Before having a look at LDAP, we should know about ‘Directory’.

What is directory structure?
The directory structure is the organization of files into a hierarchy of folders. It should be stable and scalable; it should not fundamentally change, only be added to. Computers have used the folder metaphor for decades as a way to help users keep track of where something can be found.
When information is stored in Directory Structure, it becomes very much feasible to manage hierarchical information, read/write to it. This directory structure can be scaled up to achieve three major functionalities on the web: Authentication, Authorization, and Personalization.

LDAP stands for Lightweight Directory Access Protocol. LDAP is a standards based specification for interacting with directory data. Directory Services can implement support of LDAP to provide interoperability among third party applications.
LDAP is an open, industrial standard application protocol for reading and editing distributed directories over the network. In these directories, we have set of records in an organized hierarchical structure, similar to how a corporate email directory or a telephone directory looks like. LDAP enables anyone to locate resources in a network, be it on a public internet or corporate intranet. LDAP read operations are extremely fast than any other possible alternatives.

When we have looked at LDAP, lets get to know what an Active Directory is…
Active Directory is Microsoft’s implementation of directory service that, among other protocols, supports LDAP to query it’s data.

Characteristics of an LDAP-Compliant Directory:

  • Extremely fast Read operations. Directories are tuned for higher read performance because the nature of the data in the directory is more commonly read than written or updated.

  • Relatively static data. The data most commonly stored in the directory is not frequently subjected to change or modification.

  • Distributed. The directory, and henceforth the data it stores, is distributed in nature.

  • Hierarchical. The directory is capable of storing objects in a hierarchical fashion for organization and relationship.

  • Object-oriented. The directory represents elements and objects. Objects are created from object classes, which represent a collection of attributes.

  • Standard schema. Directories utilize a standard schema that is available to all applications making use of the directory.

  • Multi-valued attributes. Directory attributes can be single or multi-valued.

  • Multi-master replication. Most leading directories offer multi-master replication, allowing writes and updates to occur on multiple servers. Therefore, even if servers are unable to communicate for periods of time, operations can still occur locally and then be sent to other replicas once communication is restored.

Characteristics of an RDBMS:

  • Write-intensive operations. The RDBMS is frequently written to and is often used in transaction-oriented applications.

  • Data in flux or historical data. The RDBMS is designed to handle frequently changing data. Alternatively, a RDBMS can also store vast amounts of historical data which can later be anaylzed or “mined.”

  • Application-specific schema. The RDBMS is configured on a per-application basis and a unique schema exists to support each application.

  • Complex data models. The relational nature of the RDBMS makes it suitable for handling sophisticated, complex data models that require many tables, foreign key values, complex join operations, and so on.

  • Data integrity. The RDBMS features many components designed to ensure data integrity. This includes rollback operations, referential integrity, and transaction-oriented operations.

  • ACID (Atomic, Consistent, Isolation, Durable) transactions. The transaction either commits (such that all actions are completed) or it aborts (all actions are reversed or not performed).

When should we prefer LDAP?

For arriving at the conclusion, we need to ask ourselves answer to these questions:

  • Is the data dynamic or relatively static?

  • Does the data need to be distributed?

  • Can the data be used by more than one application?

  • Is the data multi-valued?

  • Can your data or application take advantage of a hierarchical relationship?

  • Do you need flexible security options?

  • Do you need single sign-on?

  • Do you need distributed or delegated administration capabilities?

If answer to some or all of these questions is yes, then directories and directory-based applications would likely be useful and the right choice for our application.