Prehistory of LDAP
It all started in the basement of the Computer Science department of University College London in about 1988. I was working alongside Paul Sharpe of then of GEC, who was working on user agents on the Thorn project.
At the time I was implementing DISH – a directory user agent for the Quipu X.500 directory.
Paul showed me how he had implemented a directory user agent for Thorn directly into the Unix Bourne shell, by using a background process, and communicating with shell commands using named pipes. This seemed a great idea, and set about doing something similar for DISH, but extending the concept to allow full control of an X.500 directory directly from the Unix shell (this was later widely used to perform bulk updates to directories in the Paradise project). DISH became DISHD (a DISH daemon) and I implemented a simple text based protocol based on the Quipu EDB file syntax (a file format used by Quipu as is data store – able to represent all X.500 data formats in simple text) to pass data from the Unix shell to DISHD.
I submitted this to Marshall Rose as an update to the Quipu element of the ISO Development Environment (ISODE). Marshall did not like the named piped concept, and gave me a code fragment from ISODE to re-implement over TCP/IP. I duly made the changes to Quipu and sent back to Marshall. There then exchanged quite a few emails about improvements to the concept, and some generalisations, which Marshall wrote up as the Directory Assistance Service (DASED). In parallel, and without knowledge of what we were doing, Tim Howes implemented a similar concept called DIXIE on a copy of Quipu.
Both DASED and DIXIE were submitted to the IETF as draft standards, and an agreement made to merge the concepts and a new draft created, called the Lightweight Directory Browsing Protocol, later renamed the Lightweight Directory Access Protocol (LDAP).
LDAP needed a data transfer syntax, the simple text based protocol based on the Quipu EDB file format was used and generalised – which became the basis of RFC 1488 and later revised to RFC 1778 which define the abstract syntax used by LDAP.
The rest of the LDAP story is well documented!
About the author
Colin Robbins is a Principal Security Consultant, leading customer-funded research activities in secure interoperability and information exchange. He has specific technical interests in the Single Information Environment and Data Centric Security, as well as the processes of security, such as Secure by Design and Information Security Management Systems (ISMS). He is a Fellow of CIISec, and a former NCSC certified Security and Information Risk Adviser (Lead CCP).