This page provides a listing of a number of LDAP-related specifications that are defined in RFCs. Note that some of these specifications are obsolete, and are no longer recommended for use. In addition, some of these specifications are not widely implemented in or supported by LDAP servers and/or clients. Before attempting to use any of these specifications, check the capabilities of your LDAP directory server and/or clients.



RFCs Defining the LDAP Protocol and Other Core Specifications

  • RFC 2849: The LDAP Data Interchange Format (LDIF) - Technical Specification 

  • RFC 3296: Named Subordinate References in Lightweight Directory Access Protocol (LDAP) Directories 

  • RFC 3671: Collective Attributes in the Lightweight Directory Access Protocol (LDAP) 

  • RFC 3672: Subentries in the Lightweight Directory Access Protocol (LDAP) 

  • RFC 3673: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes 

  • RFC 3866: Language Tags and Ranges in the Lightweight Directory Access Protocol (LDAP) 
    Obsoletes: RFC 2596 

  • RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol 
    Obsoletes: RFC 2251RFC 2830RFC 3771 

  • RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models 
    Obsoletes: RFC 2251RFC 2252RFC 2256RFC 3674 

  • RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms 
    Obsoletes: RFC 2251RFC 2829RFC 2830 

  • RFC 4514: Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names 
    Obsoletes: RFC 2253 

  • RFC 4515: Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters 
    Obsoletes: RFC 2254 

  • RFC 4516: Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator 
    Obsoletes: RFC 2255 

  • RFC 4518: Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation 

  • RFC 4522: Lightweight Directory Access Protocol (LDAP): The Binary Encoding Option 

  • RFC 4525: Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension 

  • RFC 4526: Lightweight Directory Access Protocol (LDAP) Absolute True and False Filters 

  • RFC 4529: Requesting Attributes by Object Class in the Lightweight Directory Access Protocol 



RFCs Containing Informational Documents, Recommendations, and Best Practices



RFCs Defining Controls and Extended Operations

  • RFC 2589: Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services 

  • RFC 2649: An LDAP Control and Schema for Holding Operation Signatures 

  • RFC 2696: LDAP Control Extension for Simple Paged Results Manipulation 

  • RFC 2891: LDAP Control Extension for Server Side Sorting of Search Results 

  • RFC 3062: LDAP Password Modify Extended Operation 

  • RFC 3829: Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls 

  • RFC 3876: Returning Matched Values with the Lightweight Directory Access Protocol version 3 (LDAPv3) 

  • RFC 3909: Lightweight Directory Access Protocol (LDAP) Cancel Operation 

  • RFC 3928: Lightweight Directory Access Protocol (LDAP) Client Update Protocol 

  • RFC 4370: Lightweight Directory Access Protocol (LDAP) Proxied Authorization Control 

  • RFC 4373: Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP) 

  • RFC 4527: Lightweight Directory Access Protocol (LDAP) Read Entry Controls 

  • RFC 4528: Lightweight Directory Access Protocol (LDAP) Assertion Control 

  • RFC 4531: Lightweight Directory Access Protocol (LDAP) Turn Operation 

  • RFC 4532: Lightweight Directory Access Protocol (LDAP) "Who am I?" Operation 

  • RFC 4533: The Lightweight Directory Access Protocol (LDAP) Content Synchronization Operation 

  • RFC 5805: Lightweight Directory Access Protocol (LDAP) Transactions 

  • RFC 6171: The Lightweight Directory Access Protocol (LDAP) Don't Use Copy Control 



RFCs Defining Core LDAP Schema



RFCs Containing Additional LDAP Schema Definitions

  • RFC 2079: Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifiers (URIs) 

  • RFC 2307: An Approach for Using LDAP as a Network Information Service 

  • RFC 2713: Schema for Representing Java(tm) Objects in an LDAP Directory 

  • RFC 2714: Schema for Representing CORBA Objects in an LDAP Directory 

  • RFC 2739: Calendar Attributes for vCard and LDAP 

  • RFC 3641: Generic String Encoding Rules (GSER) for ASN.1 Types 
    Updated by: RFC 4792 

  • RFC 3642: Common Elements of Generic String Encoding Rules (GSER) Encodings 

  • RFC 3703: Policy Core Lightweight Directory Access Protocol (LDAP) Schema 
    Updated by: RFC 4104 

  • RFC 3727: ASN.1 Module Definition for the LDAP and X.500 Component Matching Rules 
  • RFC 4104: Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS) 
    Updates: RFC 3703 

  • RFC 4403: Lightweight Directory Access Protocol (LDAP) Schema for Universal Description, Discovery, and Integration version 3 (UDDIv3) 

  • RFC 4523: Lightweight Directory Access Protocol (LDAP) Schema Definitions for X.509 Certificates 
    Obsoletes: RFC 2252RFC 2256RFC 2587 

  • RFC 4792: Encoding Instructions for the Generic String Encoding Rules (GSER) 
    Updates: RFC 3641 

  • RFC 4876: A Configuration Profile Schema for Lightweight Directory Access Protocol (LDAP)-Based Agents 

  • RFC 5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets 

  • RFC 7612: Lightweight Directory Access Protocol (LDAP) Schema for Printer Services 
    Obsoletes: RFC 3712


RFCs Containing Other Specifications Commonly Used in Conjunction with LDAP

  • RFC 1321: The MD5 Message-Digest Algorithm 
    Updated by: RFC 6151 

  • RFC 2104: HMAC: Keyed-Hashing for Message Authentication 
    Updated by: RFC 6151 

  • RFC 2605: Directory Server Monitoring MIB 
    Obsoletes: RFC 1567 

  • RFC 2808: The SecurID(r) SASL Mechanism 

  • RFC 2831: Using Digest Authentication as a SASL Mechanism 
    Obsoleted by: RFC 6331 

  • RFC 3174: US Secure Hash Algorithm 1 (SHA1) 
    Updated by: RFC 4634RFC 6234 

  • RFC 3454: Preparation of Internationalized Strings ("stringprep") 

  • RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords 

  • RFC 4422: Simple Authentication and Security Layer (SASL) 
    Obsoletes: RFC 2222 

  • RFC 4505: Anonymous Simple Authentication and Security Layer (SASL) Mechanism 
    Obsoletes: RFC 2245 

  • RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism 

  • RFC 4752: The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism 
    Obsoletes: RFC 2222 

  • RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms 

  • RFC 6151: Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms 
    Updates: RFC 1321RFC 2104 

  • RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF) 
    Updates: RFC 3174 
    Obsoletes: RFC 4634 

  • RFC 6331: Moving DIGEST-MD5 to Historic 
    Obsoletes: RFC 2831 

  • RFC 6595: A Simple Authentication and Security Layer (SASL) and GSS-API Mechanism for the Security Assertion Markup Language (SAML) 

  • RFC 7628: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

  • RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms



Obsolete RFCs Provided for Informational Purposes