Lightweight Directory Access Protocol (LDAP) is a directory server standard developed at the University of Michigan in 1996. LDAP is a protocol for organizing and accessing information in a hierarchical structure resembling a branching tree. Its purpose is twofold:
To locate resources, such as organizations, individuals, and files on a network
To help authenticate users attempting to connect to networks controlled by directory servers
The basic LDAP structure branches from countries to organizations to organizational units to individuals. There can also be other, intermediary levels of branching, such as “states” and “counties”.
An LDAP server supports the following types of users and authentication features:
Auth users
L2TP users (user authentication; L2TP user receives default L2TP settings from the NetScreen device)
XAuth users (user authentication; no support for remote setting assignments)
Admin users (user authentication; admin user receives default privilege assignment of read-write)
At present, an LDAP server cannot assign L2TP or XAuth remote settings or NetScreen admin privileges, although you can use an LDAP server to store L2TP, XAuth, and admin user accounts for authentication purposes. LDAP also does not provide user group support.
For more information on the LDAP type of server, refer to the NetScreen Concepts & Examples ScreenOS Reference Guide available on the documentation CD that shipped with your NetScreen product and also on the Juniper Networks support site.