Internet Archivist

Posted on 2 Jul 2002 at 17:32

Davey Winder enjoys a new way of surfing - in his sleep - and continues his search for the elusive perfect email client.

This magical invention is a protocol by the name of LDAP (Lightweight Directory Access Protocol). It's based on, or at least derived from, a standard dating back ten years called X.500, which never really took off in the Internet age because it was too fat to fit on a PC and too complex to be quick. LDAP, however, is a slimmed-down version of the tubby X.500 DAP, and it heralds a new age of Internet information searching.

LDAP was created by Tim Howes and engineers at the University of Michigan, and a real key to its success, I suspect, is that also on the development team were members of the IETF (Internet Engineering Task Force). LDAP provides the mechanism for Internet clients to search hierarchical databases, operating as an interface protocol over a TCP/IP connection port. It's a quick and easy way to create and query directories, both of people and of information, on either the Internet or intranets.

LDAP directories are arranged in the familiar tree format, where a root node is followed by country information, then company and organisation details, then organisation offices and departments, and finally details of individuals. LDAP directories themselves can be distributed by DSAs (directory system agents) and replication is used to synchronise the listings between the various DSAs. It was designed from the ground up to run over TCP/IP, thus overcoming many of the inherent problems of the X.500 DAP.

Corporate LAN users are probably well aware of existing X.500-based directory systems, with different access protocols and storage schemes for each one, and requiring meta-directory synchronisation tools in order to talk to each other. LDAP removes that need for a single meta-directory service when propagating information between NOS-specific directories.

This introduction of a common DAP is a first step towards a universal network directory service, both on and off the Internet. The latest incarnation, LDAP3, is a giant leap forward in DAP technology, which brings an SSL (secure sockets layer) based security model, providing secure access between LDAP clients and servers, and protecting privacy and integrity in one fell swoop.

LDAP lets users of any compliant server look up information across the Internet, giving a bridge between platforms and corporate bodies. Of course, companies can limit the amount of information they want to be made available to the outside world on their LDAP servers. On the downside, some of the currently available LDAP directories seem slow to update the information they hold, and some out-of-date email details hang around for ages. However, in the not too distant future I suspect that an 'ldap://' convention will be as popular as 'http://' is today. Entering ldap://myname.server.co.uk in your browser's address box will take you straight to a directory, from where you'll be able to instantly find the email details, and more, of the contact you're after. When file locations change on-line you won't be faced with those annoying '404 not found' messages, as automatic jumps to the new location will now be made thanks to LDAP targeting. For now, though, you can search for someone you know using the Four11 or BigFoot directories using the LDAP features of your email or Web client for a glimpse of the future today.

Wavey's Web site of the month

Every month I'm inundated with requests to take a look at sites either operated or recommended by PC Pro. Space constraints prevent me from mentioning more than just a handful, so those that do make it here have to be pretty special. Keep sending in your URLs and I'll keep visiting them, and if you make it onto these pages be prepared for a hits explosion.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site