Active Directory and LDAP
A directory service provides a hierarchical structure and allows to store objects for quick and easy access and retrieve them later. Active Directory (AD) is Microsoft's own proprietary directory service. It runs on Windows Server and allows administrators to manage permissions and access to network resources and other devices.
Active Directory stores data as objects. An object is a single element, such as a user, group, application or device. It categorizes directory objects by name and attributes.
Active Directory provides the directory service by using Kerberos Authentication and Single Sign-On (SSO) technology. The Kerberos authentication is a protocol that provides a mechanism for authentication between a client and a server, or between one server and another server.
AD provides a way to organize many users into logical groups and subgroups and helps in providing access control at respective level.
AD structure is made of three tiers such as domains, trees, forests. Objects that are made on AD are grouped into domains. A tree is a collection of one or more domains and a forest is a collection of trees that share a directory schema, logical structure, and directory configuration.
AD have many services such as domain services, certificate services, LDAP services, Directory federation services, rights management.
In case of AD domain services, it stores data centrally and manages the communication between host and domains. It checks the login authentication.
Similarly, in case of rights management service or called as RMS, it protects sensitive information through encryption and access authentication. It limits access to emails, office documents and web pages.
LDAP
Lightweight Directory Access Protocol
LDAP is a client server architecture protocol that runs over TCP/IP protocol. It is used to access directory services, like Microsoft's own Active Directory service.
As a directory database, it centrally stores all the user credentials. Other applications and services that connects to LDAP server to validate the user in the background.
Advantages of LDAP
- It supports Kerberos authentication, Simple Authentication Security Layer (SASL), and Secure Sockets Layer (SSL).
- LDAP trusts on the TCP/IP stack rather than the OSI stack.
 
 
