LDAP 3 defines a number of improvements that allow a more
efficient implementation of the Internet directory user agent
access model. These changes include:
Use of UTF-8 for all text string attributes to support extended
character sets.
Operational attributes that the directory maintains for its own
use; for example, to log the date and time when another attribute
has been modified.
Referrals allow a server to direct a client to another server
that may have the data that the client requested.
Schema publishing with the directory, allowing a client to
discover the object classes and attributes that a server
supports.
Extended searching operations to allow paging and sorting of
results, and client-defined searching and sorting controls.
Stronger security through an SASL-based authentication
mechanism.
Extended operations, providing additional features without
changing the protocol version.
LDAP 3 is compatible with LDAP 2. An LDAP 2 client can connect
to an LDAP 3 server (this is a requirement of an LDAP 3 server).
However, an LDAP 3 server can choose not to talk to an LDAP 2
client if LDAP 3 features are critical to its application.