I have been working with several LDAP implementations for last three month, particulary with OpenLDAP, Oracle Internet Directory and Active Directory. My main goal was to define a structure and a schema to be used as the authentication backend for about 50K users. It should be extensible, flexible and of course rock-solid. I start looking for recomendations in the Internet. The first annoying fact was people avoid the native directory hierarchy implementing that hierarchy with attribute values in each entry. So people use an hierarchized data base but without using hierarchy at all. That force me to think ¿Why?.

After a few weeks I had realized that nowaday the LDAP importance is NOT the database but the standard itself. LDAP provide a way to auth people in any applications using well-known steps and with security (the real password is not readable by application, I can use a SSL connection, …). The real trouble with LDAP is not ease of manage. In my opinion it would be great to have a authentication standard based in modern technologies like web services. You could do whatever you want to achieve user manage if you export the proper web services. Of course you could even manage the data using LDAP.

I know LDAP is much more than authentication and user manage but, on my view, it should be used in a 98% just for authentication. LDAP is highly optimized too; but, as the computer performance increase and hardware prize decrease, I wonder if the manageability, performance relation has sense in real applications nowaday.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: