This page provides a listing of a number of LDAP-related specifications that are defined in RFCs. Note that some of these specifications are obsolete, and are no longer recommended for use. In addition, some of these specifications are not widely implemented in or supported by LDAP servers and/or clients. Before attempting to use any of these specifications, check the capabilities of your LDAP directory server and/or clients.
Other specifications may be defined in Internet Drafts. A list of LDAP-related drafts may be found here.
RFCs Defining the LDAP Protocol and Other Core Specifications
- RFC 2849: The LDAP Data Interchange Format (LDIF) – Technical Specification
- RFC 3296: Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories
- RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP)
- RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP)
- RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes
-
RFC 3866: Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP)
Obsoletes: RFC 2596
-
RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
Obsoletes: RFC 2251, RFC 2830, RFC 3771
-
RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models
Obsoletes: RFC 2251, RFC 2252, RFC 2256, RFC 3674
-
RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
Obsoletes: RFC 2251, RFC 2829, RFC 2830
-
RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names
Obsoletes: RFC 2253
-
RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters
Obsoletes: RFC 2254
-
RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator
Obsoletes: RFC 2255
- RFC 4518: Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation
- RFC 4522: Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option
- RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension
- RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters
- RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol
RFCs Containing Informational Documents, Recommendations, and Best Practices
- RFC 1823: The LDAP Application Program Interface
- RFC 2820: Access Control Requirements for LDAP
-
RFC 3352: Connection-less Lightweight Directory Access Protocol (CLDAP) to Historic Status
Obsoletes: RFC 1798
- RFC 3384: Lightweight Directory Access Protocol (version 3) Replication Requirements
-
RFC 3494: Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status
Obsoletes: RFC 1484, RFC 1485, RFC 1487, RFC 1777, RFC 1778, RFC 1779, RFC 1781, RFC 2559
-
RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map
Obsoletes: RFC 2251, RFC 2252, RFC 2253, RFC 2254, RFC 2255, RFC 2256, RFC 2829, RFC 2830, RFC 3377, RFC 3771
-
RFC 4520: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
Obsoletes: RFC 3383
- RFC 4521: Considerations for Lightweight Directory Access Protocol (LDAP) Extensions
RFCs Defining Controls and Extended Operations
- RFC 2589: Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services
- RFC 2649: An LDAP Control and Schema for Holding Operation Signatures
- RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation
- RFC 2891: LDAP Control Extension for Server Side Sorting of Search Results
- RFC 3062: LDAP Password Modify Extended Operation
- RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
- RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3)
- RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation
- RFC 3928: Lightweight Directory Access Protocol (LDAP) Client Update Protocol
- RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control
- RFC 4373: Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP)
- RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls
- RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control
- RFC 4531: Lightweight Directory Access Protocol (LDAP) Turn Operation
- RFC 4532: Lightweight Directory Access Protocol (LDAP) “Who am I?” Operation
- RFC 4533: The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation
- RFC 5805: Lightweight Directory Access Protocol (LDAP) Transactions
- RFC 6171: The Lightweight Directory Access Protocol (LDAP) Don’t Use Copy Control
RFCs Defining Core LDAP Schema
-
RFC 2798: Definition of the inetOrgPerson LDAP Object Class
Updated by: RFC 3698, RFC 4519, RFC 4524
- RFC 2926: Conversion of LDAP Schemas to and from SLP Templates
- RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0
- RFC 3045: Storing Vendor Information in the LDAP root DSE
- RFC 3112: LDAP Authentication Password Schema
- RFC 3687: Lightweight Directory Access Protocol (LDAP) and X.500 Component Matching Rules
-
RFC 3698: Lightweight Directory Access Protocol (LDAP) Additional Matching Rules
Updates: RFC 2798
Updated by: RFC 4517
-
RFC 4517: Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules
Updates: RFC 3698
Obsoletes: RFC 2252, RFC 2256
-
