In order for LDAP servers to be of any use, there must be clients to access them. There is a wide range of commercial and open source software that can interact with LDAP servers, but many organizations also need to create their own custom LDAP-enabled software. Fortunately, there are LDAP client libraries for virtually all of the most popular programming languages out there, and many other languages have the ability to leverage libraries written for a different language.
This page provides a list of some of the LDAP libraries available for the most popular programming languages. It is not necessarily comprehensive, so it is recommended that you do your own research before embarking on a new LDAP-enabled application.
Java SE includes built-in support for LDAP through JNDI, the Java Naming and Directory Interface. However, while it is commonly used just because it's included as part of the core language, JNDI is not the best option for a number of reasons, including:
It isn't a dedicated LDAP library. JNDI is an abstraction layer that allows for interacting with a number of different kinds of services through a common API. As such, it's kind of a least-common-denominator library that doesn't always make it easy or convenient to do LDAP-specific things. It also uses confusing terminology (for example, in JNDI, the "bind" method is used to perform an LDAP add operation, not an LDAP bind operation).
JNDI doesn't provide full access to the LDAP protocol. It is difficult to get access to the full set of information included in an LDAP response. Further, the API hasn't been substantially updated in years and doesn't support more recent core protocol updates like intermediate response messages or the increment modification type.
JNDI offers very limited support for protocol extensions like controls and extended operations, and doesn't provide any mechanism for the ASN.1 BER encoding and decoding that is frequently needed to encode requests and decode responses.
JNDI offers very limited support for connection pooling and failover.
JNDI does not provide any support for peripheral LDAP-related processing, like the ability to read or write LDIF or perform base64 encoding or decoding.
Fortunately, there are a number of third-party LDAP libraries that address many of the shortcomings with JNDI. Some of these libraries include:
There is also a Spring LDAP library, although it is more a framework that sits on top of JNDI rather than providing its own communication mechanism.
Although it was once popular, the Netscape Directory SDK for Java has been abandoned for a very long time. It has known bugs and is not recommended for use.
Although the Java Virtual Machine is predominantly used to run programs that were written in Java, it can actually be used to execute code written in a wide variety of languages. Some of these languages can be compiled to bytecode and therefore have the potential to run as efficiently as Java, while others are more like scripting languages that are interpreted on the fly.
Most JVM-based languages provide some means of calling Java code and therefore can leverage the Java libraries listed above. In some cases, there may be a language-specific wrapper that makes it easier to leverage a Java library while adhering more closely to the semantics of the JVM-based language. For example, the scala-ldap is a Scala wrapper around the UnboundID LDAP SDK for Java, and the Groovy LDAP library is a Groovy library that uses JNDI behind the scenes to perform the actual communication.
Android is a Java-based platform. While there are areas in which Android offers a very different set of APIs than Java SE (e.g., when interacting with the graphical user interface), there usually a strong overlap between classes and methods available in Java SE and those available in Android.
JNDI is not available in Android, so it cannot be used to allow Android apps to perform LDAP communication. However, the UnboundID LDAP SDK for Java can be used to provide LDAP support for Android apps (although a couple of peripheral features, like support for the CRAM-MD5, DIGEST-MD5, and GSSAPI SASL mechanisms, are not available because the Android API does not provide the necessary support for them), and the UnboundID LDAP SDK even includes the source for a simple LDAP-based Android app for demonstration purposes.
It is not known whether any of the other Java-based LDAP APIs work on Android.
LDAP APIs written in C are very useful not only because they facilitate LDAP-enabled C and C++ programs, but because they are so often used behind the scenes by other libraries. Several of the libraries for the other languages below leverage one of the below APIs to perform the underlying LDAP communication.
Note that most LDAP libraries for C expose an API that is based on RFC 1823 (The LDAP Application Program Interface), and therefore switching between them may be relatively straightforward.
A list of the most notable LDAP APIs for other popular programming languages is provided below.