The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol that is used to get access & maintain distributed directory information in a well mannered & organized over Intranet or Cloud.
LDAP stores this data by way of records that contain a set of attributes. Think of the attributes like fields in a database. The record itself has a unique identifier, a 'Distinguished Name' in LDAP parlance, most often seen as 'DN.' This is the unique bit of each entry, kind of like the path to a file on your file system.
LDAP authentication is a process that validates the username and password against the directories such as Active Directory, OpenLDAP. Which groups are a user in? Only users in the detective group should have access to the clues application, so when someone attempts to log in, ensure they are in the proper group before granting access, etc.
But how does one gain access to all of those records? The process is pretty straight forward from a flow perspective:
Directories, or directory information services, are network databases that store information in data trees. Each entry in the tree includes (among other, less critical components) a distinguished name, a collection of attributes, and a collection of object classes.
For example, Active Directory is the proprietary directory services provider for Windows environments. LDAP is a request-response protocol that allows you to easily interact with directory servers like Active Directory by using specific entry components in order to find, view, or edit information.
Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.