LDAP
also: Lightweight Directory Access Protocol
LDAP (Lightweight Directory Access Protocol) is a protocol for querying and modifying centralized directory services, commonly used for user authentication and organizational information lookups in enterprise Linux environments.
LDAP is a client-server protocol that provides a standardized way to access directory information across networks. A directory service stores hierarchical data about users, groups, computers, and other resources in a tree-like structure, making it ideal for centralized identity management in organizations.
On Linux systems, LDAP clients connect to an LDAP server (like OpenLDAP) to authenticate users without storing passwords locally. For example, a user can log into any machine in a network by submitting credentials that the system validates against the central LDAP directory. This simplifies administration: adding, removing, or updating user accounts happens once on the server rather than on each individual machine.
Common LDAP uses include single sign-on (SSO), centralizing user and group management, and storing organizational information. Many Linux systems use tools like nslcd, sssd, or pam_ldap to integrate LDAP authentication into the standard login process.