X.500 Lightweight Directory Access Protocol
RFC 1487

Document Type RFC - Historic (July 1993; No errata)
Obsoleted by RFC 1777, RFC 3494
Authors Tim Howes  , Steve Kille  , Wengyik Yeong 
Last updated 2013-03-02
Stream Internent Engineering Task Force (IETF)
Formats plain text html pdf htmlized (tools) htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1487 (Historic)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           W. Yeong
Request for Comments: 1487             Performance Systems International
                                                                T. Howes
                                                  University of Michigan
                                                                S. Kille
                                                        ISODE Consortium
                                                               July 1993

              X.500 Lightweight Directory Access Protocol

Status of this Memo

   This RFC specifies an IAB standards track protocol for the Internet
   community, and requests discussion and suggestions for improvements.
   Please refer to the current edition of the "IAB Official Protocol
   Standards" for the standardization state and status of this protocol.
   Distribution of this memo is unlimited.


   The protocol described in this document is designed to provide access
   to the Directory while not incurring the resource requirements of the
   Directory Access Protocol (DAP). This protocol is specifically
   targeted at simple management applications and browser applications
   that provide simple read/write interactive access to the Directory,
   and is intended to be a complement to the DAP itself.

   Key aspects of LDAP are:

   - Protocol elements are carried directly over TCP or other transport,
     bypassing much of the session/presentation overhead.

   - Many protocol data elements are encoding as ordinary strings (e.g.,
     Distinguished Names).

   - A lightweight BER encoding is used to encode all protocol elements.

1.  History

   The tremendous interest in X.500 [1,2] technology in the Internet has
   lead to efforts to reduce the high "cost of entry" associated with
   use of the technology, such as the Directory Assistance Service [3]
   and DIXIE [4]. While efforts such as these have met with success,
   they have been solutions based on particular implementations and as
   such have limited applicability.  This document continues the efforts
   to define Directory protocol alternatives but departs from previous
   efforts in that it consciously avoids dependence on particular

Yeong, Howes & Kille                                            [Page 1]
RFC 1487                       X.500 LDAP                      July 1993


2.  Protocol Model

   The general model adopted by this protocol is one of clients
   performing protocol operations against servers. In this model, this
   is accomplished by a client transmitting a protocol request
   describing the operation to be performed to a server, which is then
   responsible for performing the necessary operations on the Directory.
   Upon completion of the necessary operations, the server returns a
   response containing any results or errors to the requesting client.
   In keeping with the goal of easing the costs associated with use of
   the Directory, it is an objective of this protocol to minimize the
   complexity of clients so as to facilitate widespread deployment of
   applications capable of utilizing the Directory.

   Note that, although servers are required to return responses whenever
   such responses are defined in the protocol, there is no requirement
   for synchronous behavior on the part of either client or server
   implementations: requests and responses for multiple operations may
   be exchanged by client and servers in any order, as long as clients
   eventually receive a response for every request that requires one.

   Consistent with the model of servers performing protocol operations
   on behalf of clients, it is also to be noted that protocol servers
   are expected to handle referrals without resorting to the return of
   such referrals to the client. This protocol makes no provisions for
   the return of referrals to clients, as the model is one of servers
   ensuring the performance of all necessary operations in the
   Directory, with only final results or errors being returned by
   servers to clients.

   Note that this protocol can be mapped to a strict subset of the
   directory abstract service, so it can be cleanly provided by the DAP.

3.  Mapping Onto Transport Services

   This protocol is designed to run over connection-oriented, reliable
   transports, with all 8 bits in an octet being significant in the data
   stream.  Specifications for two underlying services are defined here,
   though others are also possible.

3.1.  Transmission Control Protocol (TCP)

   The LDAPMessage PDUs are mapped directly onto the TCP bytestream.
   Server implementations running over the TCP should provide a protocol
   listener on port 389.

Yeong, Howes & Kille                                            [Page 2]
RFC 1487                       X.500 LDAP                      July 1993

3.2.  Connection Oriented Transport Service (COTS)

   The connection is established.  No special special use of T-Connect
Show full document text