Hello. I am going through the CISSP training. When would you use LDAP groups to manage access vs Active Directory groups to manage access?
LDAP vs Active Directory DS
I hope all is well. Great question. Let me see if I can give you a quick and easy answer.
LDAP is a protocol that is implemented by many different vendors to provide directory services. As a result, technically, any group that is created in an LDAP Directory server could be said to be an LDAP group, but while some vendors do call them that, such as Oracle, most do not.
Rather, most vendors that provide LDAP services refer to their groups as Security Groups, Domain Local Groups, Global Groups, etc...
Active Directory is Microsoft's proprietary implementation of an LDAP directory service, and as such, groups created on a Domain Controller are technically LDAP groups, but Microsoft does not refer to them that way.
For the CISSP exam, I WOULD NOT worry about this kind of an issue, or distinction, as it would not be testable. The exam is vendor neutral as you often here me say throughout the show. As a result, something like this would not be asked about.
In the real world, while you do hear the term LDAP groups used, it is not as common as some of the others I mentioned above.
If you have any other questions as you are going through the show, please let me know. My direct e-mail is: firstname.lastname@example.org
Good Luck !!