Turning point for LDAP

* Unless improvements are made to LDAP, it may be time to move to a different protocol

I left you with a bit of a cliffhanger in the last issue ("Future of directories in question"), which got at least one reader champing at the bit to find out what was yet to come. We'll get to that shortly, but first I must apologize for a dreadful typo that crept in (note to self: do NOT rely on spellchecker!). Vikas Mahajan is really my friend, not "my fiend"!

Vikas (currently manager for Enterprise Identity Management at AARP) has been working with directories and LDAP for almost as long as I have, which essentially means as long as there's been LDAP. He's appalled that very little, if anything, has been done to improve directories and access protocols since LDAP v.3. As he said in our conversation:

"The industry has done nothing to make the directory more relevant to today's challenges. Any attempts to address replication were squashed early on. When was the last time you saw some updates to the schema? For example, what should the standard schema be for supporting OpenID authentications either as a IDP or RP or both? Or how do we model complex identity relationships like parents and children, households, caregivers, power-of-attorney, etc?

"And where do we tie the directory in the ecosystem of other data management solutions such as enterprise service bus, master data management, customer hubs, etc? What is the directory's role when you have CRM, ERP, Web, application and other databases? How is it to be positioned by Enterprise Architects? These are today's challenges. These apps and tools don't necessarily speak LDAP, but they are pushing, pulling, cleansing, and standardizing identity data and the LDAP directory needs to be integrated if it is to remain a viable repository of useful, up-to-date identity information.

"I'm afraid when the big players took over the identity space, they marginalized the directories (they became free software to throw into a larger provisioning deal). Thus, no one has strongly invested in advancing the technology. It's become good enough for the corporate world and so it hasn't seen any real modern evolution. It's a shame, really. There is still potential with directories."

Longtime reader Will Schneider agrees: "To me the downfall of directory services in general is the constant inability to move forward. The space requires standards and interoperability, but you take something very simple like a new objectClass and people will debate the issue ad nauseam. In the end, no one does anything and you end up debating the same stupid point for months or years. I like to think of it as 'paralyzed with indecision'."

So there's the challenge -- should there be more, relevant, standardized changes in directory schema? Can LDAP be improved or is it time to move to a different protocol? Let me hear your thoughts and we'll keep the dialog going.


Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022