Who cares about LDAP? (was: LDAP server in Python)
claird at lairds.com
Tue Mar 18 13:56:17 CET 2003
In article <3E7699BF.323A7898 at engcorp.com>,
Peter Hansen <peter at engcorp.com> wrote:
>Cameron Laird wrote:
>> Meanwhile, I also recommend you install OpenLDAP on
>> your laptop. You'll be glad you did. Once you be-
>> come comfortable with it, you'll find you use LDAP
>> for quite a bit more than the minimum.
>Would you please expand on that statement, Cameron, for those of
>us with a negligible understanding of this area of computing?
First, lest there be any doubt, know that it's OK to have
negligible understanding of LDAP. You can have a good life
without it, and so on.
I have deeply mixed feelings about LDAP. I've invested
enough in it that I'm fairly expert, so, at one level, I
wish LDAP received more attention.
On the other hand, it makes me giggle a lot. "Lightweight"?
<URL: http://phaseit.net/claird/comp.protocols.misc/LDAP.html >
Committee work makes for strange conclusions.
Here's the executive summary: there are lots of data managers
in the world: SQL-accessible RDBMSs, embedded databases,
LDAP servers, and more. Some, interestingly enough, are in
more than one of these categories at a time. In principle,
LDAP's the best design we know for "directories", which you
can regard extensively as telephone-book-like things, or
intensively as data stores involved in AAA (authorization,
authentication, accounting). "Best design" here should
mean something like, "I chose Python rather than Java to
code my data-reduction application because it so much more
aptly expresses my solution."
And that's my problem with LDAP. It's certainly nice for
AAA--but not yet a huge win over working against, say, a
traditional RDBMS and having to do some of the security
yourself. That's disappointing.
So: my usual data-manager approach is to select the one
that presents the fewest administrative hassles. In most
organizations, that means re-use of existing Oracle or
other RDBMS installations. Sometimes I end up with ZODB,
or Metakit. Sometimes LDAP. It's administration that I
see dominating costs. Whatever the datastore, I know I
can develop applications that perform adequately.
If an organization happens to be comfortable with LDAP,
great; it probably means that they already have good
content in place, at least as a starting point. It
probably also means that have a badly mis-designed LDAP
schema lurking somewhere, but I'm used to that. LDAP-
savvy tools are few and underwhelming; again, life goes
on without those.
So, in advising the original poster, I was thinking
that LDAP can do the job he's after, and it's going to
make for a more satisfying development environment on
his laptop than any other, so it's a good time for him
to learn LDAP.
That's me being rather "raw"; can you read me that way?
Oh--I like the OpenLDAP people, at least as of a few
years ago. They're a good bunch.
Cameron Laird <Cameron at Lairds.com>
More information about the Python-list