Lightweight Directory Access Protocol is the full name of LDAP protocol. An industry-standard application protocol (RFC, in this case) defines an interface or language that client applications can use to communicate with a directory service (such as OpenLDAP, Active Directory, etc.) in order to query or edit the data in the directory.
Normally, data about users, user credentials, groups, user memberships, and other items are stored in an LDAP directory (or server). They are frequently utilized for user authentication and authorization as they serve as a central repository for user data.
Open Source: Open LDAP is a lightweight directory access protocol implementation that is available for free download.
Enables TLS: Sensitive data can be secured since LDAP supports Transport Layer Security.
Flexibility: A wide variety of databases are supported by LDAP for storing directories, allowing users to select the database in accordance with the kind of information the server needs to transfer.
Popular: The number of LDAP-enabled apps is growing as a result of the well-defined client API.
It is freely available and has an open-source implementation, making it.
When compared to other current protocols, it is lightweight.
It is extremely safe since it has tight encoding requirements, robust encoding techniques, and a variety of authentication kinds through SASL (simple authentication and security layer).
The industry supports it broadly.
Numerous services, like DNS, use it.
There are fewer security measures supported by LDAP than by X.500.
It is very complicated.
Keep user information in a single, easily accessible location. Connect those users to the resources they are permitted to utilize. Authorize users to access the resources they have been given access to.
By establishing a connection with a directory service that makes use of the LDAP protocol, LDAP authentication entails validating the provided usernames and passwords.
Three forms of authentication are specified by LDAP: simple (clear-text password), anonymous, and Kerberos v4.
LDAP utilizes port 389 by default, whereas LDAPS uses port 636 and sets up TLS/SSL when connecting to a client.
Many open-source technological solutions, including Docker, Kubernetes, Jenkins, and thousands of others, continue to favor LDAP as their preferred protocol. Additionally, many well-known commercial programs standardize on using LDAP as their backend authentication mechanism because it has been around for such a long time.