LDAP itself is just a protocol, just like HTTP, SMTP, etc...
The various products, such as Active Directory, eDirectory, Sun One Directory Server, and OpenLDAP, all have their own way of doing the actual storage of information on disk, but use LDAP as a way for clients to access and manage the information.
A lot of people will say that LDAP vs. Database is a comparison of faster searches vs. transactional and relationship capabilities. While this is usually true, the real judge of the type of information that should be accessible via LDAP vs a Database is twofold:
1. Is there standard schema for the data being stored? The LDAP standards define not only a protocol, but various schema related to things such as people and groups. Directories that store this type of information can be reused by many applications out-of-the-box, whereas with most databases there is no standard schema for this type of information so something custom is generally done to hook in this type of general-purpose information.
2. Even if the information is defined in a standard schema, it may not be worthwhile storing it in LDAP or it may be. The second test
is really whether the data being stored is generally useful to a variety of applications in a non-relational way. Meaning that if you are constantly associating users with sales information in reports, it may be important that user information is stored in a database. The reverse could be true if you have relatively stand-alone information that is generally useful to many different applications, but doesn't have standard schema defined.
Sometimes information both needs to be in relation with other information and accessed in a standard way (such as LDAP) by off-the-shelf applications (like Netegrity and many application servers). In those cases there are various integration technologies that either synchronize information between directories and databases (meta-directories) or performs database->LDAP translation on the fly (virtual directories).
From a programmer's perspective and from a security perspective, the reason LDAP is so important is that most user accounts are now being managed in an LDAP-enabled directory. As an application developer, you wouldn't want the people using your applications to have to manage a whole set of users just for your application if these users are already being managed (passwords and everything) in an existing repository. Since most of those repositories are LDAP-enabled, you can easily use something like JNDI or JAAS to do your own authentication to these stores or use the built-in functionality in an application server (such as the LDAP Realm in BEA WebLogic Server).
Hope this helps...
[ March 17, 2003: Message edited by: Clayton Donley ]