April 25, 2019

Use Fedora Directory Server For Manageable LDAP (Part 1)

What Is LDAP?

  • August 28, 2006
  • By Carla Schroder

Raise your hand if you've had this conversation with your buzzword-vulnerable boss:

PHB: "We need to move to LDAP."
Long-suffering admin: "For what exactly?"
PHB: "We need to move to LDAP."

So, before we get into exploring the wonders of Fedora Directory Server, let's give that question a meaningful answer. Why should you consider using LDAP? Here are some nice tidy bullet points to consider:

  • You have a lot of fairly static data to access
  • You want to store this data in a cross-platform future-proof format
  • You want this data to be available to many different applications
  • Your data do not need a full-blown relational database, but will fit nicely in a flat table

What sort of data does this include?

  • User data, like profiles, preferences, email addresses, and logins
  • Customer contacts
  • SSL certificates
  • Asset tracking

Perhaps you want other features like blazing-fast performance and single-sign-on authentication. LDAP is optimized for fast read-speeds, far faster than any other type of data store, and lends itself nicely to cross-platform single-sign-on. Yes, you can even make Windows play nice, no matter how much it doesn't want to.

Terminology pedants go all nutso over incorrect expressions like "LDAP database" and suffer dangerously high blood pressure as a result, so let's be nice to the pedants and use the correct words. LDAP--Lightweight Directory Access Protocol--is a protocol that stores and retrieves information from a directory, which for both OpenLDAP and Fedora Directory Services is stored in a Berkeley DB. I think you're pretty safe using "LDAP directory" as a shortcut.

LDAP is TCP/IP-aware and widely supported. These days it's unusual to find network applications that don't support it. This means you won't need special client software to access an LDAP directory.

Most Popular LinuxPlanet Stories