|
|
|
|
|
|
by kahawe
5911 days ago
|
|
|
Nobody as in "every company, small and large, I've ever worked for in the software, automotive, telco and banking industry". Also, ActiveDirectory is an LDAP at the end of the day. RedHat just started their own LDAP server with the old Netscape sources a few years ago. I agree that getting started with LDAP when you are only used to relational databases is a real pain. On top of that, a lot of software with "LDAP support" is pretty bad at it. But once you have it up and running, you can integrate it with almost everything. I'm a big fan of the Sun LDAP Server and all its features like multi-master replication, ACLs and all those neat ways it offers you for modeling your directory data. Also: "LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack." (wikipedia) So that's what that lightweight is all about. DO NOT mix up LDAP and "single signon" (e.g. kerberos) which are two separate things. You can use LDAP, however, to store your users and passwords and have all kinds of systems use that for authentication and authorization but that is not single signon.
Most SSO products I know use LDAP as their datastore, though. I have always liked LDAP for its strong standardization and simplicity and LDIF is a plain, simple format that you can easily generate or type by hand. There is not a lot of overhead. |
|
|