LDAP,Database and Directory

Often I heard my colleagues using few terms interchangeably such as LDAP, Active directory, database,directory etc. I was always confused and had a question in my mind whether  all these terms referred to single entity?

Lets try to figure out the difference between these terms.

We start with the “Directory”.

Directory:It stores user information.The main function of any directory is to act as a set of objects with logically and hierarchically organised attributes.These are installed on servers.

Now the question arises if a ‘directory’ is being used to store information than what is a database?Database is also used to store information but in a different way and for different purpose.

Database:A database is simply a collection of data that has one or more uses.Databases are designed specifically to collect and store information in order to give users the power to retrieve, add, update, or remove the information.Databases are usually in a tabular structure –meaning they consist of rows and columns.A Directory can be used to store a broad range of data: email address and mail routing information, HR data, public security keys, contact lists, and much more. RDBMS database is a collection of flat file tables that are related by loose rules; whereas the LDAP server is a tightly coupled hierarchy of objects (called the Directory Information Tree – DIT)

Unlike databases that are designed for processing hundreds or thousands of changes per minute – such as the Online Transaction Processing (OLTP) systems – LDAP directories are heavily optimized for read performance.

Before we decide that we should use our data in an ‘Information Directory’ or a ‘Database’ we must evaluate the data to be stored against few questions.

  • Is the data dynamic or relatively static?
  • Do you need to access this data from a number of computers or applications?
  • Will the data be used by more than one application?
  • Is the data multi-valued?
  • Can our data or application take advantage of a hierarchical relationship?
  • Would you like your data to be available cross-platform?
  • Do the individual records you’re storing change a few times a day or less, on average

If the answer to these questions is ‘Yes’,then a ‘Directory’ is a better option to store the data.



Read more frequently than written

Written more frequently than read

Handle small, simple units of data

Handle large, complex, transaction-oriented units of data

Distributed widely

Not distributed widely

Store information in hierarchically arranged entries

Store information as records in relational tables

The Directories are accessed using an access protocol called LDAP.So sometimes also called LDAP directory.

LDAP:LDAP stands for Lightweight Directory Access Protocol and and is based on the X.500 standard,.The most recent version of the LDAP protocol is version 3, which in December 1997 was approved as an Internet standard.LDAP isn’t a database at all, but a protocol used to access information stored in an information directory (also known as an LDAP directory).The LDAP protocol is both cross-platform and standards-based, so applications needn’t worry about the type of server hosting the directory.LDAP is particularly useful for storing information that you wish to read from many locations, but update infrequently.

Active Directory:Active Directory is one of the Information Directories that are compatible with LDAP and is extensively used.Active Directory (AD) is a technology created by Microsoft to provide network services including LDAP directory services, Kerberos based authentication, DNS naming, secure access to resources, and more. Active Directory is functionally a place to store information about people, things (computers, printers, etc), applications, domains, services, security access permissions, and more.

The Active Directory data store is stored on the server’s hard disk by means of the Ntds.dit file. The file has to be stored on a drive that is formatted with the NTFS file system. The Ntds.dit file is placed in the Ntds folder in the systemroot. When changes are made to the directory, these changes are saved to the Ntds.dit file.The NTFS (New Technology File System)file system is based on a different structure, called a master file table, containing records about the files and directories of the partition. The first record, called a descriptor, contains information on the MFT (a copy of it is stored in the second record). The third record contains the log file, a file containing all actions performed on the partition.This means that the information concerning each file is stored in a file, which is itself registered inside the MFT.

I’ve only tinkered with this stuff for a few minutes — so I’ve probably said some completely wrong things. If so, please leave a comment, telling me what an idiot i am. I’ll be happy to correct any specific mistakes. Best of luck!


  1. Definition of Identity Management | All About Identity and Access Management - January 13, 2015

    […] Different type of databases, […]

  2. My Homepage - November 29, 2015

    … [Trackback]

    […] There you will find 52619 more Infos: allaboutiam.com/2012/08/23/ldapdatabase-and-directory/ […]

Leave a Reply

Your email address will not be published. Required fields are marked *


Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com