LDAP

Definition

Lightweight Directory Access Protocol (LDAP) is a standard for accessing and maintaining distributed directory services, crucial for user management.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between LDAP and Active Directory?
LDAP is a protocol (a set of rules) for reading and updating directory data like users and groups. Active Directory (AD) is a Microsoft directory service product that stores identity data and supports multiple protocols, including LDAP/LDAPS, Kerberos, and others. In practice, many organizations use AD as the directory and LDAP as one of the ways applications talk to it.
When should I use LDAP?
Use LDAP when you need a centralized directory of users, groups, or devices that many applications can query for authentication (who you are) and authorization (what you can access). It’s common for enterprise apps, VPNs, Wi-Fi authentication, Linux server logins, and legacy systems that expect LDAP. If you only need modern web single sign-on for SaaS apps, you may prefer SAML/OIDC with an identity provider, while still keeping LDAP/AD as the underlying source of users and groups.
How much does LDAP cost?
LDAP itself is a free protocol, but running an LDAP directory has costs: servers/VMs or managed directory service fees, storage, backups, high availability, and admin time. Managed offerings (like AWS Directory Service, Azure Entra Domain Services, or Google Managed Microsoft AD) charge based on directory size/edition, number of domain controllers, and uptime/region. Self-managed LDAP (e.g., OpenLDAP on VMs) shifts costs to compute, operations, and maintenance.

Category: networking

Difficulty: advanced

Related Terms

See Also