What is Lightweight Directory Access Protocol (LDAP)?

What is LDAP (Lightweight Directory Access Protocol)?

The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol that is used to get access & maintain distributed directory information in a well mannered & organized over Intranet or Cloud.

LDAP stores this data by way of records that contain a set of attributes. Think of the attributes like fields in a database. The record itself has a unique identifier, a 'Distinguished Name' in LDAP parlance, most often seen as 'DN.' This is the unique bit of each entry, kind of like the path to a file on your file system.

How does LDAP authentication, authorization & access control work?

LDAP authentication is a process that validates the username and password against the directories such as Active Directory, OpenLDAP. Which groups are a user in? Only users in the detective group should have access to the clues application, so when someone attempts to log in, ensure they are in the proper group before granting access, etc.

But how does one gain access to all of those records? The process is pretty straight forward from a flow perspective:

  1. A session begins with a client binding to an LDAP server (DSA, Directory System Agent).
  2. The client then sends an operation request (often a search or compare request, for example) to the server, asking for a particular set of information.
  3. The server then processes this query and supplies a response.
  4. The client receives the response and unbinds, then processes the data.

LDAP Authentication Flow

lightweight directory access protocol workflow

Directories, or directory information services, are network databases that store information in data trees. Each entry in the tree includes (among other, less critical components) a distinguished name, a collection of attributes, and a collection of object classes.

For example, Active Directory is the proprietary directory services provider for Windows environments. LDAP is a request-response protocol that allows you to easily interact with directory servers like Active Directory by using specific entry components in order to find, view, or edit information.

What is Active Directory (AD)?

Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.

Active Directory Authentication Flow

active directory workflow diagram

Limitations of Active Directory (AD):

  • Active Directory infrastructure requires extra effort, maintenance and products to integrate with cloud infrastructure.
  • Lack of support for Mac and Linux, so it can be burdensome to integrate with these platforms.
  • It is found that Active Directory is suitable for large enterprises and hence requires a large infrastructure setup.
  • Active Directory has quite high maintenance costs, as you will need Windows Server licenses and you may need to upgrade the hardware on the server so it can run Windows Server.

Benefits of miniOrange LDAP:

  1. Intuitive Interface: Our Interface is designed keeping in mind the ease of use and provides a consistent user experience for all.
  2. Regular Updates: Updates are provided regularly for better user experience.
  3. Easy Setup: Adequate support and documentation for assisting with the setup.
  4. Customizable: High level of customization and add-ons to support specific requirements.
  5. Active Support: With authentication being an essential function, a fast and priority support ensures that any issues you face on a live production site can be resolved in a timely manner.
  6. Custom Pricing: Reasonably priced with various plans tailored to suit your needs.

Related Articles: