/ˈɛlˌdiːˈæp/
n. “The phonebook of your network, but smarter.”
LDAP, or Lightweight Directory Access Protocol, is a protocol used to access and manage directory services over a network. Think of it as a standardized way to look up and modify information about users, groups, devices, and other resources in a centralized repository. Instead of each system maintaining its own separate user list, LDAP allows multiple applications and services to query a single authoritative source.
LDAP directories are hierarchical, typically organized as a tree structure with entries representing objects such as users, groups, and organizational units. Each entry has attributes—like usernames, email addresses, and passwords—that applications can read or, with proper permissions, update.
One of the most common uses of LDAP is Active Directory, Microsoft’s directory service. AD uses LDAP as its primary query protocol, allowing administrators and applications to authenticate users, retrieve contact information, and enforce policies. Other directory services, including OpenLDAP, also rely on this protocol for cross-platform identity management.
For example, when a user logs into a corporate workstation, the login process may query the LDAP directory to verify the username and password. Similarly, an email client can use LDAP to fetch a company-wide address book, and applications can check group membership for access control decisions.
Security in LDAP is crucial. While basic LDAP can transmit data in cleartext, modern deployments typically use LDAPS—LDAP over TLS—to encrypt queries and responses. Access control mechanisms ensure that only authorized users can read or modify certain entries, and password policies or multi-factor authentication may be enforced at the directory level.
In short, LDAP is the backbone of networked identity and resource management. It provides a uniform, scalable, and secure way for systems to share information about who and what exists in a network, bridging applications, platforms, and services into a coherent, centralized ecosystem.