The identity store stores users and groups, and the service lets you query that data. By default, it supports querying a single LDAP identity store. You can configure the service to use a virtualized identity store that lets you query multiple LDAP identity repositories instead of just one.
Depending on the configuration, the service uses a file or (one or more) LDAP servers as the repository of identities. When the service is configured for LDAP, by default, it queries a single LDAP, but you can configure the service to query multiple LDAPs.