LDAP Evaluation Criteria
Topic Last Modified: 2009-07-24
The LDAP is a directory service protocol that runs directly over the TCP/IP stack, and provides a mechanism for connecting to, searching, and modifying Internet directories. The LDAP directory service is based on a client-server model. The function of LDAP is to allow access to an existing directory. Microsoft Exchange 2000 Server messaging and collaboration application clients can use LDAP to access user and group information across a network or the Internet.
Caveats
Functional Criteria
| Criteria | Lightweight Directory Access Protocol (LDAP) |
|---|---|
Application Domain |
Applications that use LDAP typically retrieve or manage user- and computer-resource information stored in a directory service such as the Active Directory directory service. Because Exchange uses Active Directory to store user and configuration information, LDAP is used to communicate with the directory in applications that manage users and server configuration. |
Major Objects |
LDAP is a protocol, not an object model. Applications that use LDAP typically use ADSI to access information in a directory service. |
Data access model |
Not applicable. |
Threading Models |
Not applicable. |
Application Architectures |
LDAP and ADSI are commonly used in the middle tiers of applications. Exchange application clients that use LDAP and ADSI are typically intranet applications, or are applications that monitor and manage other Exchange servers. |
Remote Usage |
Firewalls and routers are usually configured to block LDAP access outside the corporate intranet. Applications that use LDAP and ADSI typically do not execute on the computer running Active Directory. |
Transactions |
Information about this is not yet available here. |
Management Capabilities |
Information about this is not yet available here. |
Availability |
Information about this is not yet available here. |
Development Criteria
| Criteria | Lightweight Directory Access Protocol (LDAP) |
|---|---|
Languages and Tools |
LDAP is a protocol; it is available through many different development tools and languages. |
Managed Implementation |
LDAP is a protocol, not a component. ADSI can be used to work with LDAP-compatible directory services that are using the System.DirectoryServices .NET Framework objects. |
Scriptable |
LDAP is a protocol; ADSI is scriptable. |
Test/Debug Tools |
No special debugging tools are needed to debug applications that use LDAP. For particularly difficult protocol-interaction issues, a network monitoring utility may prove helpful, but is typically not required. |
Expert Availability |
LDAP and ADSI is a reasonably well-known technology, with abundant Microsoft and third-party information available. |
Available Information |
Numerous third-party Web sites and books exist, and Microsoft provides LDAP, ADSI, and Active Directory information on the MSDN Web site. |
Developer / Deployment Licensing |
No special licensing is required to develop applications that use LDAP. |
Security Criteria
| Criteria | Lightweight Directory Access Protocol (LDAP) |
|---|---|
Design-Time Permissions |
The account under which the application-under-development runs must have proper permissions to access the intended information. This varies greatly based on the type of operations the application is performing. |
Setup Permissions |
No special permissions are required to set up applications that use ICS. |
Run-Time Permissions |
Applications that access directory service information should be deployed only on those systems and for users who have sufficient permissions to access the information needed by the application. |
Built-in Security Features |
Information about this is not yet available here. |
Security Monitoring Features |
Information about this is not yet available here. |
Deployment Criteria
| Criteria | Lightweight Directory Access Protocol (LDAP) |
|---|---|
Server Platform Requirements |
LDAP requires access to an appropriate directory service. Because Exchange uses Active Directory, a computer running Microsoft Windows is needed to access information about Exchange users and configuration. |
Client Platform Requirements |
LDAP is not a client technology. The design and implementation of the application client determines the client requirements. |
Deployment Methods |
Information about this is not yet available here. |
Deployment Notes |
None. |