Lightweight Directory Access Protocol is built around client-server model, and is used for accessing a directory service. Originally designed as a front-end for X.500, it has evolved to provide access to directories supporting the X.500 standard, without needing to take up the resources the full X.500 Directory Access Protocol requires.

Back up for a second, let's deal with X.500. X.500 is a standard building directory services for the OSI stack (we won't go into the OSI model here. If you need to learn about it, go here). The standard covers the entire namespace and the protocol that is used to both update and query it. This protocol is called DAP--Directory Access Protocol, and it runs over the entire OSI network stack. Which means two things:

• DAP is a very powerful and complete data model, and it is incredibly valuable
• It is not practical to use client that operates with the full DAP on small computer systems-it bogs them down.

So, in response LDAP was developed to be information model as well as the protocol for altering and searching it. Because it is based on X.500, LDAP's data model is pretty much the same as X.500, with one major functional difference. The LDAP protocol runs directly over the TCP/IP stack, which makes it much more efficient, or "lighter" than DAP. As well, some of the "heavier" and more complex functions native to DAP are dropped.

Both big enterprise management applications and browser applications that require network-wide read and write access to directories, databases and other services have been built LDAP-compliant. But the true power is online. LDAP is becoming the standard for directory services on the Internet because it simple and easily implemented, yet retains strong functionality.

The LDAP model is based around the entries to it. These entries contain information about any object (IE: a file). Entries are made up of attributes, each of which use a specific a type, and hold one or more values. The entries' attribute defines what types of values can be used to describe it, and how those values are used in query operations. Virtually anything can be queried for and stored in an LDAP directory; email addresses, strings, images, integers, and entire files.

A practical application could be a `Contact Management System'. For instance; large businesses with several employees could store their contacts (the information on business cards) in a database accessed by an LDAP server, as well as on their PalmPilots or in their rolodexs. So, employees working on accounts with the same client could easily do a search and build to find the contact they needed, even if they hadn't met this person formally. In a more complicated example, the same LDAP server could be used to create an interactive "org chart" of that client company, by assembling the contact information each employee entered (regardless of where it is stored on the companies' network) into one constantly updated resource.