📖 What is Lightweight Directory Access Protocol (LDAP)?
Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral industry standard application protocol used for accessing and maintaining distributed directory information services. It is commonly used for centralized authentication and user management.
"Think of LDAP as the 'phone book' of the network. It is frequently used by Active Directory to manage users and permissions."
📚 Certification: CompTIA Network+ Certification Exam (N10-009)
🔑 What are the Key Concepts of Lightweight Directory Access Protocol (LDAP)?
- ▸ Organizes data in a hierarchical tree structure called the Directory Information Tree (DIT), allowing for efficient searching of users, groups, and organizational units.
- ▸ Utilizes standard TCP port 389 for unencrypted traffic and TCP port 636 for secure connections via LDAP over SSL/TLS (LDAPS).
- ▸ Enables centralized authentication, allowing diverse network applications to verify user identities against a single, shared directory instead of maintaining local databases.
- ▸ Uses Distinguished Names (DN) to uniquely identify entries, combining attributes like Common Name (CN) and Organizational Unit (OU) to define a path.
- ▸ Optimized for high-frequency read and search operations, making it ideal for looking up user contact information or permission levels across a large enterprise.
🎯 How does Lightweight Directory Access Protocol (LDAP) appear on the N10-009 Exam?
You may be asked to identify the appropriate protocol for a company that needs to centralize user management and authentication across multiple different operating systems and third-party applications to ensure consistent access control.
A scenario might describe a security audit finding that user credentials are being sent in cleartext; you would be expected to recommend switching from port 389 to port 636.
Expect questions about troubleshooting a failed authentication request where you must determine if a network firewall is blocking the specific TCP ports required for directory queries and responses.
❓ Frequently Asked Questions
What is the difference between LDAP and Active Directory?
LDAP is an open-standard protocol used to communicate with directory services, whereas Active Directory is a specific proprietary directory service implementation by Microsoft that uses LDAP as one of its primary access methods.
Why is LDAPS preferred over standard LDAP in production environments?
Standard LDAP transmits data in cleartext, which allows attackers to capture credentials using packet sniffers. LDAPS encrypts the session using SSL/TLS, protecting sensitive authentication data from being intercepted on the wire.