問題描述
LDAP 和 Active Directory 有什麼區別? (What are the differences between LDAP and Active Directory?)
What are the differences between LDAP and Active Directory?
‑‑‑‑‑
參考解法
方法 1:
Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment
LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.
Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.
方法 2:
LDAP is a standard, AD is Microsoft's (proprietary) implementation (and more). Wikipedia has a good article that delves into the specifics. I found this document with a very detailed evaluation of AD from an LDAP perspective.
方法 3:
Lightweight Directory Access Protocol or LDAP, is a standards based specification for interacting with directory data. Directory Services can implement support of LDAP to provide interoperability among 3rd party applications.
Active Directory is Microsoft's implementation of a directory service that, among other protocols, supports LDAP to query it's data.
While it supports LDAP, Active Directory provides a host of extensions and conveniences, such as password expiration and account lockout.
方法 4:
Short Summary
Active Directory is a directory services implemented by Microsoft, and it supports Lightweight Directory Access Protocol (LDAP).
Long Answer
Firstly, one needs to know what's Directory Service.
Directory Service is a software system that stores, organises, and provides access to information in a computer operating system's directory. In software engineering, a directory is a map between names and values. It allows the lookup of named values, similar to a dictionary.
For more details, read https://en.wikipedia.org/wiki/Directory_service
Secondly,as one could imagine, different vendors implement all kinds of forms of directory service, which is harmful to multi‑vendor interoperability.
Thirdly, so in the 1980s, the ITU and ISO came up with a set of standards ‑ X.500, for directory services, initially to support the requirements of inter‑carrier electronic messaging and network name lookup.
Fourthly, so based on this standard, Lightweight Directory Access Protocol, LDAP, is developed. It uses the TCP/IP stack and a string encoding scheme of the X.500 Directory Access Protocol (DAP), giving it more relevance on the Internet.
Lastly, based on this LDAP/X.500 stack, Microsoft implemented a modern directory service for Windows, originating from the X.500 directory, created for use in Exchange Server. And this implementation is called Active Directory.
So in a short summary, Active Directory is a directory services implemented by Microsoft, and it supports Lightweight Directory Access Protocol (LDAP).
PS[0]: This answer heavily copies content from the wikipedia page listed above.
PS[1]: To know why it may be better use directory service rather just using a relational database, read https://en.wikipedia.org/wiki/Directory_service#Comparison_with_relational_databases
方法 5:
Active Directory isn't just an implementation of LDAP by Microsoft, that is only a small part of what AD is. Active Directory is (in an overly simplified way) a service that provides LDAP based authentication with Kerberos based Authorization.
Of course their LDAP and Kerberos implementations in AD are not exactly 100% interoperable with other LDAP/Kerberos implementations...
(by boingboing、JohnFx、cdonner、Alan、Bob、Astra)