LDAP API overview

Edit online

The set of LDAP APIs is designed to provide a suite of functions that can be used to develop directory-enabled applications.

Directory-enabled applications typically connect to one or more directories and run various directory-related operations, such as:

Adding entries
Searching the directories and obtaining the resulting list of entries
Deleting entries
Modifying entries
Renaming entries

The type of information that is managed in the directory depends on the nature of the application. Directories often are used to provide public access to information about people. For example:

Phone numbers
Email addresses
Fax numbers
Mailing addresses

Increasingly, directories are being used to manage and publish other types of information. For example:

Configuration information
Public key certificates (managed by certificate authorities (CAs))
Access control information
Locating information (how to find a service)

The LDAP API provides for both synchronous and asynchronous access to a directory. Asynchronous access enables your application to do other work while you wait for the results of a directory operation to be returned by the server.

Source code, example makefile, and executable programs are provided for running the following operations:

ldapsearch (searches the directory)
ldapmodify (modifies information in the directory)
ldapdelete (deletes information from the directory)
ldapmodrdn (modifies the Relative Distinguished Name (RDN) of an entry in the directory)

LDAP APIs use standard LDAP structures to store various information that is related to an LDAP operation. For information about LDAP structures, see IETF RFC 1823 at http://www.ietf.org/rfc/rfc1823.txt for version 2 of the LDAP protocol. Also, see C LDAP Application Program Interface at http://www.ietf.org/proceedings/01mar/I-D/ldapext-ldap-c-api-05.txt for version 3 of the LDAP protocol.

See IBM® Security Directory Server Command Reference, to know more about the syntax and usage of the command-line utilities.