CERN Accelerating science

What is LDAP?

LDAP stands for "Lightweight Directory Access Protocol" and is a software protocol for enabling applications to look up information on objects across the Internet in a standard way. LDAP originated from the University of Michigan and was created to provide a "lightweight" (reduced code and network traffic) version of DAP (Directory Access Protocol), which is part of X.500, a standard for directory services in a network. LDAP is an Open Standard protocol (such as HTTP, FTP etc.) and is the official IETF standard for directory access across the Internet. It is not surprising then that all the leading Internet companies including Microsoft, Sun/Netscape and Novell are providing extensive support for the LDAP protocol in their Directory Service products in order that they may in turn operate with each other and integrate with the Internet. In fact, LDAP has already been implemented by leading Internet browsers and Mail products which are already using the protocol in their shared address books. Furthermore, LDAP also has the ability to link together distributed directories in a transparent way to the user, which is an important feature when building a global directory service.

LDAP at CERN

LDAP was first deployed at CERN over a year ago to enable Netscape users to search for people in the CERN address book and to help auto-complete e-mail addresses when composing a message. However, the new LDAP service means that users now have an even richer and more powerful search tool which allows them to search for other users by specifying more than just their name. For example, with the new service one can search for a person's e-mail address, telephone number, organisational group, home institute, office number and so on. It is also possible to combine a number of search criteria to help limit the number of possible matches. For example, you may want to get in touch with a person called 'Peter' but you have forgotten his surname. However, you also know that Peter is in LHC division and works in building 30. The new LDAP search enables you to enter all the information you know about a person or group to focus your search and help you find exactly what you need.

Another important addition to the LDAP search is the inclusion of mailing lists to the CERN address book. The new service enables users to search for a mailing list address by specifying a simple 'keyword' such as 'Java' or 'Beam'. Not only will this show users the mailing list address they require it will also tell them who to contact if they wish to find out more information about the list. Another addition is the 'Services & Support' directory which enables users to search for appropriate entries when it is not a person they wish to contact but a support line or a specific service. Another important change is the inclusion of a new 'HEP' directory. In collaboration with laboratories (currently IN2P3 and DESY), we have started to build a global address book which will help users search for people across the whole particle physics community. This global address book is achieved by sending search requests in parallel to other LDAP servers being deployed at other laboratories.

As LDAP services start to be implemented at different laboratories we hope this will bring the whole particle physics community together into one common global address book.

The Future

However, LDAP is far more than just a tool for looking up a person's e-mail address. Here in the IT division there are a number of planned projects which will benefit from the flexibility and platform-independent nature of the LDAP protocol, such as Roaming, Calendaring and other Web applications. Furthermore, all of the major Operating System vendors have also given their support to the LDAP protocol, including Windows 2000 Active Directory, Solaris and Linux. This could mean that in the near future a number of interoperability issues between different systems could be resolved in a standardised way, opening up a whole host of opportunities here at CERN and across the HEP community in general.