Loading...
LDAP
The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral protocol used to query and manage directory services over a network. It facilitates centralized authentication, authorization, and directory-based lookups, serving as a backbone for enterprise identity management and access control. LDAP powers a wide array of services including corporate user directories, email systems, and network resource lookups..
LDAP, standing for Lightweight Directory Access Protocol, is designed as a lightweight alternative to the X.500 Directory Access Protocol, enabling efficient querying and modification of directory information over an IP network. It operates primarily over port 389, utilizing both TCP and UDP as transport protocols. The LDAP information model is based on data stored in hierarchical, tree-like structures known as directory information trees (DITs), which organize entries representing users, groups, devices, and other objects.
Clients communicate with an LDAP directory server using a well-defined protocol that supports search, read, add, delete, and modify operations. It provides for extensible schema definitions to describe various object classes and attributes, enabling flexible and powerful directory designs. LDAP servers like OpenLDAP, Microsoft Active Directory, and Apache Directory Server implement the protocol to enable integration with a range of applications.
Because it is a fundamental component of authentication and authorization systems, LDAP is a key part of enterprise network infrastructures. While originally designed to be used without encryption, LDAP is often paired with protocols such as StartTLS (on the same port) or LDAPS (over port 636) to secure communications.