The LDAP service

Lightweight Directory Access Protocol (LDAP) is a standard Internet protocol for searching and managing entries in a directory, where an entry has one or more attributes associated with a distinguished name. A distinguished name -- for example, cn=Phyllis Spera,ou=Sales,ou=East,o=Renovations -- is a name that identifies an entry within a directory tree.

A directory can contain many types of entries -- for example, entries for users, groups, devices, and application data. Commercial Internet clients such as Microsoft Internet Explorer and Notes® clients with LDAP accounts use LDAP to look up directory information, for example during mail addressing. You can also develop LDAP applications to search and manage directory contents. Read about the ldapsearch utility provided with Domino® and Notes® to learn about LDAP search syntax.

Running the LDAP task on a server enables the LDAP service to process LDAP client requests.

LDAP service features

The LDAP service supports these features:

  • Support for LDAP v3 and v2 clients
  • Anonymous access, name-and-password authentication, secure sockets layer (SSL) connections and X.509 certificate authentication, Simple Authentication and Security Layer (SASL) protocol.
  • LDAP operations extended beyond the primary Domino® Directory to secondary Domino® Directories and to directory catalogs
  • LDAP referrals to remote LDAP directories
  • Support for LDAP search, add, modify, modifyDN, compare, and delete operations
  • Two methods for schema extension, and support for schema publishing and schema checking
  • LDAP language tags to support LDAP searches in alternate languages
  • Use of a third-party, LDAP-compliant server to authenticate users that have passwords or X.509 certificates stored in the Domino® Directory on a Domino® server running the LDAP service. For information on setting up a third-party server to use the Domino® Directory for client authentication, see the documentation for the server.
  • LDAP searches of document text in databases configured in a Domain Catalog

In addition to the LDAP service, Domino® and Notes® offer these LDAP features:

  • Notes® client support for LDAP. For more information, see IBM® Notes® 9.0.1 Social Edition Help.
  • Command-line utility, ldapsearch, for searching LDAP directories
  • Migration tools that use LDAP to import entries from another LDAP directory and register the entries in Domino®
  • LDAP C API Toolkit