Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the differences between LDAP and Active Directory authentication?

I have tried to search without success. (I do know difference between LDAP and Active Directory. Also read this What are the differences between LDAP and Active Directory?)

According to my understanding, LDAP authenticates (binds) with DN (distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com

Active Directory authenticates with a short user name or full domain user name and password. E.g. bob or [email protected]

Therefore, LDAP does not allow to users with the same CN in the same tree (OU) but it allows the same CN in a different OU. Active Directory does not allow the same user name in the same domain, even the user object located in different tree of Active Directory. Active Directory allows the same user name in different domains.

Other differences?

like image 748
Michael Avatar asked Apr 25 '13 07:04

Michael


2 Answers

I'm not sure you really know the difference between LDAP and Active Directory. Active Directory is built on top of LDAP, just like HTTP is built on top of TCP. You can't make any meaningful comparisons.

Saying LDAP authenticates is like saying the HTTPS charges your credit card when you're buying something online. The LDAP protocol provides the information to the directory server which does the authentication, just like HTTPS provides your information to the processing server that does the processing.

Active Directory allows you to have multiple objects in a domain with the same CN, as long as they don't have the same parent. What it restricts is multiple objects with the same sAMAccountName attribute in the same domain.

Maybe you are interested in the features that Active Directory has that other Directory Services don't? Or how Active Directory uses LDAP to perform higher level authentication requests like username bob?

like image 52
Sean Hall Avatar answered Oct 31 '22 17:10

Sean Hall


Active Directory is a product and a directory service. LDAP is an application layer protocol and an IETF standard. Active Directory supports and implements LDAP, therefore allowing RFC-compliant LDAP clients to talk to it and perform LDAP operations such as bind, search, etc.

like image 31
Bora Avatar answered Oct 31 '22 16:10

Bora