The Secret Security Wiki


Lightweight Directory Access Protocol

Created at 1993 LDAP was created by Tim Howes, Steve Kille and Wengyik Yeong; Based on the X.500 Standard but simply adapting to meet custom specifications.

Lightweight Directory Access Protocol (LDAP) is a standard application protocol for accessing and managing a directory service. It is supported by most vendor directory services, including Active Directory (AD), and facilitates the sharing of information on users, systems, networks, services, and applications with applications and services that need it.

The concept of LDAP is its information model, which handles with information stored in directories and the hierarchical structuring of information. The information model revolves around an entry (user or group, organization …) , which is a collection of fields that are attributed to a user with type and value. Entries are organized in a tree structure called the directory information tree. The entries are composed around real world concepts, organization, people and objects. Attribute types are associated with syntax defining allowed information. An  attribute in its singularity can enclose multiple values/fields init.

  • What is LDAP authentication?

    LDAP authentication is the process of validating a username and password with a directory service using the LDAP protocol. Common directory services supporting LDAP include MS Active Directory, OpenLDAP or OpenDJ.

  • What is OpenLDAP?

    OpenLDAP is a free open source version of LDAP developed by the OpenLDAP Project.

  • What are the differences between LDAP and Active Directory?

    LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and editing items in directory service providers like Active Directory, which supports LDAP.

    Active Directory is a database system that provides authentication, directory
    control , policy, and other services in a Windows server environment.

  • What is LDAP password?

    LDAP is used to look up encryption certificates and other services on a Windows server network, and provide “=single sign-on capabilities where one password for a user is shared between many services. LDAP is appropriate for any kind of directory-like information, where fast lookups and less-frequent updates are the standard.

  • How are passwords stored in LDAP?

    LDAP passwords are normally stored in the userPassword attribute. RFC4519 specifies that passwords are not stored in encrypted (or hashed) form. This allows a wide range of password-based authentication mechanisms, such as DIGEST-MD5 to be used.

  • What is difference between LDAP and Kerberos?

    They’re completely different protocols for entirely different uses. the only connection between the two is that Active Directory (AD) provides both Kerberos and LDAP services together in the same package.