This project is read-only.

Project Description
LDS is simple DS (directory service) created on top of MSSQLServer 2008+. It uses DSML v 2.0 as communication interface.

Note: There is no LDAP X.500 layer in implementation. As far as I remember there are some difficulties with X.500 (can't even be implement in .NET).

Project purpose

this is pure projectware created as side-effect product of inter-organization communication system.  Our goal was to be able to store user permissions using security tokens and security descriptors for particular objects (application, app. function, etc) and data sources, where all needs to be in database only (no MS ADS, ADAM or OpenLDAP).

Few years ago, we started with M$ ASPNET DB but after while, we found it very limited and useless and started to search for some replacement... with no success...

Why MSSQL ? One of crucial component of our solution is Intergraph(R) map server. It draws maps from MSSQL database based on user permissions. Connect MSSQL to AD or ADAM makes it slow and useless.

Later we found that it is very handy to have DS directly in MSSQL and not in some special db nor text file as we can manage all using same tool as we use for our other structural data.

About code

Code for .NET is composed of 3 components:

  1. Custom DSML v2.0 class model (thanx M$ for creating non inheritable DSML classes in framework)
  2. MSSQL Database called L2DB (LDDB, Lightweight Directory DataBase)
  3. WCF webservice that process DSML v 2.0 requests using custom DSML class model

Work with LDS is layered as following:

  • SQL commands in db - lowlevel, quite dangerous and difficult, but possible and handy in some cases
  • Using procedures in database - this is non transactional (can create dirty records), but keeps DS integrity
  • Using .NET classes - transactional, never creates dirty objects
  • Using WCF service - transactional + permission check, different users might have different access permission for DSML operations.


  • Windows XP+ for development
  • MSSQL 2008+, 2, 3 stored procedures uses recursive sql, eg. get type parent types,...
  • IIS 6+ for DSML WCF service


I've been quite careful to make current version over-finished. Current version is relative small and easy to read.


currently only limited set of LD datatypes is supported, simply because we don't need more. But system itself is easily upgradable to use full set of LD datatypes. Here is what types it supports:

  • DN
  • DirectoryString
  • Datetime


  • DSML don't support lessThan and greaterThan operators
  • NOT operator can apply only on one (final) filter operation not on group (eg. not (cond1 and cond2 and cond3) is not valid). This is limitation given by architecture and use of MSSQL


  • AUXILIARITY can't inherit from another AUXILIARITY type
  • type can inherit from only one parent STRUCTURAL or ABSTRACT type and multiple AUXILIARITY types
  • instance can specify only one STRUCTURAL type as "instance of" (objectClass) attribute and this type must specify all AUXILIARITY types
  • instance can't specify any extra AUXILIARITY types during addRequest than those defined in its parent type

Last edited Aug 31, 2013 at 8:00 AM by asida, version 14