Re: [ldap] newbie

[John Kristian <kristian@netscape.com>]

Maria Holmsten wrote:

> We need a distributed directory service where it is
>
> -easy to create/delete /add new directories, organisationally structured where the container(s) in the tree
> is to contain a  unique username and a couple of other values related to this username.

LDAP does that.  A common pitfall is to structure the DIT to model the organizational structure; it's better to
have a very flat tree, and represent organizational affiliations as attributes of the entries.  But the latter
works fine.

> -easy to dynamically commit a search for a particular username and to quickly be presented the results of the
> search is a user friendly fashion.

LDAP supports fast and flexible searching, certainly.  Many UIs are available for LDAP, including the Address
Book component of Netscape Communicator, and many others.  I find some quite good, but it's subjective and
dependent on your aims.  Try some; see what you think.

> - using TCP/IP

LDAP does that.

> - possible to provide privacy to a person who wishes to perform a search for a username without anyone else
> knowing it..

LDAPS (LDAP over SSL) does that.  It is not as widely implemented as plain LDAP, however.  Plain LDAP is no
more private than the TCP connections on which it runs.

Of course, the people who operate the LDAP server (database) can find out who is searching for what (by
monitoring the server's activity).  But I can't conceive of any practical system that wouldn't have that
property.

> The directory is to be used over networks using TCP/IP and mobile IP.. would this be possible with LDAP?

Yes.