First Question: Why do we have to use LDAP instead of Database? LDAP is more of hirearchical and database is relational. Faster Reads in LDAP and Faster writes in Database. Second Question: What factors determine to use LDAP over DB and DB over LDAP?
First Question: Why do we have to use LDAP instead of Database? No, we don't have to use LDAP. Database can be used to implement the same functionality, only not with the same performance (i.e. not read-optimized).
Second Question: What factors determine to use LDAP over DB and DB over LDAP?
If your application does mostly reads on the information being stored into LDAP/DB and performance is a priority, then LDAP could be considered for its better performance. On the other hand, if you're out of budget, you may not be able to get the "extra" LDAP server but are forced to stick with the database.
Another way of thinking about the LDAP vs. DB argument really comes down to what already exists. In an Internet environment you may have the luxury of creating a whole new registration system for new users. If you're creating an intranet focused application there may already be a lot of user information in places like Active Directory (Windows Accounts), Domino Server's directory (email accounts), Sun/Netscape directory (email and some apps), etc... In those cases it's less an issue relevant to application functionality as it relates to security than it is an issue of fitting into what the organization is already maintaining and supporting. Creating something that fits into existing directory environments will certainly simplify the deployment phase to some extent. Obviuosly if you're talking about an environment where there aren't a lot of existing user repositories, or where the users are in directories, you might make a different decision. Oh, and the decision doesn't have to be LDAP or DB. In fact, not only can you synchronize them, you can also use LDAP on top of your database tables if you have an LDAP-enabled application by using virtual directory products that translate LDAP into SQL. Unlike LDAP directories built on Databases (Oracle and IBM for example), these products map to your existing tables rather than create new LDAP-specific tables. Clayton