Skip to content
Programming Glossary
Security Concepts Glossary
LDAP — Explained with Examples

LDAP — Explained with Examples

DodaTech Updated Jun 15, 2026 2 min read

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and maintaining distributed directory information services over an IP network.

LDAP stands for Lightweight Directory Access Protocol (version 3, defined in RFC 4511). It’s designed for reading from and writing to directory services — hierarchical databases optimized for read-heavy, search-oriented workloads.

What LDAP Stores

LDAP directories store information in a tree structure called the Directory Information Tree (DIT). Common entries include users, groups, devices, and organizational units.

dc=example,dc=com
├── ou=people
│   ├── uid=alice
│   │   ├── cn: Alice Johnson
│   │   ├── mail: alice@example.com
│   │   └── memberOf: cn=developers
│   └── uid=bob
│       ├── cn: Bob Smith
│       └── mail: bob@example.com
├── ou=groups
│   ├── cn=developers
│   └── cn=admins
└── ou=devices

Common LDAP Uses

  • Centralized authentication — users authenticate against LDAP instead of each app
  • Address books — corporate directory of employees
  • Single Sign-On — frequently used as the user store behind SSO

Example: LDAP Authentication 

const ldap = require('ldapjs');

const client = ldap.createClient({
  url: 'ldap://ldap.example.com:389'
});

function authenticateUser(username, password) {
  return new Promise((resolve, reject) => {
    client.bind(`uid=${username},ou=people,dc=example,dc=com`,
                 password, (err) => {
      if (err) reject(new Error('Authentication failed'));
      else resolve(true);
    });
  });
}

// Search for a user
function findUser(email) {
  const opts = {
    filter: `(mail=${email})`,
    scope: 'sub',
    attributes: ['cn', 'mail', 'memberOf']
  };

  client.search('dc=example,dc=com', opts, (err, res) => {
    res.on('searchEntry', entry => {
      console.log('Found:', entry.object);
    });
  });
}

Real-World Analogy

LDAP is like a company’s employee directory. You don’t call HR every time you need someone’s email — you look them up in the directory. The directory is organized hierarchically: by department (ou), then by name (cn). It’s fast for lookups (find Alice’s phone number) and less suited for complex transactions (processing payroll).

Related Terms

SSO, RBAC, SAML, Authentication vs Authorization, Active Directory

Previous SAML — Explained with Examples Next Encryption vs Hashing — Explained with Examples

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Security Concepts Glossary