Penetration Tester Interview Q&A…What is LDAP?

5qu1n7
2 min readAug 8, 2024

--

Lightweight directory access protocol (LDAP) is a protocol that makes it possible for applications to query user information rapidly.

Someone within your office wants to do two things: Send an email to a recent hire and print a copy of that conversation on a new printer. LDAP (lightweight directory access protocol) makes both of those steps possible.

Set it up properly, and that employee doesn’t need to talk with IT to complete the tasks.

LDAP is a protocol, so it doesn’t specify how directory programs work. Instead, it’s a form of language that allows users to find the information they need very quickly.

LDAP is vender-neutral, so it can be used with a variety of different directory programs. Typically, a directory contains data that is:

  • Descriptive. Multiple points, such as name and location, come together to define an asset.
  • Static. The information doesn’t change much, and when it does, the shifts are subtle.
  • Valuable. Data stored within the directory is critical to core business functions, and it’s touched over and over again.

Sometimes, people use LDAP in concert with other systems throughout the workday. For example, your employees may use LDAP to connect with printers or verify passwords. Those employees may then switch to Google for email, which doesn’t rely on LDAP at all.

LDAP isn’t new. The definitive whitepaper that describes how directory services work and how LDAP should interface was published in 2003. Despite its age, LDAP is still in widespread use today.

An LDAP query typically involves:

  • Session connection. The user connects to the server via an LDAP port.
  • Request. The user submits a query, such as an email lookup, to the server.
  • Response. The LDAP protocol queries the directory, finds the information, and delivers it to the user.
  • Completion. The user disconnects from the LDAP port.

If you’re still reading, next is one of the most important parts of LDAP…

Some people use LDAP and Active Directory interchangeably, and the habit causes a great deal of confusion. These two tools work together, but they’re definitely not the same thing.

Active Directory is a proprietary directory tool that is used to organize IT assets, such as computers, printers, and users. As a Microsoft product, it’s commonly used within the Windows environment.

LDAP is a protocol that can read Active Directory, but you can also use it with other programs, including those based on Linux. As a vendor-neutral protocol, you could use this tool to work with all kinds of products that have nothing to do with Windows.

So LDAP and Active Directory work together to help users. But they don’t compete with one another, and they don’t do exactly the same thing.

--

--

5qu1n7

Currently a Penetration Tester and Retired United States Air Force Military Working Dog Handler after 23 years. Who also has a habit of picking locks.