Version 4.1 - 2.0 LDAP
LDAP stands for Lightweight Directory Access Protocol. It is an open and vendor-neutral (industry standard) application protocol for distributed directory information services. Always remember this is a Directory. It's based on DAP, which is a part of the X.500 standard. If you've worked with mail servers, think of the X.500 addresses with their containers and ugly format. [CN=Employees,CN=Users,DC=security,DC=cisco,DC=com ]
You're looking at a directory (LDAP) that has a bunch of containers which house information. Every directory has a schema - which defines all the objects and attributes housed in the directory. Not sure if you ever thought about this, but Active Directory has a schema and it can be extended. If you wanted to, you could add to the schema so that when you look up a person in AD, you can get a photo of the person or object (printer) or even their shoe size. With the LDAP directories, you're normally talking about a directory that has X.509v3 certificates (which is why this crops up in all the security materials). X.509 is the standard for PKI and digital certificates.
If you're not familiar with LDAP, the Wikipedia page may be a good place to start. LDAP can not only store digital certificates, but also usernames and passwords. In most security literature it is used to authenticate users (Policy Information Point). For some reason, it seems important to know (saw this in multiple materials) that LDAP uses ASN.1 to store the information and BER to transmit the information. I'm not exactly sure why the study materials (or the test) would consider that significant. Perhaps it is just to point out that this information is sent "encrypted" and does NOT use MD5 or SHA to encode/decode the information. [After all, this may be usernames and passwords traversing a possibly insecure medium.]
One of the things I would consider more important is that LDAP uses TCP and UDP ports 389 and (secure LDAP) 636. The "Global Catalog is available by default on ports 3268, and 3269 for LDAPS." The important operations (out of the many listed) are Search and Bind. Think of what you're doing in the Search operation. Do you want to systematically search the entire directory for what you want? No. You are going to need to tell the server the starting point to use for the search (baseDN). Remember that you are likely to be setting up an Authentication Server to search the LDAP directory for the information you need to authenticate a user/device. If you are looking for a user's certificate or username/password, you don't want to search "all users and computers" - just the "users" container. So you have to specify the baseDN of your users container.
The Bind operation is basically authentication. "The BIND operation establishes the authentication state for a session." Don't think of this as "bind" - bound together. Think of this as BIND (Berkeley Internet Name Domain) aka DNS. Then you can associate resolving a name to an authentication (versus an IP address) or some type of name directory. It may or may not work for you to help remember this. Or maybe you'll remember it because you thought this was a stupid idea. Doesn't matter how you remember it, just do so.
StartTLS is one of the most significant extensions to LDAP. "The StartTLS operation establishes Transport Layer Security on the connection. It can provide data confidentiality and/or data integrity protection. During TLS negotiation the server sends its X.509 certificate to prove its identity. The client may also send a certificate to prove its identity."
Other important concepts are DN (Distinguished Name), RDN (Relative Distinguished Name) and DC (Domain Component). Most of the Cisco documentation on LDAP itself really stinks. However, the documentation on implementation is much better (more relevant to the business). The documentation on Configure the ISE for Integration with an LDAP Server is very good and precise. And - basically this is why you have to understand LDAP - to be able to use it. As long as you have a basic understanding of LDAP, once you read this document and understand how it is used, that may give you a better idea of what LDAP is and what it does.
Added later: As I am going through my notebook, I ran across a note about LDAP ports.
LDAP uses tcp and udp port 389. On tcp it is called LDAP; on udp it is called CLDAP (Connectionless LDAP).
LDAP SSL > tcp 636
LDAP TLS > tcp 389