LDAP: Replacing Exchange Revisited

LDAP can occupy numerous places in an IT infrastructure. For example, you can migrate Network Information Services (NIS) to LDAP and many Legacy UNIX centric organization have done just that. While the NIS migration model serves as one excellent example, many others exist. Most recently, I saw LDAP used as a simple white page - name and address - directory service. I consider that under utilizing LDAP.

Just a simple note: NIS is client-server directory service protocol for distributing system configuration information such as user and host names between computers on a computer network. NIS uses a flat database structure while LDAP as we've discussed uses a hierarchical structure.

My first exposure to LDAP occurred in 1999. While on a consulting assignment at one of the major telecommunication firms, I saw my client migrating from their own email system to MS Exchange. Someone convinced them that their own system running on their own mainframes would fail on midnight January 1, 2000.

After the migration, it dawned on the the IT management folks that they forgot to consider their 30,000 UNIX users. You can imagine the mess. Our friends in Redmond did not produce a UNIX version of Outlook.

Later that year, I rounded up a few developers and orchestrated the creation of a UNIX clone which worked with Exchange. We used Collaboration Data Objects (CDO)and built a proxy to run from a UNIX client to Exchange. The main goal of the project focused on calendar events.

While interest in the client circulated from one Fortune 50 company to many others, Exchange administrators feared having "rogue" technology on their networks.

As a product, our client failed, but in the process of marketing and accepting requests we discovered that we could build a server that could function side by side with Exchange. We also discovered an LDAP directory running like white pages within Exchange.

Note: In the next segment, we'll discuss ObjectClasses, attributes and schemas, but not now.

Suffice it to say, Exchange used standard ObjectClasses and attributes within its directory. We did not find it a stretch to duplicate those LDAP objects. Ultimately, the Exchange 5.5 directory morphed into AD - the current enterprise directory from Redmond. Still, in building a product people would buy, we found LDAP a common crossover thread.

So, what's the point of this story? Plain and simple, the Open Source Community has had the makings of products widely used in enterprises today. We just have not taken advantage of our resources.

Now, consider this a short prelude to deeper aspects of the LDAP protocol. If we want to move our Open Source LDAP products (OpenLDAP and Fedora Directory Server) deeper into business we need to first understand the basic building materials and then start to innovate.

Our next adventure begins with schemas and the objects that make work. Speak to you soon.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

LDAP question

Maldee's picture

I'm LDAP newbie..
I just want to kow:
1) what exactly LDAP can do in term of web base applications and others thing.
2) What the system requirement for server to use LDAP ?
3) can LDAP be standalone (testing in localhost) ?
thanks

keep me updated

havaianas's picture

I would be interested in helping.

yes

laptop's picture

it can be standalone afaik

AD is LDAP in disguise

Anonymous's picture

I am a W2K network admin. AD is LDAP in disguise, modified for Windows 2000 networking. MS just pulled it from the shelf and used it in its own OS. It uses the same TCP/IP ports (489) to listen on. You can issue the same LDAP commands to query the directory.

If you know AD, you know LDAP. And if you know LDAP, your half way to knowing AD.

Code...

Anonymous's picture

...or it didn't happen.

ldap is working for WInxp & linux

Nandkishor's picture

Hi,
The Ladap is working for the file central authentication for Win XP & Linux users.

Any more news?

Hikaye's picture

Any more news?

Is it finished yet?

boquete panama's picture

Please update me if you have a solution yet.

A bit of history

Russian translation for Linux's picture

By the way: LDAP was designed at the University of Michigan to adapt a complex enterprise directory system (called X.500) to the modern Internet. X.500 is too complex to support on desktops and over the Internet, so LDAP was created to provide this service "for the rest of us."

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix