Question 1

What's the difference between LDAP and Active Directory?

Accepted Answer

LDAP is a protocol (a set of rules) for reading and updating directory data like users and groups. Active Directory (AD) is a Microsoft directory service product that stores identity data and supports multiple protocols, including LDAP/LDAPS, Kerberos, and others. In practice, many organizations use AD as the directory and LDAP as one of the ways applications talk to it.

Question 2

When should I use LDAP?

Accepted Answer

Use LDAP when you need a centralized directory of users, groups, or devices that many applications can query for authentication (who you are) and authorization (what you can access). It’s common for enterprise apps, VPNs, Wi-Fi authentication, Linux server logins, and legacy systems that expect LDAP. If you only need modern web single sign-on for SaaS apps, you may prefer SAML/OIDC with an identity provider, while still keeping LDAP/AD as the underlying source of users and groups.

Question 3

How much does LDAP cost?

Accepted Answer

LDAP itself is a free protocol, but running an LDAP directory has costs: servers/VMs or managed directory service fees, storage, backups, high availability, and admin time. Managed offerings (like AWS Directory Service, Azure Entra Domain Services, or Google Managed Microsoft AD) charge based on directory size/edition, number of domain controllers, and uptime/region. Self-managed LDAP (e.g., OpenLDAP on VMs) shifts costs to compute, operations, and maintenance.

LDAP

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms