Differences between LDAP and AD
LDAP :
LDAP is a protocol like a language or set of rules that systems use to communicate with a directory.
- It provides a way to read/write information in a directory (like usernames, groups, permissions).
Active Directory is the complete solution:
- AD is built on top of LDAP but adds a lot more functionality.
- It’s not just a directory; it’s an entire system for managing users, computers, security policies, and more.
Let's take the receptionist tale from the LDAP Page click here to read LDAP
LDAP (Room Allocation):
Think of LDAP as the hotel receptionist who manages the room allocation.
- The receptionist (LDAP) checks the guest’s details (name, ID, booking status) and decides which room the guest should go to based on the information stored in the hotel’s directory database (LDAP).
- LDAP only checks if the guest has the right credentials (i.e., whether they’re allowed to stay and where they should go), but doesn’t manage anything inside the room.
Active Directory (Room Management and Services):
- After the guest (user) enters their allocated room, they start using the room’s services, like the air conditioner, fridge, and cot.
- AD is like the hotel's complete management system, which not only allocates rooms but also:
- Manages the room’s settings (temperature control, fridge access, etc.)—similar to Group Policies in AD, which control user behavior and access.
- Enforces rules for the guest, like check-out time or room usage guidelines, which is similar to security policies and permissions in AD.
- Ensures security by limiting access to rooms (e.g., only guests with specific keys can access certain rooms) just like AD manages access to various resources and services.
Communication Flow between LDAP, DC, AD:
Imagine you’re using a website, and you decide to change your password. Once you update your password on the website, it communicates with Active Directory, which stores all your login details. Active Directory then updates the password across all the applications connected to it
Communication flow that will happen in the backend:
Website (Visitor) → Requests to change the password (gives old password, requests new password).
LDAP (Receptionist) → Checks if the request is valid and forwards it to the Domain Controller.
Domain Controller (Security Officer) → Verifies the request, ensures policies are followed, and updates the password in Active Directory (AD).
Active Directory (Castle’s Central Records Office) → Stores the new password in the centralized record.
LDAP (Receptionist) → Confirms back to the website that the password change was successful.
Website (Visitor) → Receives confirmation and allows access with the new password.
