Dec 14, 2017 I just described the structure I use. The LDAP server is on a Windows Server 2008, I believe, and I'm querying an Active Directory. Okay, you are searching a Microsoft LDAP. Microsoft does strange things with their products. To search an LDAP server, the user needs only supply the base name otherwise the search becomes to restrictive. In Symantec Reporter 9.x and 10.x, you can integrate Reporter with an LDAP server, which allows you to configure RBAC (Role Based Access Controls) policies. To perform user and group based authentication and authorization, you must configure the user and group base DN.
Active3 years, 4 months ago
Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and Computers, AD Sites and Services, etc.) as well as third party tools are often going to use LDAP to bind to the database in order to manage your domain. In Select Computer, if you are managing the LDAP server requiring the certificate, select Local. Otherwise, select Another computer and click Browse to locate the LDAP server requiring the certificate. Once you have the correct computer selected, click OK and then click Finish. In Add or Remove Snap-ins, click OK.
votes
What are the differences between LDAP and Active Directory?
bluish15.2k1919 gold badges9696 silver badges155155 bronze badges
boingboing
locked by MattAug 14 '16 at 12:15
This question exists because it has historical significance, but it is not considered a good, on-topic question for this site so please do not use it as evidence that you can ask similar questions here. This question and its answers are frozen and cannot be changed. See the help center for guidance on writing a good question.
Read more about locked posts here.
11 Answers
votes
Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment
LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.
Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.
JohnFxJohnFx31.2k1717 gold badges9494 silver badges154154 bronze badges
votes
LDAP is a standard, AD is Microsoft's (proprietary) implementation (and more). Wikipedia has a good article that delves into the specifics. I found this document with a very detailed evaluation of AD from an LDAP perspective.
cdonnercdonner25.9k1919 gold badges8989 silver badges144144 bronze badges
votes
Lightweight Directory Access Protocol or LDAP, is a standards based specification for interacting with directory data. Directory Services can implement support of LDAP to provide interoperability among 3rd party applications.
Active Directory is Microsoft's implementation of a directory service that, among other protocols, supports LDAP to query it's data.
While it supports LDAP, Active Directory provides a host of extensions and conveniences, such as password expiration and account lockout.
AlanAlan33.9k1515 gold badges104104 silver badges127127 bronze badges
votes
Short Summary
Active Directory
is a directory services implemented by Microsoft, and it supports Lightweight Directory Access Protocol
(LDAP).Long Answer
Firstly, one needs to know what's
Directory Service
. Directory Service is a software system that stores, organises, and provides access to information in a computer operating system's directory. In software engineering, a directory is a map between names and values. It allows the lookup of named values, similar to a dictionary.
For more details, read https://en.wikipedia.org/wiki/Directory_service
Cities & Memory. The original 13th-century travelogue shares with Calvino's novel the brief, often fantastic accounts of the cities Polo claimed to have visited, along with descriptions of the city's inhabitants, notable, and whatever interesting tales Polo had heard about the region.Structure Over the nine chapters, Marco describes a total of fifty-five cities, all women's names. The cities are divided into eleven thematic groups of five each:. Historical background Invisible Cities deconstructs an archetypal example of the genre, which depicts the journey of the famed Venetian merchant across Asia and in Yuan Dynasty China. Le citta invisibili pdf. Cities & Desire.
Secondly,as one could imagine, different vendors implement all kinds of forms of directory service, which is harmful to multi-vendor interoperability.
Thirdly, so in the 1980s, the ITU and ISO came up with a set of standards - X.500, for directory services, initially to support the requirements of inter-carrier electronic messaging and network name lookup.
Fourthly, so based on this standard, Lightweight Directory Access Protocol, LDAP, is developed. It uses the TCP/IP stack and a string encoding scheme of the X.500 Directory Access Protocol (DAP), giving it more relevance on the Internet.
