The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network

What is a Directory Service?

A directory is similar to a database, but typically contains more descriptive, attribute-based data; that is, data read more often than it is written.

A directory service is a shared information infrastructure for locating, managing, administering, and organizing common items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. 

LDAP Directory Tree

An LDAP directory has a tree structure. All entries (called objects) of the directory have a defined position within this hierarchy. This hierarchy is called the directory information tree (DIT). The complete path to the desired entry, which unambiguously identifies it, is called distinguished name or DN. A single node along the path to this entry is called relative distinguished name or RDN

Active Directory

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services.

Active Directory makes use of Lightweight Directory Access Protocol (LDAP) versions 2 and 3

LDAP Authentication

  • Simple Authentication Method
  • SASL Authentication Method


Kerberos  is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.


 aims to provide an easily managed IdentityPolicy and Audit (IPA) suite primarily targeted towards networks of Linux and Unix computers. FreeIPA has goals and mechanisms comparable to those of Novell's Identity Manager or of Microsoft's Active Directory

FreeIPA uses 389 Directory Server for its LDAP implementation, MIT's Kerberos 5 for authentication and single sign-on.

While each of the major components of FreeIPA is a pre-existing open-source project, the bundling of these components into a single manageable suite with a comprehensive management interface makes FreeIPA more comparable to its proprietary-software cousins, Identity Manager and Active Directory.


By Kanagaraj M


  • 331
Loading comments...

More from Kanagaraj M