Most of my projects use Active Directory (AD) for storing and retrieving the user authentication information. We interchangeably uses AD and LDAP etc for the same. This caused confusion for some people around me, so I got this idea of writing this down here.
LDAP :- Light Directory Access Protocol (LDAP) is a protocol for retrieving information from a directory services. It was created around 1980. There is no application called LDAP, it is just a protocol
AD :- Active Directory (AD) is a Microsoft Implementation of Directory service. We need to conform to LDAP to use AD. AD is widely used and only available for windows. It uses Microsoft proprietary notation for some of the features.This is software and a server run for this. :)
There are many other directory service softwares like Open LDAP, Apache Open Directory etc. Wikipedia has list of those servers http://en.wikipedia.org/wiki/List_of_LDAP_software
An example url for AD look like : ldap://ad.mycompany.com
ADAM :- Active Directory Application Mode is a new mode of Active Directory that is designed specifically for directory enabled applications. It uses straight LDAP notation for everything, but is a proxy on top of AD, and so it is slower. ADAM is used mostly for the storage of application specific data.
Being said all the above, arises the question why all these confusion, why can't we store this information in an database. Here is the reason for that.
LDAP Directories vs Relational Databases
LDAP directories are optimized for search and read operations. Object-oriented hierarchal data design. Data objects in the directory represents entities such as users, computers, and shared resources. These data objects can be organized hierarchically in a contained. Uses standardized and extensible schema. Security is applied down to the object and attribute level. Data can be replicated through out the network. So this is best suited user, security and resource management applications.
Databases on the other hand are optimized for write operations and used relational data design. Data is stored in tables of rows and columns. Less level security only to row and column level only.
LDAP :- Light Directory Access Protocol (LDAP) is a protocol for retrieving information from a directory services. It was created around 1980. There is no application called LDAP, it is just a protocol
AD :- Active Directory (AD) is a Microsoft Implementation of Directory service. We need to conform to LDAP to use AD. AD is widely used and only available for windows. It uses Microsoft proprietary notation for some of the features.This is software and a server run for this. :)
There are many other directory service softwares like Open LDAP, Apache Open Directory etc. Wikipedia has list of those servers http://en.wikipedia.org/wiki/List_of_LDAP_software
An example url for AD look like : ldap://ad.mycompany.com
ADAM :- Active Directory Application Mode is a new mode of Active Directory that is designed specifically for directory enabled applications. It uses straight LDAP notation for everything, but is a proxy on top of AD, and so it is slower. ADAM is used mostly for the storage of application specific data.
Being said all the above, arises the question why all these confusion, why can't we store this information in an database. Here is the reason for that.
LDAP Directories vs Relational Databases
LDAP directories are optimized for search and read operations. Object-oriented hierarchal data design. Data objects in the directory represents entities such as users, computers, and shared resources. These data objects can be organized hierarchically in a contained. Uses standardized and extensible schema. Security is applied down to the object and attribute level. Data can be replicated through out the network. So this is best suited user, security and resource management applications.
Databases on the other hand are optimized for write operations and used relational data design. Data is stored in tables of rows and columns. Less level security only to row and column level only.
