36
32
+ 1
0

What is LDAP?

It is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.
LDAP is a tool in the User Management and Authentication category of a tech stack.

Who uses LDAP?

Companies
4 companies reportedly use LDAP in their tech stacks, including Foretag, AlternateCMS, and IAM Self-Service Portal.

Developers
26 developers on StackShare have stated that they use LDAP.
Decisions about LDAP

Here are some stack decisions, common use cases and reviews by companies and developers who chose LDAP in their tech stack.

Pablo Largo
Software Developer at AvaiBook · | 7 upvotes · 10.5K views
Shared insights
on
C++C++CCLDAPLDAPPHPPHP

Hi! I'm working on some components in PHP for system administration to be released as reusable packages, to build some kind of server control panel with some time and patience.

I'm working on a credentials component to check things like the current user running the PHP process, the ability to change the password (which I would do through a shell command), and a very important feature: the ability to login with OS credentials.

For that purpose I'm already considering LDAP, but I want to support first an easy setup, like I would do for a small VPS. I want to login to my future panel with my Linux root credentials. This is very easy by parsing the /etc/passwd and /etc/shadow files, but I want to be multiplatform from the beginning.

How could I check a username/password in a similar way to login on Windows without having to configure Active Directory and similar things? I allow myself to use FFI to make external calls to native DLLs, so if the answer is on a Windows internal API it will not be a problem.

So, here is the question: is there any shell/C /C++ way to check if a given username and password matches a real Windows credential? Is there any way to check if that account is a root user? Thank you so much!

EDIT: If there's not any API to check a login, could it be done through reading the hashed password of a user, and hashing the provided one to check if they match? If so, how can you get the hashed password of a user, and how can you encode a password to compare both hashes?

See more

LDAP's Features

  • Lightweight directory access protocol
  • Used for authentication and storing information
  • General-purpose data store

LDAP Alternatives & Comparisons

What are some alternatives to LDAP?
Auth0
A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications.
JSON Web Token
JSON Web Token is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
Amazon Cognito
You can create unique identities for your users through a number of public login providers (Amazon, Facebook, and Google) and also support unauthenticated guests. You can save app data locally on users’ devices allowing your applications to work even when the devices are offline.
Keycloak
It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.
OAuth2
It is an authorization framework that enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
See all alternatives

LDAP's Followers
32 developers follow LDAP to keep up with related blogs and decisions.