What are the differences between LDAP and Active Directory

Question

User · Answer

Active directory is a directory service provider, where you can add new user to a directory, remove or modify, specify privilages, assign policy etc. Its just like a phone directory where every person have a unique contact number. Every thing in AD(Active Directory) are considered as Objects and every object is given a Unique ID.(similar to a unique contact number in a phone directory.

Ldap is a protocol specially designed for directory service providers. Windows server OS uses AD as a directory server, AIX which is a UNIX version by IBM uses Tivoli directory server. Both of them uses LDAP protocol for interacting with directory.

Apart from protocol there are LDAP servers, LDAP browsers too.

User · Answer

Short Summary  Active Directory is a directory services implemented by Microsoft  and it supports Lightweight Directory Access Protocol  LDAP    Long Answer  Firstly  one needs to know what s Directory Service    Directory Service is a software system that stores  organises  and provides access to information in a computer operating system s directory  In software engineering  a directory is a map between names and values  It allows the lookup of named values  similar to a dictionary    For more details  read https   en wikipedia org wiki Directory service  Secondly as one could imagine  different vendors implement all kinds of forms of directory service  which is harmful to multi-vendor interoperability    Thirdly  so in the 1980s  the ITU and ISO came up with a set of standards - X 500  for directory services  initially to support the requirements of inter-carrier electronic messaging and network name lookup   Fourthly  so based on this standard  Lightweight Directory Access Protocol  LDAP  is developed  It uses the TCP IP stack and a string encoding scheme of the X 500 Directory Access Protocol  DAP   giving it more relevance on the Internet   Lastly  based on this LDAP X 500 stack  Microsoft implemented a modern directory service for Windows  originating from the X 500 directory  created for use in Exchange Server  And this implementation is called Active Directory   So in a short summary  Active Directory is a directory services implemented by Microsoft  and it supports Lightweight Directory Access Protocol  LDAP    PS 0   This answer heavily copies content from the wikipedia page listed above    PS 1   To know why it may be better use directory service rather just using a relational database  read https   en wikipedia org wiki Directory service Comparison with relational databases

User · Answer

Active Directory is a database based system that provides authentication  directory  policy  and other services in a Windows environment  LDAP  Lightweight Directory Access Protocol  is an application protocol for querying and modifying items in directory service providers like Active Directory  which supports a form of LDAP   Short answer  AD is a directory services database  and LDAP is one of the protocols you can use to talk to it

User · Answer

LDAP sits on top of the TCP IP stack and controls internet directory access  It is environment agnostic   AD  amp  ADSI is a COM wrapper around the LDAP layer  and is Windows specific   You can see Microsoft s explanation here

User · Answer

Active Directory is a super-set of the LDAP protocol   Depending on how the organization uses Active Directory  your LDAP search set queries may or may not work

User · Answer

https   jumpcloud com blog difference-between-ldap-and-active-directory   Realistically  there are probably more differences than similarities between the two directory solutions  Microsoft   s AD is largely a directory for Windows users  devices  and applications  AD requires a Microsoft Domain Controller to be present and when it is  users are able to single sign-on to Windows resources that live within the domain structure   LDAP  on the other hand  has largely worked outside of the Windows structure focusing on the Linux   Unix environment and with more technical applications  LDAP doesn   t have the same concepts of domains or single sign-on  LDAP is largely implemented with open source solutions and as a result has more flexibility than AD   Another critical difference between LDAP and Active Directory is how AD and LDAP each approach device management  AD manages Windows devices through and Group Policy Objects  GPOs   A similar concept doesn   t exist within LDAP  Both LDAP and AD are highly different solutions and as a result many organization must leverage both to serve different purposes   This is why there   s an obvious opportunity for innovation  Why leverage and manage two complete systems  when one system can effectively merge the two

User · Answer

active directory is the directory service database to store the organizational based data policy authentication etc whereas ldap is the protocol used to talk to the directory service database that is ad or adam

User · Answer

LDAP is a standard  AD is Microsoft s  proprietary  implementation  and more   Wikipedia has a good article that delves into the specifics  I found this document with a very detailed evaluation of AD from an LDAP perspective

User · Answer

Active Directory isn t just an implementation of LDAP by Microsoft  that is only a small part of what AD is   Active Directory is  in an overly simplified way  a service that provides LDAP based authentication with Kerberos based Authorization   Of course their LDAP and Kerberos implementations in AD are not exactly 100  interoperable with other LDAP Kerberos implementations

User · Answer

Lightweight Directory Access Protocol or LDAP  is a standards based specification for interacting with directory data  Directory Services can implement support of LDAP to provide interoperability among 3rd party applications   Active Directory is Microsoft s implementation of a directory service that  among other protocols  supports LDAP to query it s data   While it supports LDAP  Active Directory provides a host of extensions and conveniences  such as password expiration and account lockout

User · Answer

There are lots of systems that support LDAP to talk to them  not just Active Directory     Sun  IBM  Novell all have directory services that are very effective as LDAP servers

[active-directory] What are the differences between LDAP and Active Directory?

Examples related to active-directory

Examples related to ldap