LDAP, the Lightweight Directory Access Protocol, is the most common directory access protocol in use. It implements a tree-structured directory and is a subset of X.500, which was specified in RFC 1487 in 1993. Nobody follows X.500 completely because it is too much of a monster, so in 1995, RFC 1777 defined LDAPv2.
LDAP requires TCP port 389 to be open on your firewall in the inbound direction if you want to allow LDAP-based Directory Service traffic between your internal LDAP server and other hosts on the Internet. You would open it in the outbound direction if users behind your firewall needed to make queries of an LDAP server located outside of your network, on the Internet. Most common directory services, such as Microsoft Active Directory (which stores the security policy information for the network and its users, among other things), Novell eDirectory (the service formerly known as NDS), Netscape iPlanet and OpenLDAP (an open-source project) communicate via LDAP.
As noted above, one issue with LDAP-based directory services is that queries and responses can be sent across the network in unencrypted form.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.