LDAP is the lightweight directory access protocol, which is based
    on a client-server model. In this model, a client makes a TCP
    connection to an LDAP server, over which it sends requests and
    receives responses.

    The LDAP information model is based on the entry, which contains
    information about some object (for example, a person). Entries
    are composed of attributes, which have a type and one or more
    values. Each attribute has a syntax that determines what kinds
    of values are allowed in the attribute (for example, ASCII
    characters or a jpeg photograph) and how those values behave
    during directory operations (for example, whether case is
    significant during comparisons).

    Entries may be organized in a tree structure, usually based on
    political, geographical, or organizational boundaries. Each entry
    is uniquely named relative to its sibling entries by its relative
    distinguished name (RDN) consisting of one or more distinguished
    attribute values from the entry. At most, one value from each
    attribute may be used in the RDN. For example, the entry for the
    person Babs Jensen might be named with the Barbara Jensen value
    from the commonName attribute.

    A globally unique name for an entry, called a distinguished name
    or DN, is constructed by concatenating the sequence of RDNs from
    the entry up to the root of the tree. For example, if Babs worked
    for the University of Michigan, the DN of her U-M entry might be
    the following:

    cn=Barbara Jensen, o=University of Michigan, c=US

    Operations are provided to authenticate, search for and retrieve
    information, modify information, and add and delete entries from
    the tree.