Directory Protocols

Directory protocols are used to centrally manage, organize, and access directory information such as users, groups, and devices — typically in enterprise environments that require secure, scalable identity and resource management.

Protocol	Description	Use Case
LDAP (Lightweight Directory Access Protocol)	A lightweight protocol used to access and maintain distributed directory services over IP networks. LDAP is widely used in enterprise environments for centralized authentication and directory lookups. Commonly used with Active Directory and OpenLDAP.	Enterprise SSO, directory lookups, centralized authentication
LDAPS (LDAP over SSL/TLS)	Secure version of LDAP that wraps communication in SSL/TLS to encrypt all directory traffic. Operates over TCP port 636 for secure communication. Encrypts credentials and improves confidentiality and integrity. :contentReference[oaicite:0]{index=0}	Secure enterprise authentication, especially over untrusted networks
DAP (Directory Access Protocol)	The original X.500 directory access protocol defined by ITU‑T/ISO. Based on the full OSI protocol stack; less commonly used due to complexity. :contentReference[oaicite:1]{index=1}	Theoretical or legacy directory access in OSI-based systems
DSML (Directory Services Markup Language)	XML representation of directory service information and operations based on LDAP, often used over SOAP. Enables directory interaction in web and XML-based environments. :contentReference[oaicite:2]{index=2}	Directory integration via XML and web services
NIS (Network Information Service)	Sun Microsystems protocol for distributing system configuration data like user, host, and group info. Known originally as “Yellow Pages” (YP); not encrypted. :contentReference[oaicite:3]{index=3}	Legacy UNIX authentication and configuration sharing

LDAP (Lightweight Directory Access Protocol)

RFC: RFC 4511

Main Features:

• Lightweight protocol for accessing and maintaining directory information

• Runs over TCP/IP (commonly on port 389)

• Optimized for read-heavy operations

• Hierarchical structure using DN (Distinguished Names)

• Widely supported in enterprise applications and systems

• Supports user and group queries, authentication info, email directories, etc.

Use Cases:

• Centralized authentication in enterprise environments

• Directory lookups for users, groups, devices, or services

• Integration with Active Directory or OpenLDAP

• Enterprise Single Sign-On (SSO) and role-based access control

Alternative Protocols:

• Kerberos – For secure authentication and SSO

• RADIUS – For AAA with network access devices

• TACACS+ – For device-level admin access and AAA

• SCIM – System for Cross-domain Identity Management (modern identity APIs)

Let us learn more about LDAP:

• Learnings in this section

• Terminology

• Version Info

• LDAP Version&IEEE Details

• LDAP Basic Setup on Ubuntu using IPv4

• LDAP Basic Setup on Ubuntu using IPv6

• LDAP Protocol Packet Details

• LDAP Usecases

• LDAP Basic Features

• LDAP Feature : Hirerarchical Structure

• LDAP Feature : Standard Protocol

• LDAP Feature : Centralized Authentication

• LDAP Feature : Scalability

• LDAP Feature : Flexible Schema

• LDAP Feature : Access Control

• LDAP Feature : Replication

• LDAP Feature : Search Capabilities

• Reference links

Jump to “LDAP”

LDAPS (LDAP over SSL/TLS)

RFC: Extension of LDAP with SSL/TLS (not a formal RFC, but widely documented)

Main Features:

• Encrypts LDAP traffic using SSL/TLS to enhance security

• Operates over TCP port 636 by default

• Protects credentials and directory data from eavesdropping and tampering :contentReference[oaicite:4]{index=4}

Use Cases:

• Secure authentication for enterprise directories over untrusted networks

• Compliance with privacy and security regulations

Alternative Protocols:

• LDAP over StartTLS – encryption negotiated during session on port 389

• Kerberos – stronger authentication layer

Let us learn more about LDAPS:

• Learnings in this section

• Terminology

• Version Info

• LDAPS Version&IEEE Details

• LDAPS Basic Setup on Ubuntu using IPv4

• LDAPS Basic Setup on Ubuntu using IPv6

• LDAPS Protocol Packet Details

• LDAPS Usecases

• LDAPS Basic Features

• Reference links

Jump to “LDAPS”

DAP (Directory Access Protocol)

RFC: Defined by ITU‑T/ISO in X.511 (part of X.500 standard) :contentReference[oaicite:5]{index=5}

Main Features:

• OSI-based protocol used to access X.500 directory services

• Supports operations like Bind, Read, Search, Modify, Add, Delete

• Complex due to use of full OSI stack

Use Cases:

• Historical or theoretical directory access in OSI environments

• Basis for LDAP, but rarely used in modern IP networks

Alternative Protocols:

• LDAP – Lightweight alternative over TCP/IP

• RESTful directory APIs over HTTP

Let us learn more about DAP:

• Learnings in this section

• Terminology

• Version Info

• DAP Version&IEEE Details

• DAP Basic Setup on Ubuntu using IPv4

• DAP Basic Setup on Ubuntu using IPv6

• DAP Protocol Packet Details

• DAP Usecases

• DAP Basic Features

• Reference links

Jump to “DAP”

DSML (Directory Services Markup Language)

RFC: OASIS DSML v2 specification :contentReference[oaicite:6]{index=6}

Main Features:

• XML-based representation of directory data and operations (LDAP schema)

• Can be transported via SOAP for web services integration

Use Cases:

• Directory access in XML/SOAP environments

• Enterprise service orchestration and identity federation

Alternative Protocols:

• SCIM – Modern REST API for identity provisioning

• LDAP – Traditional binary protocol

Let us learn more about DSML:

• Learnings in this section

• Terminology

• Version Info

• DSML Version&IEEE Details

• DSML Basic Setup on Ubuntu using IPv4

• DSML Basic Setup on Ubuntu using IPv6

• DSML Protocol Packet Details

• DSML Usecases

• DSML Basic Features

• Reference links

Jump to “DSML”

NIS (Network Information Service)

RFC: Proprietary protocol by Sun Microsystems; no formal RFC :contentReference[oaicite:7]{index=7}

Main Features:

• Centralizes system config data (users, groups, hostnames, etc.) across UNIX systems

• Known as “Yellow Pages” (YP) originally

• No encryption; security risks in modern networks

Use Cases:

• Legacy UNIX network authentication and configuration synchronization

• Simple environments without encryption needs

Alternative Protocols:

• LDAP – More secure and flexible directory access

• Kerberos – For secure authentication

Let us learn more about NIS:

• Learnings in this section

• Terminology

• Version Info

• NIS Version&IEEE Details

• NIS Basic Setup on Ubuntu using IPv4

• NIS Basic Setup on Ubuntu using IPv6

• NIS Protocol Packet Details

• NIS Usecases

• NIS Basic Features

• Reference links

Jump to “NIS”