lldap: Light LDAP Implementation

In my teens I was obsessed with LDAP and shared authentication across a fleet of Linux machines, it sounded pretty cool. In reality I never actually had to administer or setup LDAP. It was popularised by Microsoft with advent of Active Directory in the 00s (I believe AD came out with Windows 2000 Server).

Those days I didn't really understand the notion of a tree-like directory. Nowadays I'm think we're better served with a SQL queryable RDBMS to store directory-like data, and modernising the query language using JSON over a HTTP(S) transport.

I've been using this for the past few years. LLDAP + Authelia + Caddy is a great way to completely avoid writing your own (likely bad) authentication system. Layers are great.

OpenBSD also includes ldapd, a daemon which implements version 3 of the LDAP protocol. It's simpler than OpenLDAP, at least since OpenLDAP started storing its configuration within itself.

I don't think there's a portable version though.

Ah LLDAP (Light Lightweight Directory Access Protocol)

hello,

as always ... imho (!)

disclaimer: i'm a big fan of ldap, especially of the FOSS openldap implementation and i'm using it since ... ever ... (~ 25 years)

i think there is one feature which makes openldap stand out and which in my experience is crucial for any non-trivial directory-implementation someone wants to use:

* easy replication-setups with the possibility to create complex (!) topologies.

what i mean with that is maybe best described by the following "anecdote":

once upon a time i had the use-case of the migration of some mid-sized HPC-clusters - distributed memory - from "good old" NIS to LDAP.

ok ... sounds simple: pam-ldap and be done with it!!

sure, but what happens, if the LDAP main server fails!?

no problem, replicate to a second system as a "fail over" eg. HA ...

sure, but what happens if the network between the HPC-cluster and the LDAP server(s) fails!?

just replicate the directory "read only" to the head-nodes ...

sure, but what happens if the network "in cluster" fails!?

just replicate it to each node ...

now draw out the resulting topology ;))

why? because i wanted to keep the cluster(nodes) utilized even if the "worst case" happens.

last but not least: "openldap is a monster" ... sure, but define monster ... in my experience once you "groked" ldap and delved into the somewhat complex setup of openldap it "just works(tm)" ...

but: great project ... :+1: ... and its written in rust ... yawns ... ;)

just my 0.02€

Funny that the L in ldap stands for lightweight, and yet clearly there is interest in a lightweight version of what has become a somewhat bloated protocol.

I'm curious about other's experience with LDAP's supposed succesor: SCIM (http://scim.cloud). based on REST, it does sound simpler to implement & integrate compared to LDAP. but is it actually better compared to LDAP?

I've often thought that a large fraction of what LDAP does could be replaced by a /etc/passwd.d/ directory, with individual files for user accounts. Then the accounts could be synced without issue or race conditions. And it'd be much simpler to work with than that bloated protocol.

I use it for my home lab. Highly recommend

Hmm, shouldn’t it be lSLAPD or LDSA? After all, it is an LDAP server, not lighter weight protocol!

I like it very much. Fullfills all your SOHO SSO needs!

Not to be confused with LDAC, the audio codec (which is what I thought of when I clicked).