-LDAP directory service is based on a {{client-server}} model. One or more
-LDAP servers contain the data making up the LDAP directory tree. An LDAP
-client connects to an LDAP server and asks it a question. The server
-responds with the answer and/or with a pointer to where the client can
-get additional information (typically, another LDAP server). No matter
-which LDAP server a client connects to, it sees the same view of the
-directory; a name presented to one LDAP server references the same
-entry it would at another LDAP server. This is an important feature of
-a global directory service, like LDAP.
+LDAP directory service is based on a {{client-server}} model. One
+or more LDAP servers contain the data making up the directory
+information tree (DIT). The client connects to servers and
+asks it a question. The server responds with an answer and/or
+with a pointer to where the client can get additional information
+(typically, another LDAP server). No matter which LDAP server a
+client connects to, it sees the same view of the directory; a name
+presented to one LDAP server references the same entry it would at
+another LDAP server. This is an important feature of a global
+directory service, like LDAP.
+
+
+H2: What about X.500?
+
+Technically, {{TERM:LDAP}} is a directory access protocol to an
+{{TERM:X.500}} directory service, the {{TERM:OSI}} directory service.
+Initially, LDAP clients accessed gateways to the X.500 directory service.
+This gateway ran LDAP between the client and gateway and X.500's
+{{TERM[expand]DAP}} ({{TERM:DAP}}) between the gateway and the
+X.500 server. DAP is a heavyweight protocol that operates over a
+full OSI protocol stack and requires a significant amount of
+computing resources. LDAP is designed to operate over
+{{TERM:TCP}}/{{TERM:IP}} and provides most of the functionality of
+DAP at a much lower cost.
+
+While LDAP is still used to access X.500 directory service via
+gateways, LDAP is now more commonly directly implemented in X.500
+servers.
+
+The stand-alone LDAP daemon, or {{slapd}}(8), can be viewed as a
+{{lightweight}} X.500 directory server. That is, it does not
+implement the X.500's DAP. As a {{lightweight directory}} server,
+{{slapd}}(8) implements only a subset of the X.500 models.
+
+If you are already running a X.500 DAP service and you want to
+continue to do so, you can probably stop reading this guide. This
+guide is all about running LDAP via {{slapd}}(8), without running
+X.500 DAP. If you are not running X.500 DAP, want to stop running
+X.500 DAP, or have no immediate plans to run X.500 DAP, read on.
+
+It is possible to replicate data from an LDAP directory server to
+a X.500 DAP {{TERM:DSA}}. This requires an LDAP/DAP gateway.
+OpenLDAP does not provide such a gateway, but our replication daemon
+can be used to replicate to such a gateway. See the {{SECT:Replication
+with slurpd}} chapter of this document for information regarding
+replication.
+
+
+H2: What is the difference between LDAPv2 and LDAPv3?
+
+LDAPv3 was developed in the late 1990's to replace LDAPv2.
+LDAPv3 adds the following features to LDAP:
+
+ - Strong Authentication via {{TERM:SASL}}
+ - Integrity and Confidentiality Protection via {{TERM:TLS}} (SSL)
+ - Internationalization through the use of Unicode
+ - Referrals and Continuations
+ - Schema Discovery
+ - Extensibility (controls, extended operations, and more)
+
+LDAPv2 is historic ({{REF:RFC3494}}). As most implementations
+(including {{slapd}}(8)) of LDAPv2 do not conform to the LDAPv2
+technical specification, interoperatibility amongst implementations
+claiming LDAPv2 support will be limited. As LDAPv2 differs
+significantly from LDAPv3, deploying both LDAPv2 and LDAPv3
+simultaneously can be quite problematic. LDAPv2 should be avoided.
+LDAPv2 is disabled by default.