LDAP 101: It’s A Database, Stupid
We’re doing an LDAP-for-authentication rollout at my day job – the sort of thing there are lots of docs about already. One of the things we’ve run into is the lack of a single, complete document describing the whole tool ecosystem, from what LDAP is and how it works all the way through to how to use it to authenticate users.
So I thought I’d write one.
This post will cover some introductory knowledge about LDAP. Subsequent posts will introduce some LDAP tools, go into more detail on the data stored in a directory and on the implementation of an authentication system.
“LDAP” is an extensive subject, and I’m not going to try to cover every aspect of it. (For that, see the links at the bottom of this post.) I’ll be demonstrating simple bind authentication, without SASL or Kerberos/GSSAPI, and I won’t be going into too much detail outside of users and groups. In particular, I won’t be covering too much history, and I won’t be covering ActiveDirectory (the other widely-deployed authentication and directory service built on LDAP).
