LDAP stands for “Lightweight Directory Access Protocol”. In this context, a “directory” is not a file directory, but rather a somewhat arbitrary “tree of data”. Some people see an LDAP directory as a phone directory, others see it as an org chart.
Generally speaking, an LDAP directory is used to maintain information that one can look up. Furthermore, LDAP has an extensive ACL (access control list) capability to make sure data in an LDAP directory can accessed on by legitimate parties.
At the core of LDAP are the mechanisms to look up entries and modify those entries. We will explain this in more details later on.
LDAP is useful for many applications. One particularly important role of LDAP is working with Kerberos as a network authentication and user identification mechanism. We will see how LDAP and Kerberos can work together later in this module.