LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Red Hat's directory server

Red Hat's directory server

Posted Jun 2, 2005 19:01 UTC (Thu) by giraffedata (subscriber, #1954)
In reply to: Red Hat's directory server by iabervon
Parent article: Red Hat's directory server

I've been trying for years to understand what a directory server is for. I can pretty much see how it could be more efficient than a shared filesystem for some things. But how does a directory server compare to a database server, such as a PostgreSQL server?

(Log in to post comments)

Red Hat's directory server

Posted Jun 2, 2005 19:39 UTC (Thu) by iabervon (subscriber, #722) [Link]

I'm not entirely sure myself, but I think that it's essentially a non-SQL database with a standardized network protocol to access it. If you used Postgres or mysql or Oracle or something like that, you would need each program that's using it to understand the specific network protocol. LDAP is standardized on the network, so that the clients don't have to have drivers for different servers. There's a lot of further stuff beyond just LDAP, which essentially amounts to a standard database schema for particular purposes, which is also standardized somewhat, and is based on the LDAP database structure rather than SQL.

How is LDAP different from a relational database?

Posted Jun 2, 2005 20:38 UTC (Thu) by nicku (subscriber, #777) [Link]

The main difference between applications that use an LDAP directory and those that use a relational database is that the directory server is likely to use a variety of clients from widely different sources, while the database often has the application coupled more closely.

The big advantage of LDAP is that standardisation has been more successful that for SQL. The protocol is simple enough for many applications to be able to use a directory directly.

Of course, a directory is usually faster to read than write, and is often used for authentication. We implemented an OpenLDAP directory at HKIVE(TY) in the ICT department so that we can have one source of authentication and user information rather than replicate this information for each application.

The structure of a directory is tree-shaped, rather then tables linked by keys.

Uses: authenticating computers in the laboratory running Linux, or Windows; authenticating web applications (such as online quizzes). You can read more about it here.

Red Hat's directory server

Posted Jun 5, 2005 7:03 UTC (Sun) by komarek (guest, #7295) [Link]

One thing the other posters didn't mention: you need your login program to authenticate against your directory. And/or your webserver, ftpserver, whatever. If you put all your user info in a postgres database, will your portal software authenticate against it? Will you need to write the glue code, or does it exist already? If you are using PAM for logins, will PAM support it?

NIS and LDAP are both widely used for login information. NIS support is built into the GNU C library, so that any properly-written program need not be aware of whether NIS is used or not. This includes the login program. More recently, though, PAM handles authentication. It will support both NIS and LDAP. I have no idea if it supports any relational databases. Apache will auth against NIS or LDAP. Plone will auth against LDAP (among others).

So you can't use just any old thing for authentication information, unless you are willing to modify client code.

Red Hat's directory server

Posted Jun 6, 2005 0:22 UTC (Mon) by giraffedata (subscriber, #1954) [Link]

One thing the other posters didn't mention: you need your login program to authenticate against your directory. And/or your webserver, ftpserver, whatever.

That's what I took the comments about there being a standard for directory services to mean. While there's no reason there couldn't be a standard for authenticating by using a relational database server, there isn't. The protocols that existing login programs, etc. use are directory protocols.

Of course that means a directory server isn't really what you need. What you need is an LDAP server, or a server of whatever other directory protocol your programs use.

The only comment I've seen that says directory servers are useful per se is the one that suggests for a simple directory lookup, a directory server can be more efficient than a general purpose relational database server and a directory protocol easier to use than SQL.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds