Most major platform suppliers use LDap in their products
What is it?
Lightweight Directory Access Protocol (LDap) is an implementation
of the industry standard X.500 directory protocol developed for PCs
and the internet. Adoption of X.500 was slow because of its
complexity and large footprint - LDap is sometimes called
X.500-Lite.
Most of the big platform suppliers have an LDap-based directory
product. Analyst firm Meta Group said, "Directory integration is
becoming the mainstream issue facing many IT organisations -
linking multiple disparate directories in the enterprise as part of
an overall identity management strategy."
Directories can be organised to reflect both the geographical and
hierarchical structure of organisations and business processes.
Where did it originate?
At the University of Michigan in the early 1990s, as a way of
enabling devices with limited computing resources, such as PCs, to
access X.500 directories. The Internet Engineering Task Force took
over responsibility for LDap, which has become the standard for
directory service applications running over IP.
Successive versions of LDap have added security, integration with
databases and other applications, and support for different
language character sets.
What is it for?
Directories are read more often than written to, so their structure
and functionality differs from relational databases, being
optimised for fast access to information which does not change
often. Directories are used to manage user log-ins, passwords and
other authentications, authorisations, e-mail addresses, user
profiles, and device locations and configurations.
LDap directories of personal contact information can include
physical, telephone, e-mail and other addresses. Parts of this
information can be made universally accessible, parts can be
updated by the user, and others are under the control of authorised
administrators.
Much of this was previously handled by multiple application- or
platform-specific directories. LDap allows these to be unified and
managed centrally.
What makes it special?
Unlike X.500, LDap is designed for IP. It has a small footprint, is
simple to implement and operate and is much faster and less
network-intensive than its parent protocol. Unlike
application-specific proprietary directories, it supports
integration of multiple products, centralisation and unified
naming.
How difficult is it to master?
LDap uses a small, simplified set of operations, making it easy for
end-users and administrators, and a standardised API for multiple
platforms, enabling developers to use the directory information in
new and integrated applications.
Where is it used?
As well as user and IT resource directories, LDap products are used
for human resources and security management, catalogues of product
information, customer profiles and preferences, and student or
patient records.
What systems does it run on?
LDap directory software suppliers include Novell, Sun, IBM,
Microsoft, Oracle and OpenLDap. Meta said Sun and Novell are the
suppliers of choice for systems integrators building identity
management systems.
What is coming up?
Integration with other standards and more functionality and
security for building identity management applications.
Rates of pay
Network and systems administrators with LDap among their skills can
expect a salary of £30,000 and upwards. The highest rates are in
security and identity management work.
Training
LDap training is available from directory suppliers - for example,
the IBM Directory Server LDap course - or frNiom independent
providers such as QA. Free online tutorials are available from the
OpenLDap community and Sun.
www.java.sun.com/products/jndi/tutorial/ldap