IT Glossary

LDAP

LDAP is a protocol for querying and managing directory services like Active Directory. Learn how LDAP works, where it is used, and how it relates to IAM.

June 8, 2026

LDAP (Lightweight Directory Access Protocol) is an open protocol used to access and manage directory information services over a network. It is the standard way applications query a central directory (such as Microsoft Active Directory or OpenLDAP) to authenticate users and retrieve attributes like group membership, email, and role. LDAP organizes entries in a hierarchical tree structure for fast lookups.

How LDAP works

  • A directory stores user and resource entries in a hierarchical tree (the DIT).
  • A client sends an LDAP request to bind (authenticate) and then to search or modify.
  • The directory server validates the bind and returns matching entries.
  • Applications use these results to authenticate users and read attributes.
  • LDAP underpins on-premises identity, often paired with Kerberos for authentication in Active Directory.

Examples and use cases

A company running on-premises Active Directory uses LDAP so internal apps can authenticate staff against one directory. The friction appears as that company adopts cloud SaaS: legacy LDAP-based identity does not natively reach modern apps, so teams add an IdP and SCIM on top. Bridging on-prem LDAP and cloud SaaS is a recurring mid-market migration challenge.

Related concepts

FAQ

Is LDAP the same as Active Directory?

No. LDAP is the protocol. Active Directory is Microsoft's directory service that, among other protocols, can be queried using LDAP.

Is LDAP still used in 2026?

Yes, heavily, especially for on-premises and hybrid environments. Many cloud identity providers also expose LDAP interfaces for compatibility.

What is the difference between LDAP and SAML?

LDAP queries a directory over a network, typically inside the perimeter. SAML federates authentication to web apps across domains.

Corma connects directory-based identity to your cloud SaaS so access stays consistent across both. See user provisioning or request a demo.