This page provides a listing of a number of LDAP-related specifications that are defined in RFCs. Note that some of these specifications are obsolete, and are no longer recommended for use. In addition, some of these specifications are not widely implemented in or supported by LDAP servers and/or clients. Before attempting to use any of these specifications, check the capabilities of your LDAP directory server and/or clients.

Other specifications may be defined in Internet Drafts. A list of LDAP-related drafts may be found here.

RFCs Defining the LDAP Protocol and Other Core Specifications

  • RFC 2849: The LDAP Data Interchange Format (LDIF) – Technical Specification
  • RFC 3296: Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories
  • RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP)
  • RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP)
  • RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes
  • RFC 3866: Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP)
    Obsoletes: RFC 2596
  • RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
    Obsoletes: RFC 2253
  • RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
    Obsoletes: RFC 2254
  • RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator
    Obsoletes: RFC 2255
  • RFC 4518: Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation
  • RFC 4522: Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option
  • RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension
  • RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters
  • RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol

RFCs Containing Informational Documents, Recommendations, and Best Practices

  • RFC 1823: The LDAP Application Program Interface
  • RFC 2377: Naming Plan for Internet Directory-Enabled Applications
    Updated By: RFC 4519
  • RFC 2820: Access Control Requirements for LDAP
  • RFC 3352: Connection-less Lightweight Directory Access Protocol (CLDAP) to Historic Status
    Obsoletes: RFC 1798
  • RFC 3384: Lightweight Directory Access Protocol (version 3) Replication Requirements
  • RFC 4520: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
    Obsoletes: RFC 3383
  • RFC 4521: Considerations for Lightweight Directory Access Protocol (LDAP) Extensions

RFCs Defining Controls and Extended Operations

  • RFC 2589: Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services
  • RFC 2649: An LDAP Control and Schema for Holding Operation Signatures
  • RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation
  • RFC 2891: LDAP Control Extension for Server Side Sorting of Search Results
  • RFC 3062: LDAP Password Modify Extended Operation
  • RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
  • RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)
  • RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation
  • RFC 3928: Lightweight Directory Access Protocol (LDAP) Client Update Protocol
  • RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control
  • RFC 4373: Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP)
  • RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls
  • RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control
  • RFC 4531: Lightweight Directory Access Protocol (LDAP) Turn Operation
  • RFC 4532: Lightweight Directory Access Protocol (LDAP) “Who am I?” Operation
  • RFC 4533: The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
  • RFC 5805: Lightweight Directory Access Protocol (LDAP) Transactions
  • RFC 6171: The Lightweight Directory Access Protocol (LDAP) Don’t Use Copy Control

RFCs Defining Core LDAP Schema

  • RFC 2926: Conversion of LDAP Schemas to and from SLP Templates
  • RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0
  • RFC 3045: Storing Vendor Information in the LDAP root DSE
  • RFC 3112: LDAP Authentication Password Schema
  • RFC 3687: Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules
  • RFC 3698: Lightweight Directory Access Protocol (LDAP) Additional Matching Rules
    Updates: RFC 2798
    Updated by: RFC 4517
  • RFC 4530: Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
  • RFC 5020: The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute

RFCs Containing Additional LDAP Schema Definitions

  • RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)
  • RFC 2307: An Approach for Using LDAP as a Network Information Service
  • RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory
  • RFC 2714: Schema for Representing CORBA Objects in an LDAP Directory
  • RFC 2739: Calendar Attributes for vCard and LDAP
  • RFC 3641: Generic String Encoding Rules (GSER) for ASN.1 Types
    Updated by: RFC 4792
  • RFC 3642: Common Elements of Generic String Encoding Rules (GSER) Encodings
  • RFC 3703: Policy Core Lightweight Directory Access Protocol (LDAP) Schema
    Updated by: RFC 4104
  • RFC 3727: ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules
  • RFC 4104: Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
    Updates: RFC 3703
  • RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)
  • RFC 4792: Encoding Instructions for the Generic String Encoding Rules (GSER)
    Updates: RFC 3641
  • RFC 4876: A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
  • RFC 5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
  • RFC 7612: Lightweight Directory Access Protocol (LDAP) Schema for Printer Services
    Obsoletes: RFC 3712
  • RFC 8284: Lightweight Directory Access Protocol (LDAP) Schema for Supporting the Extensible Messaging and Presence Protocol (XMPP) in White Pages

