Article:
  Demystifying LDAP
Subject:   Ldap or Database (users, roles, etc)
Date:   2006-07-31 10:00:19
From:   javadevdc
Response to: Ldap or Database (users, roles, etc)

First off, if you can point me to an easy setup for ldap on debian/Ubuntu and a simple program (preferably in Java) that can access a user and permissions granted to that user that would be great.


Maybe these are myths, but this is what my experience is :
* ldap is different for each implementation. Microsoft Active Directory is not going to be similar to OpenLdap. Someone is not going to up and running with Active Directory or OpenLdap from setup to programming.
* You need someone that specializes in Ldap to set it up; not so with mysql and say JAAS or Acegi. I can set up roles, users and a complex permission system using Spring's Acegi in less than an hour.
* OpenLdap is hard to set up.


>>I believe 9 out of 10 developers would *prefer* LDAP, and the 10th developer probably works for Oracle


As a developer, I would like to easily set up my environment. ldap is not as easy as setting up users and roles in a database.


Oracle has an identity server so they would push ldap.


I'd love to see a getting ldap up and running on linux for busy people.


Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Brian K. Jones photo Ldap or Database (users, roles, etc)
    2006-07-31 10:29:23  Brian K. Jones | O'Reilly AuthorO'Reilly Blogger [View]

    >First off, if you can point me to an easy setup >for ldap on debian/Ubuntu and a simple program >(preferably in Java) that can access a user and >permissions granted to that user that would be >great.

    If you've never in your life seen LDAP, then I guess its as easy as doing anything else you've never seen before. In other words, "easy" is a relative term. However, a google search turns up two documents you might find helpful.

    http://directory.fedora.redhat.com/wiki/Howto:DebianUbuntu
    http://www.openldap.org/doc/admin23/quickstart.html

    As for OpenLDAP, I don't personally like it (and I've used it extensively). However, it's harder to tweak to perfection for a production deployment than it is to set up a simple test. See the above link to set up a quick test server. I prefer fedora directory server, but have never tried to build it on a non-RH-based distro. I know users who *have* built it on gentoo and debian though.


    >As a developer, I would like to easily set up my >environment. ldap is not as easy as setting up >users and roles in a database.

    If the priority is not to do what is necessarily easier for the developer, but to deploy the right application or service in the right way, then sometimes, as a developer, you must learn things that you don't currently have familiarity with in the interest of using the right tool for the job.

    If you set up an ldap server once, then back up your data (a one-command process to dump to an ldif file), then future setups are Mind Numbingly Easy(tm)

    :-)

    If there's more demand for the document you request, perhaps I'll write one myself! Thanks for that input!

    • Ldap or Database (users, roles, etc)
      2006-08-14 09:49:08  jblaine [View]

      "If the priority is not to do what is necessarily easier for the developer, but to deploy the right application or service in the right way, then sometimes, as a developer, you must learn things that you don't currently have familiarity with in the interest of using the right tool for the job."

      Well said.