Access and Modify
Make the most out of your server systems.
Lightweight Directory Access Protocol (LDAP) provides applications with a standard method for accessing and modifying the information stored in a directory. LDAP is integrated into the software as an authentication, authorization, and accounting (AAA) protocol alongside the existing AAA protocols such as RADIUS, TACACS+, Kerberos, and Diameter. The AAA framework provides tools and mechanisms such as method lists, server groups, and generic attribute lists that enable an abstract and uniform interface to AAA clients irrespective of the actual protocol used for communication with the AAA server.
The bind operation is used to authenticate a user to the server. It is used to start a connection with the LDAP server. LDAP is a connection-oriented protocol. The client specifies the protocol version and the client authentication information.
A search operation is used to search the LDAP server. The client specifies the starting point (base DN) of the search, the search scope (either the object, its children, or the subtree rooted at the object), and a search filter. For authorization requests, the search operation is directly performed without a bind operation. The LDAP server can be configured with certain privileges for the search operation to succeed. This privilege level is established with the bind operation.
The compare operation is used to replace a bind request with a compare request for an authentication. The compare operation helps to maintain the initial bind parameters for the connection.