LDAP vs SQL database for user authentication/user data storage

Question

Hello SO,

I am starting to use cakePHP for the first time with a hobby project. It looks like cakePHP supports LDAP easily enough as well as any DB. If the project goes well, I am thinking of letting the general public use the site, which means that there will (potentially) be a lot of users (a lot is relative, I guess, I'd be shocked at a thousand). If it does get that large, I may consider making a business run with it.

I am familiar with using LDAP and I am familiar with using SQL (specifically MySQL) for keeping track of user data. Before I get started, should I stick with the "easier" SQL or the more hierarchical LDAP structure.

Some things I need to consider:

1. Unauthenticated users will not be able to use the site.
2. There will (potentially) be at least a few different levels (types) of access
3. Each user will be able to delegate access to certain parts of their profile/data
4. Depending on user type, you may have different users "under your care", similar to having an account manager managing different accounts only instead of accounts, it would be people and the information that they would share with you.

Long story short: Should I implement LDAP for a site that will have hierarchical user/group structure or try to make it work with SQL? Is LDAP commonly used in production web apps?

Thanks SO.

Answer 1

The first thing I would look into is how much a client access license costs on your server. If you're linux based (which it sounds like given your stack), then it's probably zero and you can stop reading.. ;)

Microsoft and others have a charge which can be fairly significant. This is usually mitigated by acquiring an External Connector (or similar) license for your web server in place of purchasing a CAL for each user.

Other than that, I'd say go for it. It is a very secure way of handling user authentication as well as authorization. Plus there are many tools available for managing LDAP accounts.