LDAP
What is LDAP?
LDAPThe Lightweight Directory Access Protocol, an IETF standard for querying and modifying hierarchical directory services over TCP/IP, typically on port 389 or 636 with TLS.
LDAP, defined in RFC 4511, is a vendor-neutral protocol for reading and writing entries in a directory information tree, with each entry identified by a Distinguished Name and described by typed attributes. Enterprises use LDAP to centralize user accounts, group memberships, certificates, and machine objects, and applications query the directory at login to authenticate users (LDAP bind) and authorize access. Common implementations include OpenLDAP, 389 Directory Server, and Microsoft Active Directory. Best practice is to use LDAPS or StartTLS, avoid unauthenticated binds, parameterize search filters to prevent LDAP injection, and apply least privilege to service accounts that bind to the directory.
● Examples
- 01
A web application binding to OpenLDAP to verify a user's password during login.
- 02
A SIEM querying Active Directory via LDAP to enrich events with group memberships.
● Frequently asked questions
What is LDAP?
The Lightweight Directory Access Protocol, an IETF standard for querying and modifying hierarchical directory services over TCP/IP, typically on port 389 or 636 with TLS. It belongs to the Identity & Access category of cybersecurity.
What does LDAP mean?
The Lightweight Directory Access Protocol, an IETF standard for querying and modifying hierarchical directory services over TCP/IP, typically on port 389 or 636 with TLS.
How do you defend against LDAP?
Defences for LDAP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for LDAP?
Common alternative names include: Lightweight Directory Access Protocol, LDAPS.