What Is Lightweight Directory Access Protocol (LDAP)?

Lightweight directory access protocol (LDAP) is an application protocol for accessing and managing directory information that is widely used within an organization. It is a vendor-neutral protocol that provides a means for accessing and modifying directory services over a network. LDAP builds upon a client-server model and operates over TCP/IP, making it suitable for distributed computing environments such as the internet.

LDAP is lightweight, efficient, and extensible, making it an ideal choice for directory services. A directory service is a centralized database that stores and organizes information in a hierarchical manner. Such information is typically about users, systems, networks, and other resources. LDAP allows clients to search, read, and modify data in the directory service. It provides a standardized way to interact with directory services, regardless of the specific implementation or underlying technology.

How does LDAP work?

At its core, LDAP defines a protocol for communication between LDAP clients and LDAP servers. The protocol uses a simple string-based format for querying and exchanging messages, which eliminates the requirement of manually entering multiple queries for a certain task. LDAP messages travel over a network connection using the lightweight directory access protocol data units (PDUs).

LDAP operates on a directory information tree (DIT) structure, which is a hierarchical organization of entries that represent objects or resources in the directory. The organization of entries in the DIT uses a naming scheme called the distinguished name (DN). The DN uniquely identifies each entry in the directory and specifies its position in the tree.

Is Microsoft Active Directory LDAP?

Microsoft Active Directory (AD) does allow for the use of LDAP, so you can include it as part of your overall access management protocol. Furthermore, other directory services, such as Red Hat Directory Service and Apache Directory Server, also support LDAP.

LDAP examples

Consider an organization that uses LDAP for managing employee information. The directory contains entries for each employee, storing attributes such as name, email address, phone number, and department. 

Each entry in the directory has a unique DN that identifies its position in the tree. For example, the DN for Jane Smith would be “cn=Jane Smith, ou=Employees, ou=Marketing, o=Acme.” The “cn” stands for common name, “ou” for organizational unit, and “o” for organization.

LDAP clients can perform various operations, such as searching, adding, modifying, or deleting, on the directory entries. Let's consider a scenario where an LDAP client wants to search for employees in the marketing department whose name starts with "J.”

The LDAP server receives the search request, traverses the DIT starting from the base DN, and returns the matching entries. 

The client receives the search results and processes them according to its needs. It can extract the employee name from the returned entry and display it, perform further operations on the entry, or retrieve additional attributes.

Related terms

• Information technology (IT) infrastructure

• Dynamic host configuration protocol (DHCP)

• Transmission control protocol/internet protocol (TC/IP)

• Central processing unit (CPU)

Get started in information technology

If you’re interested in learning more about LDAP and other information technology concepts, consider the Google IT Support Professional Certificate on Coursera. This course requires no prior experience, offers a flexible schedule, and takes an estimated six months to complete. The topics covered include technical support fundamentals, operating systems, IT security, and more. Upon completion, gain a Professional Certificate to include in your resume or LinkedIn profile.