Directory Service

A directory service is a centralized or distributed system that holds identity records and makes them available to applications, services, and administrators. It organizes entries, typically users, groups, devices, and organizational units, in a hierarchical or flat structure and exposes them through a query interface.

Applications rely on the directory to answer questions like “does this user exist?”, “what groups do they belong to?”, and “what attributes does their account have?” The directory handles reads far more frequently than writes, and its design reflects that. Schema definitions govern what attributes each entry type can have, and access controls restrict who can read or modify which entries.

Directories are often accessed via the LDAP protocol, though modern identity platforms may use APIs or proprietary interfaces instead.

For CIAM, the directory service is the underlying store for customer profiles, and its design affects scalability, query performance, and the flexibility of the data model.