LDAP Security Feature

LDAP is a directory-access protocol that derived from X.500. it work with a tree structure where each object or node in the tree contains a set of attribute-value data, each object belongs to one or more object classes which define the mandatory and optional attributes. The original application of X.500 and LDAP was to provide a ‘white page’ directory service where most of the objects in the tree represented people and that the tree had a geographic or organisational structure. 

 

Features of LDAP are that it is a protocol and has been interpreted in a number of different implementations. In each, proprietary security features have been added, the definition of LDAP version 3 specifies Transport Layer Security (TLS) as the security method used for LDAP. It also contains a function to call TLS mechanisms, LDAPs is a non-official version of the protocol. LDAP also uses TLS as its security mechanism, with LDAP, security procedures are built in. 

Some of the features include the following:

- RootDSE – LDAP version 3 as the server maintains a supported LDAP version attribute in the root DSE that identifies LDAP versions that it implements.

- RootDSE – Alt Server as server maintains an altServer attribute in the root DSE that identifies alternative servers that are used when it is unavailable.

- RootDSE – Extensions means that the server maintains a supportedExtension attribute in the root DSE that identifies its supported extended operations.  

 Reference: 

http://www.ehow.com/facts_7395800_ldap-security-protocol.html

http://pubs.opengroup.org/onlinepubs/009096899/chap04.htm