LDAP vs AD |Active Directory和轻型目录访问协议
随着企业规模和复杂性的增长,使用安全有效的用户身份验证系统已成为非常重要的要求。为此,AD(Active Directory)是Microsoft引入的目录服务提供商,而LDAP是可用于目录服务的应用程序协议。实际上,Active Directory支持基于LDAP的身份验证。
什么是LDAP?
LDAP是一种适应X.500(一个复杂的企业se directory system) developed by University of Michigan. LDAP stands for Lightweight Directory Access Protocol. Current version of LDAP is versions 3. It is an application protocol used by applications such as email programs, printer browsers or address books to look up information from a server. Client programs that are “LDAP-aware” can ask for information from LDAP running servers in different ways. This information is residing in “directories” (organized as set of records). All the data entries are indexed by LDAP servers. When a certain name or a group is requested, certain filters may be used to get the required information. For example, an email client can search for email addresses of all persons living in New York who has a name staring with “Jo”. Apart from contact information, LDAP is used to look up information like encryption certificates and pointers to resources (e.g. printers) in the network. LDAP is used for SSO as well. If the information to be stored is updated very rarely and fast-lookup is a must, then LDAP servers are ideal. LDAP servers exist as public servers, organizational servers for universities/corporations and smaller workgroup servers. Public LDAP servers are not popular anymore due to the threat of spam. Administrator can set permissions on LDAP databases.
什么是广告?
AD(Active Directory)是Microsoft开发的目录服务。Active Directory使用各种标准化协议提供许多与网络相关的服务。Active Directory支持LDAP版本2和3。广告可选地支持基于Kerberos的身份验证。此外,它提供基于DNS的服务。Active Directory为管理员提供了从中央位置管理管理和安全任务的能力。它将所有信息和配置详细信息存储在集中式数据库中。管理员可以轻松地使用Active Directory进行策略,部署和更新软件的分配。它还提供SSO(单登录)服务,供用户访问网络上的资源。Active Directory是高度可扩展的。因此,AD用于从具有很少机器的小型网络到具有数千用户的大型网络的各种网络。 It is used by companies to provide standardized accesses to applications. Active Directory can easily synchronize updates to directories across servers.
LDAP和AD有什么区别?
Active Directory是目录服务提供商,而LDAP是由Active Directory和OpenLDAP等目录服务提供商使用的应用程序协议。但是,Active Directory也支持基于Kerberos的身份验证。Active Directory是Microsoft的专有产品,它主要与Windows服务器相关联。但是,LDAP几乎可以在运行不同操作系统的任何服务器上使用。
发表评论