Lightweight Directory Access Protocol (LDAP)

Lightweight directory access protocol (LDAP) is a mechanism used by email clients and Web browsers to present directory information about users and resources such as printers and shared documents available on a computer network. It can be used on the public Internet or on a corporate Intranet.

LDAP is very useful for large organizations and schools because, with a large number of users and printers, it can be hard for a user to know the email address of every other user or to find a nearby printer.

When a user uses an email client like Mozilla Thunderbird  or MS Outlook  with the LDAP directory configured, there is no need to remember email addresses. Typing in the first few letters of the user's first or last name causes the software to automatically provide a list of all possible users whose email addresses might match. The user then simply chooses the correct email address from a drop-down list.

LDAP directories can also help to maintain boundaries between organizations. Thus, someone from the Human Resources division who wants to send an email to all his colleagues, but not to users in Engineering, can use the facilities provided by LDAP and the email client.

LDAP can also be used to locate resources like printers, scanners, and fax machines easily, provided that the software being used supports LDAP. In MS Word, while adding a printer, the user simply has to type in the floor or building number, and the software contacts the LDAP server and lists all printers that fit the user's search criteria.

The LDAP protocol was designed to be inherently secure. LDAP uses transport layer security, the successor to secure socket layer (SSL) to guarantee secure connections. This means that people outside an organization cannot obtain the email addresses of the users within the organization, and this helps to control spam.

LDAP is called lightweight because it does not consume too many computer processors or network bandwidth resources. The main reason for LDAP's popularity is that the clients that use LDAP for finding users and resources do not have to wait for a response sending a request, but can keep sending them. The LDAP server then replies back in any order, and the client can identify the response based on IDs. This frees up the client to do other processing. Any changes to the directory structure or contents like adding new employees or new printers can be easily made without affecting the clients.