What are the differences between LDAP and Active Directory?
What are the differences between LDAP and Active Directory?
Solution 1:
Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment
LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.
Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.
Solution 2:
LDAP is a standard, AD is Microsoft's (proprietary) implementation (and more). Wikipedia has a good article that delves into the specifics. I found this document with a very detailed evaluation of AD from an LDAP perspective.
Solution 3:
Lightweight Directory Access Protocol or LDAP, is a standards based specification for interacting with directory data. Directory Services can implement support of LDAP to provide interoperability among 3rd party applications.
Active Directory is Microsoft's implementation of a directory service that, among other protocols, supports LDAP to query it's data.
While it supports LDAP, Active Directory provides a host of extensions and conveniences, such as password expiration and account lockout.
Solution 4:
Short Summary
Active Directory
is a directory services implemented by Microsoft, and it supports Lightweight Directory Access Protocol
(LDAP).
Long Answer
Firstly, one needs to know what's Directory Service
.
Directory Service is a software system that stores, organises, and provides access to information in a computer operating system's directory. In software engineering, a directory is a map between names and values. It allows the lookup of named values, similar to a dictionary.
For more details, read https://en.wikipedia.org/wiki/Directory_service
Secondly,as one could imagine, different vendors implement all kinds of forms of directory service, which is harmful to multi-vendor interoperability.
Thirdly, so in the 1980s, the ITU and ISO came up with a set of standards - X.500, for directory services, initially to support the requirements of inter-carrier electronic messaging and network name lookup.
Fourthly, so based on this standard, Lightweight Directory Access Protocol, LDAP, is developed. It uses the TCP/IP stack and a string encoding scheme of the X.500 Directory Access Protocol (DAP), giving it more relevance on the Internet.
Lastly, based on this LDAP/X.500 stack, Microsoft implemented a modern directory service for Windows, originating from the X.500 directory, created for use in Exchange Server. And this implementation is called Active Directory
.
So in a short summary, Active Directory
is a directory services implemented by Microsoft, and it supports Lightweight Directory Access Protocol
(LDAP).
PS[0]: This answer heavily copies content from the wikipedia page listed above.
PS[1]: To know why it may be better use directory service rather just using a relational database, read https://en.wikipedia.org/wiki/Directory_service#Comparison_with_relational_databases