开发者

What problem does LDAP solve in the web world?

开发者 https://www.devze.com 2022-12-15 12:17 出处:网络
I understand LDAP is the protocol which is used to talk to an active directory system like OpenLDAP. I also understand OpenLDAP is a kind of database which stores objects in a tree.

I understand LDAP is the protocol which is used to talk to an active directory system like OpenLDAP.

I also understand OpenLDAP is a kind of database which stores objects in a tree.

My question is: When and for what should I use (if at all) LDAP instead of a relat开发者_如何学JAVAional DB.


A relational database and a LDAP based database solve different issues. LDAP is strongly focused on fast-read, slow write, it's hierarchical, distributed, and based on authority (like DNS). If your data don't match this assumption, LDAP is not the right choice.

LDAP works well to describe a hierarchy of entities, like for example a company addressbook. While a relational database would require every department to access the big global table with all the addresses, an LDAP solution allows to distribute the responsibility of each department's addressbook to the department itself, while keeping it available for query to anyone else in the company.

LDAP allows you to store any kind of information. The addressbook is the most typical example, but everything that can be intended as hierarchical, authority-focused dataset can be stored in LDAP. Another example: suppose a library is part of a consortium of libraries, and they want to store data about the books they have. The database is hierarchical (each library is authoritative within its borders) and each library is independent from the others. Inside the schema, you can store data about the books, such as author, publication year, title, isbn and so on.

To store data, you represent it using a special file format, LDIF, but APIs exist as well. LDIF, however, is the most easy way to see the information. it's just a plain text file. An example from wikipedia

 dn: cn=John Doe,dc=example,dc=com
 cn: John Doe
 givenName: John
 sn: Doe
 telephoneNumber: +1 888 555 6789
 telephoneNumber: +1 888 555 1232
 mail: john@example.com
 manager: cn=Barbara Doe,dc=example,dc=com
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
 objectClass: top

This describes the information about a guy called John Doe. It is under the "realm" of dc=example, dc=com, and has a bunch of other information associated to it (think like a table row). Note that the hierarchy can be (apparently) associated to internet domains, like in this case, but in reality the hierarchy description is very flexible. You can organize hierarchies based on national borders or company departments, or anything you like, as you prefer.

You should use LDAP when you need to manage a data domain where you have

  1. the need for a flexible schema with reduced storage requirements.
  2. reduced write needs, strong read needs
  3. strong hierarchical nature of management and organization of information
  4. authorities and delegation of authoritativeness


This concise and nice post has very good info relating to this scenario.

If interested further, you can go a bit deeper in here, which is a continuation to the above link.


LDAP is good for data which is frequently read and rarely written. For example, LDAP is often used to store user login or password information.


LDAP is a centralized user and account management system which can also store some data fields.


You can use LDAP also as lookup-addressing mechanism to retrieve resources, for example Database-Connections or remote-services.

The nice thing I like about LDAP is, that you can retrieve stuff in directory/URL style. This is quite different to RDBMS where you have to use a dedicated query-language. This often makes sense and is intuitive if things are organized in a hierachical way.

0

精彩评论

暂无评论...
验证码 换一张
取 消