Who cares about LDAP? (was: LDAP server in Python)

Cameron Laird claird at lairds.com
Tue Mar 18 13:56:17 CET 2003

In article <3E7699BF.323A7898 at engcorp.com>,
Peter Hansen  <peter at engcorp.com> wrote:
>Cameron Laird wrote:
>> Meanwhile, I also recommend you install OpenLDAP on
>> your laptop.  You'll be glad you did.  Once you be-
>> come comfortable with it, you'll find you use LDAP
>> for quite a bit more than the minimum.
>Would you please expand on that statement, Cameron, for those of
>us with a negligible understanding of this area of computing?
First, lest there be any doubt, know that it's OK to have
negligible understanding of LDAP.  You can have a good life
without it, and so on.

I have deeply mixed feelings about LDAP.  I've invested 
enough in it that I'm fairly expert, so, at one level, I 
wish LDAP received more attention.

On the other hand, it makes me giggle a lot.  "Lightweight"?
<URL: http://phaseit.net/claird/comp.protocols.misc/LDAP.html >
Committee work makes for strange conclusions.

Here's the executive summary:  there are lots of data managers
in the world:  SQL-accessible RDBMSs, embedded databases,
LDAP servers, and more.  Some, interestingly enough, are in
more than one of these categories at a time.  In principle,
LDAP's the best design we know for "directories", which you
can regard extensively as telephone-book-like things, or 
intensively as data stores involved in AAA (authorization,
authentication, accounting).  "Best design" here should
mean something like, "I chose Python rather than Java to
code my data-reduction application because it so much more
aptly expresses my solution."

And that's my problem with LDAP.  It's certainly nice for
AAA--but not yet a huge win over working against, say, a
traditional RDBMS and having to do some of the security
yourself.  That's disappointing.

So:  my usual data-manager approach is to select the one
that presents the fewest administrative hassles.  In most
organizations, that means re-use of existing Oracle or
other RDBMS installations.  Sometimes I end up with ZODB,
or Metakit.  Sometimes LDAP.  It's administration that I
see dominating costs.  Whatever the datastore, I know I
can develop applications that perform adequately.

If an organization happens to be comfortable with LDAP,
great; it probably means that they already have good 
content in place, at least as a starting point.  It 
probably also means that have a badly mis-designed LDAP
schema lurking somewhere, but I'm used to that.  LDAP-
savvy tools are few and underwhelming; again, life goes
on without those.

So, in advising the original poster, I was thinking 
that LDAP can do the job he's after, and it's going to
make for a more satisfying development environment on
his laptop than any other, so it's a good time for him 
to learn LDAP.

That's me being rather "raw"; can you read me that way?

Oh--I like the OpenLDAP people, at least as of a few 
years ago.  They're a good bunch.

Cameron Laird <Cameron at Lairds.com>
Business:  http://www.Phaseit.net
Personal:  http://phaseit.net/claird/home.html

More information about the Python-list mailing list