Prehistory of LDAP

April 2013

It all started in the basement of the Computer Science department of University College London in about 1988. I was working alongside Paul Sharpe of then of GEC, who was working on user agents on the Thorn project.

At the time I was implementing DISH – a directory user agent for the Quipu X.500 directory.

Paul showed me how he had implemented a directory user agent for Thorn directly into the Unix Bourne shell, by using a background process, and communicating with shell commands using named pipes. This seemed a great idea, and set about doing something similar for DISH, but extending the concept to allow full control of an X.500 directory directly from the Unix shell (this was later widely used to perform bulk updates to directories in the Paradise project). DISH became DISHD (a DISH daemon) and I implemented a simple text based protocol based on the Quipu EDB file syntax (a file format used by Quipu as is data store – able to represent all X.500 data formats in simple text) to pass data from the Unix shell to DISHD.

I submitted this to Marshall Rose as an update to the Quipu element of the ISO Development Environment (ISODE). Marshall did not like the named piped concept, and gave me a code fragment from ISODE to re-implement over TCP/IP. I duly made the changes to Quipu and sent back to Marshall. There then exchanged quite a few emails about improvements to the concept, and some generalisations, which Marshall wrote up as the Directory Assistance Service (DASED). In parallel, and without knowledge of what we were doing, Tim Howes implemented a similar concept called DIXIE on a copy of Quipu.

Both DASED and DIXIE were submitted to the IETF as draft standards, and an agreement made to merge the concepts and a new draft created, called the Lightweight Directory Browsing Protocol, later renamed the Lightweight Directory Access Protocol (LDAP).

LDAP needed a data transfer syntax, the simple text based protocol based on the Quipu EDB file format was used and generalised – which became the basis of RFC 1488 and later revised to RFC 1778 which define the abstract syntax used by LDAP.

The rest of the LDAP story is well documented!

See Also

•  “The Most Complete History of Directory Services You Will Ever Find“

Author Bio – Colin Robbins

Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.

• LinkedIn profile
• View all of Colin's posts