RFC 1823 (rfc1823) - Page 1 of 22
The LDAP Application Program Interface
Alternative Format: Original Text Document
Network Working Group T. Howes
Request for Comments: 1823 M. Smith
Category: Informational University of Michigan
August 1995
The LDAP Application Program Interface
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
1. Introduction
This document defines a C language application program interface to
the lightweight directory access protocol (LDAP). The LDAP API is
designed to be powerful, yet simple to use. It defines compatible
synchronous and asynchronous interfaces to LDAP to suit a wide
variety of applications. This document gives a brief overview of the
LDAP model, then an overview of how the API is used by an application
program to obtain LDAP information. The API calls are described in
detail, followed by an appendix that provides some example code
demonstrating the use of the API.
2. Overview of the LDAP Model
LDAP is the lightweight directory access protocol, described in [2]
and [7]. It can provide a lightweight frontend to the X.500 directory
[1], or a stand-alone service. In either mode, LDAP is based on a
client-server model in which a client makes a TCP connection to an
LDAP server, over which it sends requests and receives responses.
The LDAP information model is based on the entry, which contains
information about some object (e.g., a person). Entries are composed
of attributes, which have a type and one or more values. Each
attribute has a syntax that determines what kinds of values are
allowed in the attribute (e.g., ASCII characters, a jpeg photograph,
etc.) and how those values behave during directory operations (e.g.,
is case significant during comparisons).
Entries are organized in a tree structure, usually based on
political, geographical, and organizational boundaries. Each entry is
uniquely named relative to its sibling entries by its relative
distinguished name (RDN) consisting of one or more distinguished
attribute values from the entry. At most one value from each
attribute may be used in the RDN. For example, the entry for the
Howes & Smith Informational