The Lightweight Directory Access Protocol (“LDAP”) is a standard computer networking protocol for querying and modifying entries in a database. The basic protocol is defined in a group of Internet Engineering Task Force (“IETF”) Request for Comments (“RFC”) documents; various aspects of the current version of the protocol (version 3) are described in RFCs listed in the “LDAP Technical Specification Road Map” (RFC4510, published June 2006). The databases reachable through LDAP may contain any sort of data, but most commonly contain identity and contact information for people and organizations.
LDAP presents a hierarchical view of the data in a database that is somewhat like the data in a file stored in a hierarchical filesystem. Each LDAP database record is associated with a Distinguished Name (“DN”) that is like a fully-qualified path of a file. LDAP also deals with Relative Distinguished Names (“RDNs”), which are like partial paths that identify files starting from a location in a hierarchical filesystem other than the root directory. However, unlike data in “sibling” files in the same directory in a fileystem, “sibling” LDAP records often contain common data elements. (Sibling files can, of course, contain related data, but it is at least as likely that they do not.)
Unfortunately, common data elements in LDAP records are completely independent copies of each other. Thus, for example, even if two employees work at the same facility of an organization, the “address” fields of their records are independent, so if the facility is moved to a different location, each employee's LDAP record must be updated independently to show the new address. Alternate LDAP database operational techniques can reduce the effort required to make changes to groups of data records, and can help prevent errors that may occur when the same change is to be made to many records.