Lightweight directory access protocol or LDAP is a communications protocol that defines the methods in which a directory service can be accessed. Simply put, it provides a mechanism to access and query directory services systems. These directory services systems are most likely to be UNIX/Linux based or Microsoft Active Directory based. But it is an open and cross-platform protocol, meaning it works with several directory service providers and has various applications.
A directory service is used to store, organize and present data in a key-value type format. Example of key-value format is name as a key and bob as a value. It’s basically optimized for lookups, searches, and read operations over write operations.
LDAP is commonly used to store information about an entity and its resources to include users. LDAP data components include schemas, attributes, entries, and data information tree.
To use LDAP, one must first authenticate themselves. Afterwards, one can add, unbind, bind, modify, search and compare, and delete data. LDAP does support command line queries, but most are via utilities like an authentication program.
By default, LDAP traffic is transmitted unsecured, so you have to use TLS. LDAP uses port 389 and LDAPS uses 636.
HansITAcademy 