Powerful Open Source LDAP

From Port389



LDAP: a protocol for accessing on-line directory services.

The IETF designed and specified LDAP as a better way to make use of X.500 directories - having found the original Directory Access Protocol (DAP) too complex for simple internet clients to use. LDAP defines a relatively simple protocol for updating and searching directories running over TCP/IP.

Use and Deployment

The first place to start is the Release_Notes and Install_Guide. This will help you get up and running quickly.

The best documentation for use and deployment can be found in the Red Hat Directory Server documentation. Although these documents are for Red Hat Directory Server, they apply to 389 DS as well. However, be sure to read the Release_Notes and Install_Guide for 389 DS first in case there are important differences. Also check the FAQ for information about differences between Red Hat and 389 Directory Servers.

The following documents are helpful for learning more about installation options, administration, and deployments:

These are the official Red Hat Directory Server 9 docs but they apply to 389 1.2 and later releases:

389 Documentation

Quick Links


A series of articles about how to perform common server configuration tasks.

A series of articles about how to get the Directory Server working with other tools.

Software Developers


Building and Installing

Design Docs

Proposed New Features
Current Features

Directory Server Plugins

It's possible to write plugins that allow you to extend the functionality of the Directory Server. Our plugins page contains information on the API and the scope of the functionality. You might also want to look at our annotated license page for some legal information on using the plugin api.

Berkeley DB

Here is the new location at oracle.com - http://download.oracle.com/docs/cd/E17076_02/html/toc.htm


There are quite a few books available on LDAP, but we maintain a list of books that we think are pretty good.



Some relevant RFCs that Directory Server supports include:

  • RFC 1274 - The COSINE and Internet X.500 Schema
  • RFC 1558 - A String Representation of LDAP Search Filters
  • RFC 1777 - Lightweight Directory Access Protocol
  • RFC 1778 - The String Representation of Standard Attribute Syntaxes
  • RFC 1779 - A String Representation of Distinguished Names
  • RFC 1823 - The LDAP Application Program Interface
  • RFC 2222 - Simple Authentication and Security Layer (SASL)
  • RFC 2247 - Using Domains in LDAP/X.500 Distinguished Names
  • RFC 2251 - Lightweight Directory Access Protocol (v3)
  • RFC 2252 - Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
  • RFC 2253 - Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
  • RFC 2254 - The String Representation of LDAP Search Filters
  • RFC 2255 - The LDAP URL Format
  • RFC 2256 - A Summary of the X.500(96) User Schema for use with LDAPv3
  • RFC 2307 - An Approach for Using LDAP as a Network Information Service
  • RFC 2377 - Naming Plan for Internet Directory-Enabled Applications
  • RFC 2829 - Authentication Methods for LDAP
  • RFC 2830 - Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
  • RFC 2849 - The LDAP Data Interchange Format (LDIF) - Technical Specification
  • RFC 3377 - Lightweight Directory Access Protocol (v3): Technical Specification