RFCs Containing Other Specifications Commonly Used in Conjunction with LDAP

  • RFC 1964: The Kerberos Version 5 GSS-API Mechanism
  • RFC 2743: Generic Security Service API Version 2, Update 1
    Obsoletes: RFC 2078
  • RFC 2744: Generic Security Service API Version 2 : C-bindings
    Obsoletes: RFC 1509
  • RFC 2782: A DNS RR for specifying the location of services (DNS SRV)
  • RFC 2808: The SecurID(r) SASL Mechanism
  • RFC 2831: Using Digest Authentication as a SASL Mechanism
    Obsoleted by: RFC 6331
  • RFC 2986: PKCS #10: Certificate Request Syntax Specification Version 1.7
  • RFC 3454: Preparation of Internationalized Strings (“stringprep”)
  • RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords
  • RFC 4121: The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2
    Updates: RFC 1964
  • RFC 4122: A Universally Unique IDentifier (UUID) URN Resource
  • RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm
  • RFC 4505: Anonymous Simple Authentication and Security Layer (SASL) Mechanism
    Obsoletes: RFC 2245
  • RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism
    Obsoletes: RFC 2595
  • RFC 4648: The Base16, Base32, and Base64 Data Encodings
  • RFC 4752: The Kerberos V5 (“GSSAPI”) Simple Authentication and Security Layer (SASL) Mechanism
    Obsoletes: RFC 2222
  • RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
  • RFC 5958: Asymmetric Key Packages (PKCS #8)
  • RFC 6151: Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
    Updates: RFC 1321, RFC 2104
  • RFC 6238: TOTP: Time-Based One-Time Password Algorithm
  • RFC 6595: A Simple Authentication and Security Layer (SASL) and GSS-API Mechanism for the Security Assertion Markup Language (SAML)
  • RFC 7292: PKCS #12: Personal Information Exchange Syntax v1.1
  • RFC 7628: A Set of Simple Authentication and Security Later (SASL) Mechanisms for OAuth
  • RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication And Security Layer (SASL) Mechanisms
  • RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2
  • RFC 8353: Generic Security Service API Version 2: Java Bindings Update
    Updates: RFC 5653
  • RFC 9371: Registration Procedures for Private Enterprise Numbers (PENs)

Obsolete RFCs Provided for Informational Purposes

  • RFC 1484: Using the OSI Directory to achieve User Friendly Naming
    Obsoleted by: RFC 3494
  • RFC 1488: The X.500 String Representation of Standard Attribute Syntaxes
    Obsoleted by: RFC 1778
  • RFC 1558: A String Representation of LDAP Search Filters
    Obsoleted by: RFC 1960
  • RFC 1798: Connection-less Lightweight X.500 Directory Access Protocol
    Obsoleted by: RFC 3352
  • RFC 2559: Internet X.590 Public Key Infrastructure Operational Protocols – LDAPv2
    Updates: RFC 1778
    Obsoleted by: RFC 3494
  • RFC 2587: Internet X.590 Public Key Infrastructure LDAPv2 Schema
    Obsoleted by: RFC 4523
  • RFC 3383: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
    Obsoleted by: RFC 4520
  • RFC 3674: Feature Discovery in Lightweight Directory Access Protocol (LDAP)
    Obsoleted by: RFC 4512
  • RFC 3712: Lightweight Directory Access Protocol (LDAP): Schema for Printer Services
    Obsoleted by: RFC 7612