title: Where OpenLDAP Fits link: https://onemoretech.wordpress.com/2006/03/25/where-openldap-fits/ author: lembobro description: post_id: 747 created: 2006/03/25 13:46:00 created_gmt: 2006/03/25 13:46:00 comment_status: open post_name: where-openldap-fits status: publish post_type: post

Where OpenLDAP Fits

With all the buzz about Sun and Red Hat’s latest offerings, OpenLDAP has not received much attention lately. There has in fact been a steady improvement in the product, and it’s had significant penetration into the enterprise over the last two years. The most significant commercial deployment has been at HP, where Katik Subbrao & Co. have made Symas’s Connexitor Directory the core of their company’s Identity Management infrastructure. The nice thing for the OpenLDAP community is that all of the new functionality built into Connexitor for HP can eventually wind up as part of OpenLDAP, as Symas is a major contributor to the project.

Although its nice to see OpenLDAP getting such a big boost over at a big company like HP, I see it being a strong contender in small to medium sized environments. As shipped with Red Hat Enterprise Linux 4, OpenLDAP is a reliable, seamlessly integrated and well-documented operating system service that can serve as the basis for a no frills authentication and white pages directory solution. When combined with Kerberos, it can provide a secure, standards-based identity management infrastructure. In an alternate universe where vendor and consultancy hype (as well as the corporate IT penchant for consuming licenses as easily as my co-workers do pretzels) I could easily see an enterprise the size of my own company (approximately 10,000 users) easily satisfying its identity management requirements with this software stack.

Linux Journal only recently completed yet another series focused on deploying OpenLDAP and Kerberos as an Identity Management solution. These articles got me thinking again about all the opportunities this software provides. One of my personal projects for the balance of this year will involve exploring how the latest syncrepl “pull” based replication can provide the basis for a highly available service infrastructure.

OpenLDAP is such a good fit in so many situations that I hope Red Hat will continue to ship it as an integrated part of their OS, and not deprecate it in favor of their more complex Fedora/Red Hat/Netcape Directory product. If it were any other software vendor, I’d say the odds would be against it — but we’re talking about Red Hat here, the company that bowed to pressure from its customers to finally start shipping more current MySQL packages (previously Red Hat had only shipped packages based on a legacy version), and so I’m pretty sure that OpenLDAP will continue to be an optional part of their shipping product.

Copyright 2004-2019 Phil Lembo