Directory Services

DSML Services for Windows and LDAP

DSML Services for Windows expresses LDAP requests and responses as XML document fragments. When DSML Services for Windows receives a DSML V2 request from a client, it translates it into an LDAP 3 query that is sent to Active Directory. When the subsequent LDAP 3 response from Active Directory is received, it gets translated back into a DSML V2 response that is returned to the originating client.

When a DSML V2 element name matches an identifier in the LDAP ASN.1 grammar, as defined by RFC 2251, the named element means the same thing both in DSML V2 and in LDAP. Except where noted otherwise, the DSML V2 grammar follows the same rules as the LDAP grammar, even if those rules are not explicitly expressed in the schema. For example, a DSML V2 <AttributeDescription> element can contain only those characters allowed by LDAP.

There are, however, a few areas where DSML V2 deviates from LDAP behavior:

DSML V2 also eliminates an extra level of nested elements that occurs in LDAP and is caused by the translation of the LDAPMessage structure and the way in which LDAP uses defaulting.

For more information about the differences between LDAP and DSML V2, see the DSML V2 specification in the Directory Services section of http://www.oasis-open.org.