| A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
|---|---|---|
| Prev | Next | |
This short chapter summarizes the structure of the database holding the user system data.
LDAP is a protocol to access "directory based" systems. It was born as a gateway for the OSI data repository standard called X.500: originally LDAP defined in fact only the transport (TCP/IP) and the format of the messages used by client to access directory based systems which followed the X.500 standard, and which implied the use of the full OSI stack (too complex and expensive to be implemented in the smaller LAN). Substantially the LDAP server was the gateway between a TCP/IP environment and a OSI environment, collecting client requests (TCP/IP) and forwarding them to a X.500 server using the OSI stack. Since OSI stack and X.500 were too complex, as time went by the developers thought of providing LDAP with a native storage directory system so as to make it independent and to make it possible to use it not only as X.500 gateway but on its own, since it was far slimmer than the known OSI standard.
Our choice of using LDAP for the management of the users data came as a consequence of evaluating the following characteristics:
LDAP is optimized for a load consisting of very frequent read operations and very rare modifications
LDAP can be very easily replicated and allows for redundancy of the whole database.
When we first wrote this document we did not find any other free and complete LDAP suite apart from OpenLDAP, so we have decided to use it, notwithstanding the fact that it's far from perfect and still seems to have several flaws. Later on, other solutions have become available (as for example Redhat Fedora Directory Server) that need to be further tested, considering the pivotal role of the LDAP server in the structure we are describing.