What is LDAP?
LDAP is a lightweight product (lightweight). It is a directory (d) access protocol ).
I want to emphasize that LDAP is a database, but not a database. He is a database, because he is a data storage thing. But he is not a database, because his role is not as powerful as the database, but a directory.
For understanding, the example is the phone book (yellow pages ). We use the phone book to find the phone number of a company. The phone book contains some basic information about the company, such as the address, business scope, and contact information.
In fact, this example shows the performance of LDAP in real life. The organization structure of the phone book is composed of one piece of information, which is classified by industry and analogy. Each record is divided into several regions, covering the information we need. This is a directory. In a tree structure, each leaf is a record divided into several regions by one. LDAP is such a thing.
In terms of concept, LDAP is divided into DN and ou. Ou is a tree, dn can be understood as a leaf, and the leaves can also have smaller leaves. However, the maximum layer of LDAP is Layer 4 According to IBM documentation.
In the above example, the phone book is maintained by the telephone company, so it is written and organized by them. After the writing is complete, the Organization is finished. After the writing is completed, the number of re-organizations is limited. The function is to search. The same is true for LDAP, not for writing but for searching. Then I answered a question from a comrade: How can someone solve the problem of concurrent reading. LDAP is not designed for this purpose. If you have such a requirement, the solution should be a database rather than LDAP. This is another example: access and SQL Server. Access is a database product, but it is mainly used at home and has weak functions and performance. SQL Server is a professional database system with powerful functions. LDAP is a lightweight product designed for query. Therefore, the architecture and optimization are mainly for reading, not writing. But it does not mean that LDAP cannot meet the requirements, but that the strength is not here.
As a unified authentication solution, LDAP can quickly respond to user search requirements. For example, user authentication may cause a large amount of concurrency. If you use a database, because the database structure is divided into tables, it is very simple to meet the authentication requirement. Each time you need to search the database, merge and filter, and the efficiency is not good. Although cache is available, it is still a waste. LDAP is a table that only requires the user name and password. It is very easy to add other things. Both efficiency and structure can meet the authentication requirements. This is why LDAP has become the advantage of a unified authentication solution.
Of course, LDAP also has an excuse for writing data, which can meet the requirements of input. I will not talk about it here.
I think the biggest LDAP server should be Microsoft's ad. Although not necessarily standard, it is indeed the most used LDAP server. Every company must use the domain.
This article from the csdn blog, reproduced please indicate the source: http://blog.csdn.net/gotohbu/archive/2009/06/08/4251336.aspx