• United States

A book that’s all about LDAP

Apr 07, 20034 mins
Access ControlEnterprise Applications

* Catch the latest work of the folks who brought you Netscape Directory Server

Sometimes you don’t know who your neighbors really are. I live in Sunnyvale, Calif., near some of the companies I write about. Unbeknown to me – or, at least, unremarked by me – one of the most frequent topics in this newsletter over the past three and a half years grew out of the fertile imagination of three guys who all work within a mile and a half of my office.

That’s right, the guys who invented Lightweight Directory Access Protocol (LDAP) are either here in Sunnyvale or just across the border in Mountain View. Tim Howes and Gordon Good are toiling away for OpsWare, the remnant of LoudCloud, which was founded by Howes and Marc Andreessen (you know, the fellow who masterminded Mosaic, the first Web browser).

Howes, Good, Andreessen and the third LDAP pioneer, Mark Smith, all worked for Netscape at the time it merged with AOL. Howes and Andreessen left to form LoudCloud (bringing Good along – I’d say “for good measure”, but that’s a cheap pun!). When parts of LoudCloud were sold off to EDS, the reminder was rechristened “OpsWare” and toils in the data center management field – hardly as sexy as LDAP, I’d think, but probably more remunerative. Smith, meanwhile, stayed in Mountain View with Netscape.

This all came up because the three next month will release the second edition of their definitive book “Understanding and Deploying LDAP Directory Services (2nd edition)”, published by Addison-Wesley.

This is a book for directory architects and administrators, rather than for programmers and engineers. The latter groups will appreciate it, though and it should be on your bookshelf if you are at all interested in understanding the impetus for the design of LDAP. But the actual program code is light – the same authors’ “Programming Directory-Enabled Applications with Lightweight Directory Access Protocol”, although somewhat out of date, will give programmers more of a kick-start in identity management via LDAP.

The latest book starts off with 200 pages on the design and concept of LDAP itself – right up through the current version 3 – as well as an overview of what they call the “Netscape Directory Server”. This is the server built based on their work at the University of Michigan, which resulted in the SLAPD (Stand-alone LDAP Daemon) directory server. That server was the basis for both the OpenLDAP server as well as the Netscape server. The Netscape server, itself, is the basis for the iPlanet server, which is now the Sun ONE Directory Server (you really do need a program to tell you who the players are).

The history, design and overview is worth the price, especially for newer IT personnel – those who weren’t around in the late 1980s and early 1990s when this pioneering work was done. But that’s only one part of this fascinating book. Parts 2, 3 and 4 present another 450 pages on, respectively, Designing, Deploying and Maintaining your directory service. This is the meat and potatoes and should be required reading for anyone wishing to be considered a professional network manager. But wait, there’s more.

It’s not enough just to have a smoothly working directory service, so Part 5 of the book starts you on the road to leveraging your investment with chapters on new application design (to take advantage of the directory) as well as ways to retroactively directory-enable existing applications. The authors follow this up with three very detailed case studies showing how three different enterprises can effectively use well-designed directory services.

This is an important book and a good one (and the two don’t necessarily go hand in hand). Pick up a copy as soon as it’s available.