Overview_of_the_LDAP_Model

   LDAP is the lightweight directory access protocol, which is based
   on a client-server model. In this model, a client makes a TCP
   connection to an LDAP server, over which it sends requests and
   receives responses.

   The LDAP information model is based on the entry, which contains
   information about some object (for example, a person). Entries
   are composed of attributes, which have a type and one or more
   values. Each attribute has a syntax that determines what kinds
   of values are allowed in the attribute (for example, ASCII
   characters or a jpeg photograph) and how those values behave
   during directory operations (for example, whether case is
   significant during comparisons).

   Entries may be organized in a tree structure, usually based on
   political, geographical, or organizational boundaries. Each entry
   is uniquely named relative to its sibling entries by its relative
   distinguished name (RDN) consisting of one or more distinguished
   attribute values from the entry. At most, one value from each
   attribute may be used in the RDN. For example, the entry for the
   person Babs Jensen might be named with the Barbara Jensen value
   from the commonName attribute.

   A globally unique name for an entry, called a distinguished name
   or DN, is constructed by concatenating the sequence of RDNs from
   the entry up to the root of the tree. For example, if Babs worked
   for the University of Michigan, the DN of her U-M entry might be
   the following:

   cn=Barbara Jensen, o=University of Michigan, c=US

   Operations are provided to authenticate, search for and retrieve
   information, modify information, and add and delete entries from
   the tree.