IT, Operations, Security and Webdev have prepared a BrowserID adoption plan for our LDAP directory. Questions come up frequently, so I wanted to capture the basics of the plan. In terms of BrowserID adoption, there are three classes of Mozilla websites. Many webapps that use MoCo’s LDAP instance for authentication and group permissions Mozillians.org which [...]
Another way to approach learning OpenLDAP is through the lens of RDBMS. As a MySQL user… here are a few slapd equivalents. Authentication Some tools (like slapadd against the config directory) are used via authentication provided by your Operating System (Ubuntu for me, which I think is an odd duck for OpenLDAP). OpenLDAP’s documentation is [...]
As I’m learning OpenLDAP, it seems useful to draw on programming language concepts to understand the system. Data from (and the schema behind) a LDAP directory is object oriented and seems to have less of an impedance mismatch between code and data, than the more popular RDBMS. Structure Schema definition appears to be highly inspired [...]
Here are some perceived problems and recommendations. My recommendations are coming from a total newbie, so they are fairly worthless.
This post is about barriers to adoption and will be the most negative of this series. I will be dropping some fbombs.
Let’s start with some nice things… we’ll get to the constructive feedback soon enough
LDAP is a protocol, not an API. This is actually really cool and very in-fashion.
LDAP directories are distributed (in more than one way), sweet.
Another cool thing about LDAP is that records can have some flexibility to their schema, but they still have a schema. You can augment a record with an “auxiliary” type. Types can have mandatory and optional elements. Ad-hoc elements aren’t allowed, they must be in a schema. This seems like a sweet spot for some classes of data storage solutions.
For such an ancient and storied beast, OpenLDAP gets many things right. If you were to re-launch it as a new NoSQL project, written in NodeJS, you’d probably get some love. Developer’s love the new hawtness.
Problem: Bizarre keywords
Technically these aren’t keywords, but to a programmer just encountering LDAP, that is what they seem like.
Attributes are standardized and have inconsistent and wacky names. As a programmer, I’m used to creating my universe on top of a standard library. A programmer approaching data and data definitions… I make that up as I go, right?
I’m going to write a series of short blog posts about my nascent experiences with LDAP directories. I hope to cover the good, the bad, and the fugly of this beast. Planned posts will include: Why LDAP isn’t more widely adopted or WTF?!? LDAP for MySQL peeps LDAP for OO programmers Care and feeding for [...]