LDAP Directory Technology Review

The company is looking into open-source solutions and while various commercial software vendors have some significant systems to offer which are suitable for purpose, a decision was made to use the OpenLDAP Directory Server because it is a community-driven project and is widely used in the web hosting industry to reduce licensing and support costs.

Perhaps the most important characteristic of the LDAP protocol is that it is supported by all modern browser and Operating System combinations. Since the proposed system will only provide web-based access to its users, administrators, developers, managers, etc. do not need any specialised software to access it.

The concepts of “Entity” and “Attribute” in the relational model are extended to include classes and attribute sub-types which can manage much more information and overcome certain limitations of relational databases. The objective nature of the LDAP and the inheritance of classes allow for more complex applications to be built and maintained, without compromising data integrity and security.

Brian Arkills argues in his introductory material about Directory Servers that they can be used as a centralised repository of information which can then be accessed by applications on different network locations, thus opening a communications channel between the various parts of the system which are dependant on heterogeneous technologies (such as MySQL and OpenLDAP).

Since directories are highly optimised for retrieving data, they are the ideal solution for the proposed system, as a centralised LDAP server can hold all the information that applications and users accessing the system need. Additionally most publications argue that the schema design process can be simplified by storing similar information on a centralised location.

Considering the requirements for the groups of users accessing the system, certain users would be stored into different entities if the schema was to be designed for a RDBMS. User entities (E.g.: customer, staff_member, etc.) can be combined into a single directory entry (E.g. users), thus avoiding problems which might occur at a later stage

The LDAP client requires very few resources to run, and it can easily be integrated into other software (Brian Arkills, 2002), with many technologies providing built-in support for directory browsing and manipulating operations. This is a cost saving characteristic in the context of a business environment, as the integration of different technologies is automated or requires minor configuration changes, as opposed to having to develop a separate application to handle authentication of the various network services (Apache, Bind, etc.).

The directory solution was chosen because there are network service data which require rare updates and can be queried faster than if a RDBMS was used for this purpose. The DNS information for the domain names hosted on the network, along with domain name information used by the Web Server can be quickly accessed, but more importantly, stored in a centralised location.

This is perhaps one of the major advantages of Directory Servers within the context of an Internet Services Provider company. It allows all DNS information to be also centralised within the directory and from which all applications can access the information needed.

Thus, implementing the required technologies with a Directory Server backend automatically saves the company from having to invest into more development time for producing a PHP management application to handle authentication between them.

The Apache Software Foundation, which releases the Apache HTTP Server project, has also made available a module for the version 2.0 of their server, which supports user authentication on the HTTP server against an LDAP directory. The same is the case with the PHP programming language, which offers a set of functions available specifically for interacting with LDAP directories.