Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the differences between LDAP and Active Directory authentication?

Tags:

authentication

active-directory

ldap

I have tried to search without success. (I do know difference between LDAP and Active Directory. Also read this What are the differences between LDAP and Active Directory?)

According to my understanding, LDAP authenticates (binds) with DN (distinguish name) and password. E.g. CN=bob, OU=Users,DC=test,DC=com

Active Directory authenticates with a short user name or full domain user name and password. E.g. bob or [email protected]

Therefore, LDAP does not allow to users with the same CN in the same tree (OU) but it allows the same CN in a different OU. Active Directory does not allow the same user name in the same domain, even the user object located in different tree of Active Directory. Active Directory allows the same user name in different domains.

Other differences?

like image 748
Michael Avatar asked Apr 25 '13 07:04

Michael

2 Answers

I'm not sure you really know the difference between LDAP and Active Directory. Active Directory is built on top of LDAP, just like HTTP is built on top of TCP. You can't make any meaningful comparisons.

Saying LDAP authenticates is like saying the HTTPS charges your credit card when you're buying something online. The LDAP protocol provides the information to the directory server which does the authentication, just like HTTPS provides your information to the processing server that does the processing.

Active Directory allows you to have multiple objects in a domain with the same CN, as long as they don't have the same parent. What it restricts is multiple objects with the same sAMAccountName attribute in the same domain.

Maybe you are interested in the features that Active Directory has that other Directory Services don't? Or how Active Directory uses LDAP to perform higher level authentication requests like username bob?

like image 52
Sean Hall Avatar answered Oct 31 '22 17:10

Sean Hall

Active Directory is a product and a directory service. LDAP is an application layer protocol and an IETF standard. Active Directory supports and implements LDAP, therefore allowing RFC-compliant LDAP clients to talk to it and perform LDAP operations such as bind, search, etc.

like image 31
Bora Avatar answered Oct 31 '22 16:10

Bora
Sign in to Comment

Related questions

Logout with http basic authentication and restful_authentication plugin
http or https authentication for Intranet Web applications
Spring security "forward:" directive can't forward to login form
Authentication token always null in kernel.request event in Symfony 2?
RPC Authentication error
Can't authenticate on mongodb with PHP
AspNet Core Identity - cookie not getting set in production
Sending auth in headers php curl
Laravel 5.2 - Auth: display custom error messages
Ruby on Rails functional test with Devise authentication
How to access session from Warden/Devise after_authentication callback in Rails
Laravel 5.2 auth change 'id' to 'customer_id'
Why use kerberos when you can do authentication and authorization through ldap? [closed]
Creating users table in Laravel
AngularJS + Laravel 5 Authentication
Is this a reasonable user registration process?
Is encrypting session id (or other authenticate value) in cookie useful at all?
firebase phone authentication not working after .apk released in play store even after I have updated sha1 in firebase console
PHP, Prevent users from accessing a page while not logged in?
Mongo "auth failed" Only for Remote Connections. Local Works fine

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!