Question 1

What's the difference between LDAP and Active Directory?

Accepted Answer

LDAP is a protocol (a standard way for software to talk to a directory). Active Directory (AD) is a directory service product from Microsoft that stores users, groups, and computers and supports multiple protocols, including LDAP/LDAPS, Kerberos, and others. In other words: LDAP is the language; AD is one system that can speak it.

Question 2

When should I use LDAP?

Accepted Answer

Use LDAP when you need a central place to store and look up identity data (users, groups, attributes) and you have multiple systems that must share that data. Common cases include: authenticating users for many apps, enforcing group-based access, integrating Linux/Unix systems with a corporate directory, or enabling legacy/enterprise apps that expect LDAP. If you only need modern web SSO for SaaS apps, consider SAML/OIDC with an identity provider; LDAP is often used behind the scenes for directory lookups rather than direct web login.

Question 3

How much does LDAP cost?

Accepted Answer

LDAP itself is a free protocol, but running an LDAP directory has costs. If you self-host (e.g., OpenLDAP), costs include compute, storage, backups, monitoring, and staff time. If you use managed directory services (e.g., AWS Directory Service, Azure AD DS, Google Managed AD), pricing typically depends on directory size/edition, number of domain controllers, region, and network traffic. You may also pay for certificates and load balancers if you expose LDAPS securely.

LDAP

Definition

Real-World Example

Cloud Provider Equivalencies

Explore More Cloud Computing Terms