DEFICIENCIES IN LDAP WHEN USED TO SUPPORT PKI

摘要

The lightweight directory access protocol (LDAP) is the Internet standard way of accessing directory services that conform to the X.500 data model. It is very widely supported by all the leading software vendors and is part of Windows 2000 Active Directory. There are two versions of LDAPv2, the original lightweight variation of the X.500 Directory Access Protocol (DAP); and LDAPv3, the heavyweight version. While the DAP was designed from its inception to support public-key infrastructures (PKIs), being part of the same X.500 family of standards as X.509, LDAP was not designed with this support in mind. LDAP has, however, become the predominant protocol in support of PKIs accessing directory services for certificates and certificate revocation lists (CRLs), but because of its lineage, it has some deficiencies.