LDAP is an open standard.

LDAP was originally developed as an open source software project which produced several RFC documents in addition to the initial implementation. It represents a manageable subset of the larger pre-existing X.500 directory standard. Although not all vendors have followed every RFC (for shame, Microsoft), the core protocol remains intact on implementations that advertise compliance. LDAP has been used successfully for several years to allow seamless communication between countless disparate products. Open standards with that kind of momentum have a strong tendency to linger.

LDAP is a network protocol.

LDAP is not a piece of software, it is a method of communicating. Think of it as something analogous to SQL plus ODBC, but with good performance. LDAP transmits over old reliable TCP/IP and excels at availability. It is database agnostic, and implementations can usually be configured to use whatever back-end you'd prefer.

LDAP is ubiquitous.

Virtually every major server operating system is delivered with an LDAP compliant directory server. There are LDAP implementations available from heavyweights like Sun, IBM, Microsoft, Apple, AOL/Netscape, Novell, and Oracle. There is also a free and open source alternative, OpenLDAP, that is delivered with all versions of Red Hat Linux. An almost infinite array of systems can already be configured to communicate with LDAP directories, including web servers, financial applications, voicemail networks, operating systems, mail clients, and network security devices.

Directory databases include accounts.

Important data tends to center around people. In particular, to create portal functionality you need to start with a record of each user. LDAP was initially designed to manage accounts, making use of authentication to verify identity. Any transaction with a directory database can be made under the authority of such an account or anonymously as required. In addition, LDAP servers use sophisticated access control logic that can support rules for individuals or sets of users down to data field granularity.

LDAP data is object-oriented and encourages heavy reuse.

A directory database is comprised of hierarchically grouped entries, not two-dimensional tables. Each entry corresponds to a set of schema-defined object classes. These classes have many of the trappings of object oriented design, including inheritance and polymorphism. Fields of data (attributes) are also defined in the schema and can be used in multiple object classes. As a result, you can develop, deploy, and grow complex data models with low overhead. LDAP doesn't natively support multi-join queries, but that also means normalization is a natural side effect of reasonable design.

LDAP servers are small, simple, and easy to maintain.

Unlike a full-blown RDBMS which usually requires a dedicated DBA, maintenance of a directory server is often as cheap as maintaining a web server. The concepts are more natural, data modeling is straightforward, the configuration is clear, the server is lightweight, tuning is a snap, and the overall footprint is small. You can control a server with a handful of command line tools, and integrated web or graphical tools are often available. The standard format for importing and exporting data, LDIF, is extremely easy to read, generate, and transfer.

LDAP is optimized for rapid search and retrieval.

The LDAP specifications require support for the indexing of any attribute. Because data in a directory is pre-normalized, appropriate queries are answered in optimal time (ie. with performance on at least the same order of magnitude as with any other database system). The syntax for queries is familiar, concise, and powerful. At request time, a search can be constrained to return partial data or a limited number of entries.

LDAP databases can be massive and secure.

Scalability can be unleashed through large sets of networked devices working in harmony. Through referrals or server enhancements, massive distributed databases can be presented through a single service. Most implementations also enable the replication of a single database across multiple live servers. Like the Hypertext Transfer Protocol, LDAP supports the Public Key Infrastructure. The protocol defines a second dedicated TCP/IP port for SSL encrypted sessions and implementations can usually be configured for TLS on any port. Hence all transactions with the database can occur securely over the internet. You can even configure an LDAP server to handle authentication with something as strong as Kerberos.

LDAP enables the internationalization of data.

Each field of data can be simultaneously stored in multiple languages, so you can write and deploy a single model and deliver localized content without special arrangements. The date/time stamps all use Universal Time Code signatures, and LDIF speaks in Unicode. Together, these features have made LDAP very popular worldwide.