# LDAP (Lightweight Directory Access Protocol)

Links to other resources:

[Text Link 1](https://www.openldap.org/)

[Text Link 2](https://workaround.org/squid-ldap/)

Companies store usernames, passwords, email addresses, printer connections, and other static data within directories. LDAP is an open, vendor-neutral application protocol for accessing and maintaining that data. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server.

LDAP is a protocol, so it doesn't specify how directory programs work. Instead, it's a form of language that allows users to find the information they need very quickly.

LDAP is vender-neutral, so it can be used with a variety of different directory programs. Typically, a directory contains data that is:

__Descriptive__. Multiple points, such as name and location, come together to define an asset.

__Static__. The information doesn’t change much, and when it does, the shifts are subtle.

__Valuable__. Data stored within the directory is critical to core business functions, and it's touched over and over again.

Sometimes, people use LDAP in concert with other systems throughout the workday. For example, your employees may use LDAP to connect with printers or verify passwords. Those employees may then switch to Google for email, which doesn't rely on LDAP at all.

LDAP isn't new. The definitive whitepaper that describes how directory services work and how LDAP should interface was published in 2003. Despite its age, LDAP is still in widespread use today

# The LDAP Process Explained
![image.png](attachment:image.png)

The average employee connects with LDAP dozens or even hundreds of times per day. That person may not even know the connection has happened even though the steps to complete a query are intricate and complex.

# An LDAP query typically involves:

__Session connection__. The user connects to the server via an LDAP port. 

__Request__. The user submits a query, such as an email lookup, to the server. 

__Response__. The LDAP protocol queries the directory, finds the information, and delivers it to the user. 

__Completion__. The user disconnects from the LDAP port.

The search looks simple, but a great deal of coding makes the function possible. Developers must determine the size limit of the search, the time the server can spend processing it, how many variables can be included in a search, and more.

A person hopping from company to company might run searches with LDAP in each location. But the way the searches work and how they function can be quite different, depending on how the LDAP is configured.

__Before any search commences, the LDAP must authenticate the user. Two methods are available for that work__:

1. Simple. The correct name and password connect the user to the server. 

2. Simple Authentication and Security Layer (SASL). A secondary service, such as Kerberos, performs authentication before the user can connect. For companies that require advanced security, this can be a good option.

Queries may originate 

1. within the company's walls, 

2. on mobile devices 

3. home computers. 

Most LDAP communication is sent __*without scrambling or encryption*__, and that could cause security problems. Most companies use __Transport Layer Security (TLS)__ to ensure the safety of LDAP messages.

People can tackle all sorts of operations with LDAP. They can:

__Add__. Enter a new file into the database. 

__Delete__. Take out a file from the database. 

__Search__. Start a query to find something within the database. 

__Compare__. Examine two files for similarities or differences. 

__Modify__. Make a change to an existing entry.

# LDAP vs. Active Directory
Some people use LDAP and Active Directory interchangeably, and the habit causes a great deal of confusion. These two tools work together, but they're definitely not the same thing.

## Active Directory 
It is a proprietary directory tool that is used to organize IT assets, such as computers, printers, and users. As a Microsoft product, it’s commonly used within the Windows environment. If you have ever worked with Windows on a network, this system underpins some of the data.

## LDAP 
It is a protocol that can read Active Directory, but you can also use it with other programs, including those based on Linux. As a vendor-neutral protocol, you could use this tool to work with all kinds of products that have nothing to do with Windows.

So LDAP and Active Directory work together to help users. But they don't compete with one another, and they don't do exactly the same thing.

![image.png](attachment:image.png)