Lightweight Directory Access Protocol (LDAP)
LDAP is a standardized protocol for querying and updating directory services like Active Directory. It allows applications to look up user information, group memberships, and attributes from a centralized directory.
# WHAT TEAMS RUN INTO
- —
LDAP queries are synchronous and block until they return. Applications that query LDAP during every authentication request become as slow as the directory, and slow directories slow down all applications.
- —
LDAP credentials are often hardcoded or stored insecurely. Applications need credentials to bind to LDAP and query it, and those credentials are often embedded in config files or environment variables.
- —
LDAP doesn't provide rich authorization information. Applications query LDAP to get user attributes and groups, but LDAP doesn't tell the application what the user is actually authorized to do in that specific context.
# WHY IT MATTERS
LDAP is the protocol that makes centralized identity possible. Without LDAP, applications would need to query Active Directory directly with different approaches, creating inconsistency. LDAP standardizes how applications talk to directories. But LDAP is a legacy protocol that was designed for a simpler world — it doesn't handle modern scenarios like distributed identities or complex authorization policies well.