Lastly, based on this LDAP/X.500 stack, Microsoft implemented a modern directory service for Windows, originating from the X.500 directory, created for use in Exchange Server. And this implementation is called
Active Directory
.So in a short summary,
Active Directory
is a directory services implemented by Microsoft, and it supports Lightweight Directory Access Protocol
(LDAP).PS[0]: This answer heavily copies content from the wikipedia page listed above.
PS[1]: To know why it may be better use directory service rather just using a relational database, read https://en.wikipedia.org/wiki/Directory_service#Comparison_with_relational_databases
user207421270k2828 gold badges230230 silver badges384384 bronze badges
BobBob1,47822 gold badges1616 silver badges2626 bronze badges
votes
Active Directory isn't just an implementation of LDAP by Microsoft, that is only a small part of what AD is. Active Directory is (in an overly simplified way) a service that provides LDAP based authentication with Kerberos based Authorization.
Microsoft Ldap Service
![Microsoft Ldap Server Microsoft Ldap Server](/uploads/1/2/4/8/124874672/437664156.png)
Of course their LDAP and Kerberos implementations in AD are not exactly 100% interoperable with other LDAP/Kerberos implementations..
![Microsoft Microsoft](/uploads/1/2/4/8/124874672/797805298.png)
8,27133 gold badges3131 silver badges4141 bronze badges
votes
Active directory is a directory service provider, where you can add new user to a directory, remove or modify, specify privilages, assign policy etc. Its just like a phone directory where every person have a unique contact number. Every thing in AD(Active Directory) are considered as Objects and every object is given a Unique ID.(similar to a unique contact number in a phone directory.
Ldap is a protocol specially designed for directory service providers. Windows server OS uses AD as a directory server, AIX which is a UNIX version by IBM uses Tivoli directory server. Both of them uses LDAP protocol for interacting with directory.
Apart from protocol there are LDAP servers, LDAP browsers too.
Quinn Wilson5,99811 gold badge1818 silver badges2929 bronze badges
ShrikanthShrikanth
votes
active directory is the directory service database to store the organizational based data,policy,authentication etc whereas ldap is the protocol used to talk to the directory service database that is ad or adam.
mansimansi
votes
LDAP sits on top of the TCP/IP stack and controls internet directory access. It is environment agnostic.
AD & ADSI is a COM wrapper around the LDAP layer, and is Windows specific.
You can see Microsoft's explanationhere.
D3vtr0nD3vtr0n2,07433 gold badges2626 silver badges4646 bronze badges
votes
Realistically, there are probably more differences than similarities between the two directory solutions. Microsoft’s AD is largely a directory for Windows users, devices, and applications. AD requires a Microsoft Domain Controller to be present and when it is, users are able to single sign-on to Windows resources that live within the domain structure.
LDAP, on the other hand, has largely worked outside of the Windows structure focusing on the Linux / Unix environment and with more technical applications. LDAP doesn’t have the same concepts of domains or single sign-on. LDAP is largely implemented with open source solutions and as a result has more flexibility than AD.
Another critical difference between LDAP and Active Directory is how AD and LDAP each approach device management. AD manages Windows devices through and Group Policy Objects (GPOs). A similar concept doesn’t exist within LDAP. Both LDAP and AD are highly different solutions and as a result many organization must leverage both to serve different purposes.
This is why there’s an obvious opportunity for innovation. Why leverage and manage two complete systems, when one system can effectively merge the two?
JavaDeveloperJavaDeveloperMs Ldap Server
2,09766 gold badges4141 silver badges8181 bronze badges
votes
There are lots of systems that support LDAP to talk to them, not just Active Directory.
Sun, IBM, Novell all have directory services that are very effective as LDAP servers.
geoffcgeoffc3,59355 gold badges3636 silver badges4545 bronze badges
votes
Active Directory is a super-set of the LDAP protocol. Depending on how the organization uses Active Directory, your LDAP search/set queries may or may not work.
Cody JacquesCody Jacques