Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does LDAP solve?

Tags:

ldap

I've been in touch with LDAP in many projects I've been involved in but, the truth be told, I don't really understand it. I thought it was just a person directory but after I discovered that it can contain any objects in a hierarchical structure.

I installed openldap in my box and I found many tutorials regarding just the installation.

What is LDAP? What are the scenarios where LDAP is the right choice? What are the LDAP concepts I should know for working with it? What are the advantages of LDAP? Is it used just because old applications used it? Is there a good doc anywhere on internet explaining all this questions?

UPDATE: Complementing the answers I found this link which contains a quick start guide for LDAP newbie like me.

like image 610
victor hugo Avatar asked May 19 '09 19:05

victor hugo


People also ask

What can LDAP be used for?

Uses of LDAP The common use of LDAP is to provide a central place for authentication -- meaning it stores usernames and passwords. LDAP can then be used in different applications or services to validate users with a plugin.

What information does LDAP store?

The main purpose of LDAP is to serve as a central hub for authentication and authorization. LDAP helps organizations store user credentials (username/password) and then access them later, like when a user is attempting to access an LDAP-enabled application. That user's credentials stored in LDAP authenticate the user.

What does the LDAP access and maintain?

LDAP is an industry standard application protocol for accessing and maintaining distributed directory information and authentication services.

Why is LDAP used for authentication?

LDAP provides a means to manage user and group membership stored in Active Directory. LDAP is a protocol to authenticate and authorize granular access to IT resources, while Active Directory is a database of user and group information.


2 Answers

What is LDAP? What are the scenarios where LDAP is the right choice?

At its core, LDAP is a protocol for accessing objects that are suitable for storage in a directory. Whether something is "suitable" is an entirely subjective determination that's left up to implementers, but typically this means collections of many objects that each have infrequently (or never) updated data, where each object has an obvious or canonical way to be looked up:

  • a phone book (look up by name or by phone number)
  • titles in a library (look up by title, author, etc.)
  • tenants in a building (look up by floor, suite, name, etc.)

and so on.

Note that LDAP itself is just a protocol and doesn't provide any actual storage -- in much the same way, HTTP doesn't imply anything about whether you're using Apache, Jetty, Tomcat, Mongrel, et al. as a web server. (One problem with LDAP in general is the confusing reuse of names to mean different things. Wikipedia has a good section on this.)

like image 94
John Feminella Avatar answered Sep 28 '22 11:09

John Feminella


DITs are a hierarchical description scheme that lend themselves to B-Tree algos very nicely, resulting in tremendous search performance in most cases. Directory Server like OpenDS return indexed searches in micro-seconds, whereas RDBMS systems are much slower. Directory Servers (often called LDAP servers) trade resources (RAM, CPU) for fast read response. RDBMS systems provide greater functionality in terms of management of data in question. Need speed with few or zero updates, simplicity, and small network protocol? Use a Directory Server. Need data management and mining capabilities, and/or high rate-of-change of the database with relational aspects defined between data? Use an RDBMS (MySQL is your best bet here).

like image 42
3 revs, 3 users 73% Avatar answered Sep 28 '22 11:09

3 revs, 3 users 73%