LDAP

LDAP is a protocol for reading and writing data in a directory service. A directory is a specialized database optimized for lookups, organized as a tree of entries. Each entry has a distinguished name that identifies its position in the tree and a set of attributes defined by a schema. Common directory entries include user accounts, groups, and organizational units.

Clients connect to an LDAP server, authenticate with a bind operation, and then search, add, modify, or delete entries. Search operations use filters that can match attributes by exact value, substring, or presence. The protocol supports simple password authentication and SASL mechanisms for stronger options.

LDAP directories became the backbone of enterprise identity infrastructure, storing employee records and group memberships that applications query for authentication and authorization decisions.

For CIAM, LDAP is less commonly the primary store for customer identities, but it remains relevant when a CIAM platform must integrate with backend enterprise directories for B2B or workforce-adjacent use cases.

Sources

• IETF RFC 4511, Lightweight Directory Access Protocol (LDAP): https://datatracker.ietf.org/doc/html/rfc4511