What are X.500 and LDAP?
X.500 is the most common directory-management protocol. Two X.500 standards
exist: the 1988 version and the 1993 version. Windows 2000’s Directory Service
(DS) implementation is derived from the 1993 X.500 standard.
The X.500 model uses a hierarchical approach to objects in the namespace. The
namespace has a root at the top, with children coming off the root. Win2K
domains have DNS names (e.g., savilltech.com would be a domain name, and
legal.savilltech.com would be a child domain of savilltech.com).
The Figure shows an example domain with a DS root and several children. The
first layer of children is countries.
Imagine each country as a child domain of the root (e.g., usa.root.com,
england.root.com). You can break each child domain into several organizations,
and you can break the organizations into organizational units (OUs). Various
privileges and policies apply to each OU. Each OU has several objects, such as
users, computers, and groups.
Although Win2K’s DS is based on X.500, the access mechanism uses
Lightweight Directory Access Protocol. LDAP solves several X.500 problems.
X.500 is part of the Open System Interconnection (OSI) model, but OSI
doesn’t translate well into a TCP/IP environment. Thus, LDAP uses TCP/IP as
its communication medium. LDAP reduces the number of functions available with a
full X.500 implementation, providing a lean and fast DS while maintaining
X.500’s overall structure. LDAP is the mechanism that communicates with Active
Directory (AD) and performs basic read, write, and modify operations. You can
find more information about X.500 in D.W. Chadwick’s book,
Security FAQ
Windows Privacy Tools - http//www.privacywindows.com
| 
