LDAP is an abbreviation for Lightweight Directory Access Protocol. With Directory Naming service addresses and net service names are stored into a lightweight directory access protocol (LDAP) server, much like a DNS server. Client processes make connection requests using name-network address pairs stored in the LDAP directory server. The client provides a name and the LDAP directory provides the client connection request process with a network connect descriptor or connection string when the client makes a named request to that LDAP directory server, similar to the /etc/hosts and /etc/resolv.conf files on a Solaris Unix box.
LDAP directory servers are intended as central network addressing and routing storage areas for heterogeneous networks. A heterogeneous network is a network containing multiple systems in differing formats. LDAP directory servers are used to provide a common directory structure across multiple types of machines. Oracle networks can use an LDAP server to store database and client network components, user profiling and security. As a result tnsnames.ora files are not required.
Within the LDAP directory server the hierarchy of entries is called DIT (Directory Information Tree). Each entry in the DIT is a unique DN (Distinguished Name). The DN contains details of its exact location with the DIT. The DN contains the least significant component on the left. Each DN contains a set of RDN's (Relative Distinguished Names). A DN contains multiple RDN's where all the RDN's within a DN represent that parent DN. A typical DN could be (dn:cn=<sid>,cn=OracleContext,dc=xyz,dc=com). An LDAP directory server is very similar in nature to an operating system level directory structure in a machine.
Security is maintained in the LDAP server by use of ACLs (Access Control Lists). Clients doing simple lookups in the LDAP server automatically use anonymous authentication; typical for Oracle client users accessing a database (not changing LDAP entries), ie. most of the database users. Obviously administrative type users have to be verified based on the ACL entries.
These parameters are placed into the $ORACLE_HOME/network/admin/ldap.ora file.