Differences between LDAP 2 and LDAP 3

  • Article

LDAP 3 defines a number of improvements that allow a more efficient implementation of the Internet directory user agent access model. These changes include:

  • Use of UTF-8 for all text string attributes to support extended character sets.
  • Operational attributes that the directory maintains for its own use; for example, to log the date and time when another attribute has been modified.
  • Referrals allow a server to direct a client to another server that may have the data that the client requested.
  • Schema publishing with the directory, allowing a client to discover the object classes and attributes that a server supports.
  • Extended searching operations to allow paging and sorting of results, and client-defined searching and sorting controls.
  • Stronger security through an SASL-based authentication mechanism.
  • Extended operations, providing additional features without changing the protocol version.

LDAP 3 is compatible with LDAP 2. An LDAP 2 client can connect to an LDAP 3 server (this is a requirement of an LDAP 3 server). However, an LDAP 3 server can choose not to talk to an LDAP 2 client if LDAP 3 features are critical to its application.