Many of the LDAP attributes are used to store, human readable information about people and organizations. The attributes usually identify something specific about a person or organization such as an electronic mail address (mail), or a commonly used name, nickname, or pseudonym for a person, organization, or organizational unit (cn), or computer userid (uid).
The basic LDAP implementation usually provides for clear text password authentication only. This means that when an LDAP client is required to send a password to an LDAP server, that the password is not encrypted, but is sent as plain or clear text. Some specific implementations or site provided add-on programs may provide for secure client, or user, authentication using Secure Sockets Layer (SSL) or other mechanisms, but this is not yet a function of the LDAPv2 protocol itself. Authentication is the process of sending a user-identifying data string, commonly an LDAP Distinguished Name from an LDAP database object entry, and its associated password string. This is normally required only when updating an LDAP database entry. Most LDAP queries are performed without any authentication, and appear to the LDAP server as a ``null'' or undefined user or client. User/client authentication is independent of access control mechanisms, ACL lists (see Section 10).
Some descriptions of LDAP liken it to an electronic telephone book, or ``yellow pages'' directory, though that is only part of what LDAP can be used for. LDAP databases are most often organized in a tree or hierarchical structure. A large structure may be distributed over more than one LDAP server, and may include references to other LDAP servers, providing for a distributed directory service.