Directory Protocol. LTAP adds active facilities in a portable manner to LDAP servers. Active facilities are necessary for LDAP servers to monitor accesses to directories and then take appropriate actions. Such functionality is crucial for making Directory Enabled Networks (DENs) real.
• Storing DNS data in LDAP
• LDAP sdb back-end for BIND 9.1.x

• Innosoft's LDAP World by Mark Wahl - Updated December 1998
• A System Administrator's View of LDAP - By Bruce Markey

The benefits of LDAP (Lightweight Directory Access Protocol) to developers and end users have been widely touted, but in fact it's system administrators who may reap the greatest benefits from LDAP deployment.
• Lightweight Directory Access Protocol - University of Michigan

Contents: Overview, LDAP Client Software, LDAP Gateway Software, LDAP Server Software, Resources for Developers, and Mailing Lists
• The X.500 Online Directory FAQ - February 1996

• European Privacy Law
• Links to national information about personal information and privacy

• OpenLDAP.org mailing lists
• Directory Interoperability Forum

The Directory Interoperability Forum was created in its present form in July 2000, when the organization of that name joined forces with The Open Group's Directory Program to accelerate the interoperability of open directory-enabled applications. The new Forum retained the name "Directory Interoperability Forum" and is part of The Open Group.
Mailing list - directory@opengroup.org
• Directory Services Forum - Forum for the discussion of topics relating to directory services, including DNS, NIS and LDAP.
• Directory Enabled Networks Ad Hoc Working Group
• ldap@umich.edu list: http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap&text_mode=0

Information resources on PKI and related issues