Menu
I have read about LDAP on wikipedia and I kind of understand what it is. However what I did not get what why so many organizations are using LDAP authentication server over having a simple table with userid and hashed password.
LDAP server surely brings more complexity to the infrastructure. What gains justify this added complexity?
425
Lightweight directory access protocol (LDAP) is a protocol that helps users find data about organizations, persons, and more. LDAP has two main goals: to store data in the LDAP directory and authenticate users to access the directory.
What is LDAP? LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication. LDAP provides the communication language that applications use to communicate with other directory services servers.
What is an LDAP server? An LDAP server, also called a Directory System Agent (DSA), runs on Windows OS and Unix/Linux. It stores usernames, passwords, and other core user identities. It uses this data to authenticate users when it receives requests or queries and shares the requests with other DSAs.
LDAP is an open, vendor-neutral application protocol for accessing and maintaining that data. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server. LDAP is a protocol, so it doesn't specify how directory programs work.
LDAP is complex, but it brings a lot more to the table than just centralized authentication. For example, many email clients can be hooked in to do LDAP searches to find other users - i.e. look up an employee by name, find their email address and phone number right from your email client.
Also, it is extensible - you can define your own types of objects and store them in the directory, so it can be used to store even data that the original implementers did not have in mind when designing it.
For example, OpenSolaris (and therefore I presume Solaris) machines can grab significant amounts of their own configuration over LDAP.
While setting up LDAP is not for the faint of heart and it makes little sense for the home user / small smattering of machines, the aggregate savings over thousands or tens of thousands of computers can make it worth it if administered properly.
125
Using a simple table seems like a good start until you need to use that same username and password in other locations. When your other systems (email, code, server login, bug tracking/ticket systems, etc.) start getting into the mix and you need to maintain all of them the table approach will be unmanageable fast because you would have to write an adapter for all of them to connect to your table for auth. Using ldap which is a standard and used by many projects will make it easier for you to maintain
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
