For the best web experience, please use IE11+, Chrome, Firefox, or Safari
OneLogin + One Identity delivering IAM together. Learn more

What is LDAP? 

All You Need to Know

The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral software protocol used to lookup information or devices within a network. Whether you want to build a central authentication server for your organization or want to simplify access to internal servers and printers, LDAP is the answer.

What is LDAP?

LDAP is a standard protocol designed to maintain and access “directory services” within a network. Think of a directory service as a phonebook for different network resources like files, printers, users, devices, and servers, etc.

For example, an organization may store information for all their printers in a directory. LDAP can enable users to search for a specific printer, locate it on the network, and securely connect to it.

LDAP is widely used to build central authentication servers. These servers contain usernames and passwords for all the users within a network. Any-and-all applications and services can connect to the LDAP server to authenticate and authorize users.

LDAP directories typically contain data that is regularly accessed, but rarely changed. LDAP is designed to deliver exceptionally fast READ performance, even for larger datasets. However, the WRITE performance is significantly lower.

How does LDAP work?

To connect to a LDAP directory, a user must have an LDAP client installed on their device. Here’s how a typical LDAP workflow looks like:

  1. Using the client, the user establishes a secure connection with the LDAP directory.
  2. They send a “search” query to the directory for a specific printer.
  3. The LDAP directory authenticates the user.
  4. The search operation is performed within the directory, and the address of the requested printer is returned.
  5. The secure connection to the LDAP directory is closed.
  6. The user connects to the printer.
How LDAP works

Is LDAP secure?

Just like any other protocol, LDAP is as secure as its implementation. There are numerous security best practices to keep in mind, especially if your directories store security-critical information.

  • Use SSL/TLS to encrypt LDAP requests and responses.
  • When using LDAP authentication, don’t store passwords as plaintext. Instead, use a cryptographically strong hash function.
  • Establish an access control policy. E.g.,grant WRITE permissions only to administrators.
  • Don’t have a single point of failure. Maintain multiple replications of directory data.
  • Use well-configured firewalls to control access to directory services.
  • Log access to LDAP directories, and audit for anomalies.

What is LDAP authentication?

LDAP authentication is the process of verifying usernames and passwords stored in a directory service, like OpenLDAP or Microsoft Active Directory. Administrators can create user accounts within a directory and grant them permissions.

When a user tries to access a resource, a request is sent to the LDAP authentication server. The LDAP server validates the entered username-password against the data in the directory. If there is a match, it then checks whether the user is authorized to access the requested resource.

LDAP vs Active Directory

LDAP and Active Directory are sometimes used interchangeably, but they are not the same thing. Active Directory is a proprietary directory service developed by Microsoft. It can be used for authentication, and/or storing information about network resources. LDAP is one of the protocols that is used to create or query objects in Active Directory.

In a nutshell, LDAP is a language to talk to directory services, and Active Directory is one such directory service.

What is virtual LDAP (vLDAP)?

Virtual LDAP (aka LDAP-as-a-service) is LDAP hosted and managed in the cloud. It enables organizations to build cloud-ready LDAP applications, without having to run and maintain in-house LDAP servers. Any-and-all applications and services can integrate with the LDAP directory hosted in the cloud.

There are numerous benefits to this:

  • Instead of having to integrate with different directories, integrate with one virtual LDAP service that unifies data from different directories. Build a single source of truth.
  • Scale at will. Spin as many new servers as required to cater for your growing datasets.
  • Kick-start your digital transformation journey without having to forego legacy protocols like LDAP.

LDAP is a standard protocol that simplifies secure access to vital information and resources. When set up right, LDAP directories can enhance productivity and efficiency. Organizations have been using LDAP in their infrastructures for decades. With virtual LDAP now a reality, we don’t expect the popularity and prevalence of LDAP to diminish any time soon.

Try OneLogin for Free

Experience OneLogin’s Access Management capabilities first-hand for 30 days