LDAP是轻量目录访问协议(Lightweight Directory Access Protocol)的缩写，LDAP是从X.500目录访问协议的基础上发展过来的．

特点：

LDAP的结构用树来表示，而不是用表格。正因为这样，就不能用SQL语句了

LDAP可以很快地得到查询结果，不过在写方面，就慢得多

LDAP提供了静态数据的快速查询方式

Client/server模型，Server 用于存储数据，Client提供操作目录信息树的工具

这些工具可以将数据库的内容以文本格式（LDAP 数据交换格式，LDIF）呈现在您的面前

LDAP是一种开放Internet标准，LDAP协议是跨平台的Interent协议

http://stackoverflow.com/questions/18756688/what-are-cn-ou-dc-in-an-ldap-search

CN = Common Name

OU = Organizational Unit

DC = Domain Component

You read it from right to left, the right-most component is the root of the tree, and the left most component is the node (or leaf) you want to reach.

https://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format

dn

distinguished name

This refers to the name that uniquely identifies an entry in the directory.

dc

domain component

This refers to each component of the domain. For example www.google.com would be written as DC=www,DC=google,DC=com

ou

organizational unit

This refers to the organizational unit (or sometimes the user group) that the user is part of. If the user is part of more than one group, you may specify as such, e.g., OU= Lawyer,OU= Judge.

cn

common name

This refers to the individual object (person's name; meeting room; recipe name; job title; etc.) for whom/which you are querying.

dn: cn=The Postmaster,dc=example,dc=com

objectClass: organizationalRole

cn: The Postmaster