Lightweight Directory Access Protocol (LDAP) is a directory server standard developed at the University of Michigan in 1996. LDAP is a protocol for organizing and accessing information in a hierarchical structure resembling a branching tree. Its purpose is two-fold:
To locate resources, such as organizations, individuals, and files on a network
To help authenticate users attempting to connect to networks controlled by directory servers
The basic LDAP structure branches from countries to organizations to organizational units to individuals. There can also be other, intermediary levels of branching, such as “states” and “counties”.
An LDAP server supports the following types of users and authentication features:
Auth users
L2TP users (user authentication; L2TP user receives default L2TP settings from the security device)
XAuth users (user authentication; no support for remote setting assignments)
Admin users (user authentication; admin user receives default privilege assignment of read-write)
At present, an LDAP server cannot assign L2TP or XAuth remote settings or admin privileges, although you can use an LDAP server to store L2TP, XAuth, and admin user accounts for authentication purposes. LDAP also does not provide user group support.
For more information on the LDAP type of server, refer to the Concepts & Examples ScreenOS Reference Guide available on the documentation CD that shipped with your Juniper Networks product and also on the Juniper Networks support site.