I understand LDAP is the protocol which is used to talk to an active directory system like OpenLDAP.
I also understand OpenLDAP is a kind of database which stores objects in a tree.
My question is: When and for what should I use (if at all) LDAP instead of a relational DB.
views:
142answers:
5LDAP is good for data which is frequently read and rarely written. For example, LDAP is often used to store user login or password information.
LDAP is a centralized user and account management system which can also store some data fields.
A relational database and a LDAP based database solve different issues. LDAP is strongly focused on fast-read, slow write, it's hierarchical, distributed, and based on authority (like DNS). If your data don't match this assumption, LDAP is not the right choice.
LDAP works well to describe a hierarchy of entities, like for example a company addressbook. While a relational database would require every department to access the big global table with all the addresses, an LDAP solution allows to distribute the responsibility of each department's addressbook to the department itself, while keeping it available for query to anyone else in the company.
LDAP allows you to store any kind of information. The addressbook is the most typical example, but everything that can be intended as hierarchical, authority-focused dataset can be stored in LDAP. Another example: suppose a library is part of a consortium of libraries, and they want to store data about the books they have. The database is hierarchical (each library is authoritative within its borders) and each library is independent from the others. Inside the schema, you can store data about the books, such as author, publication year, title, isbn and so on.
To store data, you represent it using a special file format, LDIF, but APIs exist as well. LDIF, however, is the most easy way to see the information. it's just a plain text file. An example from wikipedia
dn: cn=John Doe,dc=example,dc=com
cn: John Doe
givenName: John
sn: Doe
telephoneNumber: +1 888 555 6789
telephoneNumber: +1 888 555 1232
mail: [email protected]
manager: cn=Barbara Doe,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
This describes the information about a guy called John Doe. It is under the "realm" of dc=example, dc=com, and has a bunch of other information associated to it (think like a table row). Note that the hierarchy can be (apparently) associated to internet domains, like in this case, but in reality the hierarchy description is very flexible. You can organize hierarchies based on national borders or company departments, or anything you like, as you prefer.
You should use LDAP when you need to manage a data domain where you have
- the need for a flexible schema with reduced storage requirements.
- reduced write needs, strong read needs
- strong hierarchical nature of management and organization of information
- authorities and delegation of authoritativeness
This concise and nice post has very good info relating to this scenario.
If interested further, you can go a bit deeper in here, which is a continuation to the above link.
Hope that helps.
Thanks
You can use LDAP also as lookup-addressing mechanism to retrieve resources, for example Database-Connections or remote-services.
The nice thing I like about LDAP is, that you can retrieve stuff in directory/URL style. This is quite different to RDBMS where you have to use a dedicated query-language. This often makes sense and is intuitive if things are organized in a hierachical way.