LDAP
Definition
Lightweight Directory Access Protocol (LDAP) is a standard for accessing and maintaining distributed directory services, crucial for user management.
Use Cases
- Google: Centralized employee authentication and directory lookups for internal tools — Google historically used LDAP-compatible directory services to centralize user identity data and enable applications to query users/groups for authentication and authorization decisions. (Reduced duplication of user accounts across systems and enabled consistent access control based on centrally managed groups.)
- IBM: Enterprise directory for authentication and authorization across many business applications — IBM has long provided and used LDAP directory technology (e.g., IBM Security Directory Server) to store identities and group memberships that applications query for login and access control. (Improved security administration by managing identities and group-based access in one place, supporting large-scale enterprise environments.)
Provider Equivalents
- AWS: AWS Directory Service
- Azure: Microsoft Entra Domain Services
- GCP: Managed Service for Microsoft Active Directory
- OCI: OCI Identity and Access Management (IAM)
Frequently Asked Questions
- What's the difference between LDAP and Active Directory?
- LDAP is a protocol (a set of rules) for reading and updating directory data like users and groups. Active Directory (AD) is a Microsoft directory service product that stores identity data and supports multiple protocols, including LDAP/LDAPS, Kerberos, and others. In practice, many organizations use AD as the directory and LDAP as one of the ways applications talk to it.
- When should I use LDAP?
- Use LDAP when you need a centralized directory of users, groups, or devices that many applications can query for authentication (who you are) and authorization (what you can access). It’s common for enterprise apps, VPNs, Wi-Fi authentication, Linux server logins, and legacy systems that expect LDAP. If you only need modern web single sign-on for SaaS apps, you may prefer SAML/OIDC with an identity provider, while still keeping LDAP/AD as the underlying source of users and groups.
- How much does LDAP cost?
- LDAP itself is a free protocol, but running an LDAP directory has costs: servers/VMs or managed directory service fees, storage, backups, high availability, and admin time. Managed offerings (like AWS Directory Service, Azure Entra Domain Services, or Google Managed Microsoft AD) charge based on directory size/edition, number of domain controllers, and uptime/region. Self-managed LDAP (e.g., OpenLDAP on VMs) shifts costs to compute, operations, and maintenance.
Category: networking
Difficulty: advanced
Related Terms
See Also