RFC 4519: Lightweight Directory Access Protocol (LDAP): Schema for User Applications
Updates: RFC 2247, RFC 2377, RFC 2798
Obsoletes: RFC 2256
- RFC 4530: Lightweight Directory Access Protocol (LDAP) entryUUID Operational Attribute
- RFC 5020: The Lightweight Directory Access Protocol (LDAP) entryDN Operational Attribute
RFCs Containing Additional LDAP Schema Definitions
- RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs)
- RFC 2307: An Approach for Using LDAP as a Network Information Service
- RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory
- RFC 2714: Schema for Representing CORBA Objects in an LDAP Directory
- RFC 2739: Calendar Attributes for vCard and LDAP
- RFC 3642: Common Elements of Generic String Encoding Rules (GSER) Encodings
- RFC 3727: ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules
-
RFC 4104: Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
Updates: RFC 3703
- RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3)
-
RFC 4523: Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates
Obsoletes: RFC 2252, RFC 2256, RFC 2587
- RFC 4876: A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents
- RFC 5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets
-
RFC 7612: Lightweight Directory Access Protocol (LDAP) Schema for Printer Services
Obsoletes: RFC 3712
- RFC 8284: Lightweight Directory Access Protocol (LDAP) Schema for Supporting the Extensible Messaging and Presence Protocol (XMPP) in White Pages
RFCs Containing Other Specifications Commonly Used in Conjunction with LDAP
- RFC 1964: The Kerberos Version 5 GSS-API Mechanism
- RFC 2782: A DNS RR for specifying the location of services (DNS SRV)
- RFC 2808: The SecurID(r) SASL Mechanism
- RFC 2986: PKCS #10: Certificate Request Syntax Specification Version 1.7
- RFC 3454: Preparation of Internationalized Strings (“stringprep”)
- RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords
-
RFC 4121: The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2
Updates: RFC 1964
- RFC 4122: A Universally Unique IDentifier (UUID) URN Resource
- RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm
- RFC 4648: The Base16, Base32, and Base64 Data Encodings
-
RFC 4752: The Kerberos V5 (“GSSAPI”) Simple Authentication and Security Layer (SASL) Mechanism
Obsoletes: RFC 2222
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
- RFC 5958: Asymmetric Key Packages (PKCS #8)
-
RFC 6151: Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
Updates: RFC 1321, RFC 2104
-
RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
Updates: RFC 3174
Obsoletes: RFC 4634
- RFC 6238: TOTP: Time-Based One-Time Password Algorithm
- RFC 6595: A Simple Authentication and Security Layer (SASL) and GSS-API Mechanism for the Security Assertion Markup Language (SAML)
- RFC 7292: PKCS #12: Personal Information Exchange Syntax v1.1
- RFC 7628: A Set of Simple Authentication and Security Later (SASL) Mechanisms for OAuth
- RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication And Security Layer (SASL) Mechanisms
- RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2
- RFC 9371: Registration Procedures for Private Enterprise Numbers (PENs)
Obsolete RFCs Provided for Informational Purposes
-
RFC 1778: The String Representation of Standard Attribute Syntaxes
Obsoletes: RFC 1488
Updated by: RFC 2559
Obsoleted by: RFC 3494
-
RFC 2251: Lightweight Directory Access Protocol (v3)
Updated by: RFC 3377, RFC 3771
Obsoleted by: RFC 4510, RFC 4511, RFC 4512, RFC 4513
-
RFC 2252: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
Updated by: RFC 3377
Obsoleted by: RFC 4510, RFC 4512, RFC 4517, RFC 4523
-
RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
Obsoletes: RFC 1779
Updated by: RFC 3377
Obsoleted by: RFC 4510, RFC 4514
-
RFC 2254: The String Representation of LDAP Search Filters
Obsoletes: RFC 1960
Updated by: RFC 3377
Obsoleted by: RFC 4510, RFC 4515
-
RFC 2255: The LDAP URL Format
Obsoletes: RFC 1959
Updated by: RFC 3377
Obsoleted by: RFC 4510, RFC 4516
-
RFC 2256: A Summary of the X.500(96) User Schema for use with LDAPv3
Updated by: RFC 3377
Obsoleted by: RFC 4510, RFC 4512, RFC 4517, RFC 4519, RFC 4523
-
RFC 2559: Internet X.590 Public Key Infrastructure Operational Protocols – LDAPv2
Updates: RFC 1778
Obsoleted by: RFC 3494
-
RFC 2830: Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
Updated by: RFC 3377
Obsoleted by: RFC 4510, RFC 4511, RFC 4513
-
RFC 3377: Lightweight Directory Access Protocol (v3): Technical Specification
Updates: RFC 2251, RFC 2252, RFC 2253, RFC 2254, RFC 2255, RFC 2256, RFC 2829, RFC 2830
Obsoleted by: RFC 4510
-
RFC 3383: Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)
Obsoleted by: RFC 4520
-
RFC 3712: Lightweight Directory Access Protocol (LDAP): Schema for Printer Services
Obsoleted by: RFC 7612