This topic has not yet been rated - Rate this topic

Lightweight Directory Access Protocol (LDAP) evaluation criteria

Exchange

Published: July 16, 2012

Find evaluation criteria information for the Lightweight Directory Access Protocol (LDAP).

Applies to:  Exchange Server 2003 | Exchange Server 2007 

In this article
Functional criteria for LDAP
Development criteria for LDAP
Security criteria for LDAP
Deployment criteria for LDAP
Additional resources

The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs directly over the TCP/IP stack and provides a mechanism for connecting to, searching, and modifying Internet directories. The LDAP directory service is based on a client-server model. LDAP enables access to an existing directory. Exchange Server 2003 messaging and collaboration application clients can use LDAP to access user and group information across a network or the Internet.

The following table lists and describes the functional criteria for LDAP. For descriptions of the functional criteria, see Functional criteria in the Exchange development technology evaluation criteria descriptions article.

Table 1:  LDAP functional criteria

Criterion

Description

Application function

Applications that use LDAP typically retrieve or manage user- and computer-resource information stored in a directory service such as the Active Directory directory service or Active Directory Domain Services (AD DS). Because Exchange uses Active Directory or AD DS to store user and configuration information, applications that manage users and server configuration use LDAP to communicate with the directory.

Availability

The Windows 2000 Server, Windows Server 2003, and Windows Server 2008 operating systems support client applications that use LDAP. LDAP is available in versions of Exchange starting with Exchange 2003.

Application architectures

LDAP is commonly used in application middle tiers. Exchange application clients that use LDAP are typically intranet applications or applications that monitor and manage other Exchange servers.

Remote usage

Firewalls and routers are usually configured to block LDAP access outside the corporate intranet. Applications that use LDAP typically do not execute on the computer running Active Directory or AD DS.

Major objects

LDAP is a protocol, not an object model. Applications that use LDAP typically use Active Directory Services Interface (ADSI) to access information in a directory service.

Data access model

The LDAP data model (data and namespace) is similar to that of the X.500 OSI directory service, but with fewer resource requirements.

Threading models

Not applicable.

Transactions

None.

Management capabilities

LDAP does not generate Windows Event Log entries.

The following table lists and describes the development criteria for LDAP. For descriptions of the development criteria, see Development criteria in the Exchange development technology evaluation criteria descriptions article.

Table 2:  LDAP development criteria

Criterion

Description

Languages and tools

LDAP supports the C and C++ programming languages.

Managed implementation

LDAP is a protocol, not a component. You can use ADSI to work with LDAP-compatible directory services that use the System.DirectoryServices .NET Framework objects.

Scriptable

LDAP is a protocol and therefore is not scriptable. The ADSI component that you can use to access directory service data is scriptable.

Test/debug tools

You do not need any specific debugging tools to debug applications that use LDAP. For particularly difficult protocol interaction issues, a network monitoring utility might be helpful but is not required.

Expert availability

It is easy to find developers who have experience with LDAP.

Available information

Numerous third-party websites and books about LDAP are available. For more information about LDAP, see Lightweight Directory Access Protocol.

Developer/deployment licensing

You do not need any licenses to develop applications that use LDAP.

The following table lists and describes the security criteria for LDAP. For descriptions of the security criteria, see Security criteria in the Exchange development technology evaluation criteria descriptions article.

Table 3:  LDAP security criteria

Criterion

Description

Design-time permissions

The account under which your application runs must have permissions to access the information it needs. This varies based on the types of operations the application performs.

Setup permissions

No specific permissions are required to set up applications that use LDAP.

Run-time permissions

You should only deploy applications that access directory service information on those systems and for those users who have sufficient permissions to access the information the application needs.

Built-in security features

None.

Security monitoring features

None.

The following table lists and describes the deployment criteria for LDAP. For descriptions of the deployment criteria, see Deployment criteria in the Exchange development technology evaluation criteria descriptions article.

Table 4:  LDAP deployment criteria

Criterion

Description

Server platform requirements

LDAP requires access to an appropriate directory service. Because Exchange uses Active Directory or AD DS, LDAP needs a computer that is running Windows Server to access information about Exchange configuration and users.

Client platform requirements

LDAP is not a client technology. Client requirements are based on the design and implementation of the application.

Deployment methods

None.

Deployment notes

None.

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.