Which of the following was based on a previous X.500 specification and allows either unencrypted
authentication or encrypted authentication through the use of TLS?
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for
accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Directory services play an important role in developing intranet and Internet applications by allowing the sharing
of information about users, systems, networks, services, and applications throughout the network. As
examples, directory services may provide any organized set of records, often with a hierarchical structure, such
as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a
A common usage of LDAP is to provide a “single sign on” where one password for a user is shared between
many services, such as applying a company login code to web pages (so that staff log in only once to company
computers, and then are automatically logged into the company intranet).
LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this
relationship, LDAP is sometimes called X.500-lite.
A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by
default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is available by default on ports
3268, and 3269 for LDAPS. The client then sends an operation request to the server, and the server sends
responses in return.
The client may request the following operations:
StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection