[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-general
Subject:    Re: [ldap] newbie
From:       John Kristian <kristian () netscape ! com>
Date:       1999-03-05 19:44:59
[Download RAW message or body]

Maria Holmsten wrote:

> We need a distributed directory service where it is
> 
> -easy to create/delete /add new directories, organisationally structured where the \
> container(s) in the tree is to contain a  unique username and a couple of other \
> values related to this username.

LDAP does that.  A common pitfall is to structure the DIT to model the organizational \
structure; it's better to have a very flat tree, and represent organizational \
affiliations as attributes of the entries.  But the latter works fine.

> -easy to dynamically commit a search for a particular username and to quickly be \
> presented the results of the search is a user friendly fashion.

LDAP supports fast and flexible searching, certainly.  Many UIs are available for \
LDAP, including the Address Book component of Netscape Communicator, and many others. \
I find some quite good, but it's subjective and dependent on your aims.  Try some; \
see what you think.

> - using TCP/IP

LDAP does that.

> - possible to provide privacy to a person who wishes to perform a search for a \
> username without anyone else knowing it..

LDAPS (LDAP over SSL) does that.  It is not as widely implemented as plain LDAP, \
however.  Plain LDAP is no more private than the TCP connections on which it runs.

Of course, the people who operate the LDAP server (database) can find out who is \
searching for what (by monitoring the server's activity).  But I can't conceive of \
any practical system that wouldn't have that property.

> The directory is to be used over networks using TCP/IP and mobile IP.. would this \
> be possible with LDAP?

Yes.


[prev in list] [next in list] [prev in thread] [next in thread]