LDAP was designed as a client/server protocol to provide quick and simple access to entries that live in a directory. Initially, LDAP was designed to provide a better interface to X.500 directory services, but its ease of implementation and IETF-based change control means that LDAP has carved its own niche as a directory service.

What is a directory service? In short, the directory is where you store an entry. Each entry implements information about an object. Entries have attributes with a type and at least one value. These attributes have a strict syntax that determines the types of values allowed for the attributes. Such attribute syntaxes include strings, JPEG photographs, and URLs.

If you’ve ever tried to solve a complex problem in a heterogenous computing environment, such as syncing user accounts between different computing platforms, managing a company-wide address book, or building a public-key infrastructure, you might be interested in what LDAP has to offer.

While the IETF governs changes to the LDAP spec, you are not limited to a single source for the availability of an LDAP server. Companies such as iPlanet, Novell, and Microsoft sell commercial LDAP implementations, and you’ll also find a good, free LDAP implemenation in OpenLDAP (http://www.openldap.org).

Net::LDAP implements the LDAP API for Perl programs. You can use Net::LDAP to search or modify the contents of your LDAP directory. In other words, Net::LDAP does everything that you need it to.

This chapter covers Net::LDAP and how to operate on data in an LDAP directory, but it is not an LDAP tutorial. If you’re unfamiliar with LDAP, it is strongly encouraged that you refer to your LDAP server documentation before attempting to make any changes to your directory.