Difference Between LDAP and AD

LDAP vs AD | Active Directory and Lightweight Directory Access Protocol

As the enterprises grow in size and complexity, use of secure and efficient user authentication systems has become a very important requirement. To this end, AD (Active Directory) is a directory service provider introduced by Microsoft, while LDAP is an application protocol that can be used for directory services. In fact, Active Directory supports LDAP based authentication.

What is LDAP?

LDAP is an adaptation of X.500 (a complex enterprise directory system) developed by University of Michigan. LDAP stands for Lightweight Directory Access Protocol. Current version of LDAP is versions 3. It is an application protocol used by applications such as email programs, printer browsers or address books to look up information from a server. Client programs that are “LDAP-aware” can ask for information from LDAP running servers in different ways. This information is residing in “directories” (organized as set of records). All the data entries are indexed by LDAP servers. When a certain name or a group is requested, certain filters may be used to get the required information. For example, an email client can search for email addresses of all persons living in New York who has a name staring with “Jo”. Apart from contact information, LDAP is used to look up information like encryption certificates and pointers to resources (e.g. printers) in the network. LDAP is used for SSO as well. If the information to be stored is updated very rarely and fast-lookup is a must, then LDAP servers are ideal. LDAP servers exist as public servers, organizational servers for universities/corporations and smaller workgroup servers. Public LDAP servers are not popular anymore due to the threat of spam. Administrator can set permissions on LDAP databases.

What is AD?

AD (Active Directory) is a directory service developed by Microsoft. Active Directory provides a number of network related services using a variety of standardized protocols. Active Directory supports LDAP versions 2 and 3. AD optionally support Kerberos based authentication. Also, it provides DNS based services. Active Directory provides the ability for the administrator to manage the administration and security tasks from a central location. It stores all information and configuration details in a centralized database. Administrators can easily carry out assignment of policies, deployment and updating of software using Active Directory. It also provides SSO (Single sign-on) services for users to access resources on the network. Active directory is highly scalable. Therefore AD is used in variety of networks from small networks with very few machines to very large networks with thousands of users. It is used by companies to provide standardized accesses to applications. Active Directory can easily synchronize updates to directories across servers.

What is the difference between LDAP and AD?

Active Directory is a directory service provider, while LDAP is an application protocol used by directory service providers like Active Directory and OpenLDAP. But, Active Directory supports Kerberos based authentication as well. Active Directory is a proprietary product of Microsoft and it is mainly associated with windows servers. But, LDAP can be used on almost any server running different operating systems.