LDAP is a protocol for accessing and managing directory information such as users, groups, and organizational records in identity systems.
LDAP, short for Lightweight Directory Access Protocol, is a protocol used to access and manage directory information. In plain language, it provides a standard way to look up and organize identity-related records such as users, groups, devices, and organizational structures.
LDAP matters because many enterprise identity systems depend on a directory as the source of user and group information. Security decisions often rely on knowing which accounts exist, what groups they belong to, and how those identities are organized.
It also matters because LDAP is frequently confused with authentication itself. In practice, it is more accurate to think of LDAP as a way to work with directory data that authentication and authorization systems often depend on.
LDAP appears in enterprise directories, legacy application integration, identity synchronization, access lookup, and administrative tooling. Applications may query directory data to find users or groups, while identity platforms and admin teams use directory structure to manage access more consistently.
Security teams care about LDAP during access governance, directory hardening, service integration, and incident response. Directory misuse, stale groups, or weak account hygiene in a central directory can create broad downstream security problems.
A company keeps employee accounts and group memberships in a central directory. When a business application needs to know whether a person belongs to a specific department or group, it can query that directory information through LDAP-backed infrastructure rather than storing a separate local copy of every identity record.
LDAP is not the same as Kerberos. LDAP handles directory access and structure, while Kerberos is used for ticket-based authentication.
It is also not a replacement for Authorization. LDAP can supply identity and group information that influences access decisions, but the application or platform still needs rules that decide what those identities are allowed to do.