Lightweight Directory Access Protocol (LDAP) is an open, cross-platform protocol designed for accessing and managing directory information. In Active Directory (AD), LDAP is the backbone for querying, updating, and managing data about users, groups, and resources. Its standardized communication mechanism makes LDAP essential for centralized identity management and authentication in Windows environments.

Key Points:

• Centralized Management: LDAP enables systems and applications to access and modify AD data in a structured, hierarchical format.
• Critical Role in AD: LDAP is used for directory lookups, user authentication, and maintaining organizational data integrity.

Directory Structure

LDAP organizes data in a tree-like hierarchy that resembles a file system:

• Top-Level Domain (TLD):

  dc=ldap,dc=thm

• Subdomains/Organizational Units (OUs):

  ou=people ou=groups ou=resources

• Entries & Naming:

  • Distinguished Names (DNs): Full, unique paths to entries (e.g., cn=John Doe,ou=people,dc=example,dc=com).
  • Relative Distinguished Names (RDNs): The individual name component (e.g., cn=John Doe).
  • Attributes: Properties assigned to entries (e.g., [email protected]).

Communication Ports:

• Standard LDAP traffic typically uses port 389.
• For secure connections (LDAP over SSL, known as LDAPS), communication occurs over port 636.

How LDAP Works

LDAP operates on a client-server model:

• Directory System Agent (DSA): The LDAP server (typically the Domain Controller in AD) that processes requests.