LDAP VS Active Directory

IT terms can be confusing and can lead to misunderstanding also. This article describes the two basic term of authentication, LDAP and Active Directory.  If you are familiar with Linux, then possibly you have the idea of LDAP server. And if you belong to the next competitor of Linux, called windows, then you may know about Active Directory (AD).

Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.

Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.


Active Directory is purely the proprietary from Microsoft and LDAP is just the standard protocol. LDAP is a part of the active directory. You can find in detail about the installation of OpenLDAP in Linux and active directory in windows HERE.  LDAP and active directory both are the directory services. In general, a network service that identifies all resources on a network and makes them accessible to users and applications is defined as directory services.

Lightweight Directory Access Protocol (LDAP) is a directory service that is based on the client-server model. That means there is a server hosting the LDAP and the client configured for LDAP get access from this server. This information can be used to give access to the system. LDAP authentication introduces various forms of authentication methods.

Active Directory is the wide field which supports LDAP authentication mechanism also. It is integrated into the OS since Windows NT 4.0 server. Windows also use the Kerberos which is an integral part of windows authentication. The Kerberos key distribution center (KDC) uses the domains active directory and therefore active directory is needed for the Kerberos implementation.

In other words, AD is built in top of LDAP. That means it uses LDAP as well as other protocols also.

For windows, you can get OPENLDAP for windows also. It supports OpenSSL, Berkeley DB, GSS API, Cyrus SASL, and ODBC.


Anup Chhetri

IT system administrator

You may also like...

error: Content is protected !!