There are terms that by their initials sound totally unknown. Such is the case of LDAP. Do you know its meaning and what LDAP users mean? How many times have we come across this name without knowing that it is well known in the computing area and that they refer to the Lightweight Directory Access Protocol?
It is, then, an important model that precisely allows the user to log into network computers, especially within organizations, whose characteristic is very similar to Windows Active Directory, an access manager for business users.
LDAP user: What is this protocol and what is it used for?
The LDAP user is the acronym for the Lightweight Directory Access Protocol, its name derives just a ceremonial formality in terms of applications through which users enjoy a service organized directory, hierarchical and distributed in search of diverse data in a corporate network environment.
Hence its relationship with another manager, such as Windows Active Directory, which also manages user access to the organization or domain. Its objective is to determine what type of resources is available to a certain person (usually associated with files, folders, printers, among other computers).
Now, this directory is made up of a set of objects with characteristics well organized in a logical and hierarchical way. An example of this is the telephone directory, which leads to a series of names (people or companies) arranged alphabetically, with each name with an address and a telephone line attached.
In simpler terms, it is like a book or folder, where people’s names, telephone numbers and addresses are placed, and it is arranged according to the alphabet. It is also usually associated with an LDAP directory tree that reflects various political, geographical or organizational scopes, depending on the model adopted.
Today’s LDAP user deployments often use System and Domain Names (DNS) to give structure to the higher levels of the hierarchy. And as you go down in the directory, entries that represent people, organizational departments, printers, registries, groups of people or any other element that involves one or more entries in the said tree may be displayed.
How LDAP Works?
The operation of the LDAP user protocol is based on the connection between the client/server. Where the LDAP server houses all the information concerning the directory, and which can use a wide range of databases for such storage, resulting in colossal databases.
It is estimated that it works in a very similar way in terms of access and management, to Windows Active Directory. Well, when the LDAP client or user connects to the server, they can carry out 2 standard actions, query and locate directory information, or change it.
LDAP features
At this point in the post, it is already clear what the LDAP user is about, so it is easier to understand the networks of the organizations. Obviously, always thinking of LDAP as a protocol, that is, a kind of communicative language, therefore it is necessary to have a method such as Active Directory or OpenLDAP to apply it and specify its capabilities, as well as an associated database.
Now, in terms of its most interesting characteristics and most relevant information, the most outstanding ones are briefly indicated below of the LDAP user protocol:
Scalability
LDAP directories have the particularity that when a relational database backs them up, as in the IBM SecureWay Directory, they are highly scalable. With high performance of large directories with millions of entries.
Security
Likewise, LDAP supports security attributes that do not allow unauthorized access to data. Secure communication protocols, such as SSL and authentication procedures, as well as access control list (ACL) policies for data entries, guaranteeing a maximum level of security.
Given that LDAP supports access to various resources, generally when you want to verify the identity of who is connecting. Which can be done by combining usernames and passwords, or externally.
Where it adopts a protocol called SASL (Simple Authentication and Security Layer) in order to send access data to another server, which usually uses Kerberos technology. In other words, the authorization is provided by an independent system after verifying that the access data is correct.
Manageability
Current versions of LDAP, such as IBM SecureWay Directory, provide a graphical user interface for both systems management and directory information management. It’s an extensible and dynamic model where the directory schema can be extended without service interruptions.
Standardization
Furthermore, the LDAP user protocol, together with many of the related client/server capabilities, application programming interfaces (APIs) as well as data definitions, are defined by formal standards or the corresponding RFCs (Request for Comments). Foxpass offers cloud-hosted LDAP, RADIUS, and SSH key management.
