| |
Centrinity LDAP FAQ
Given the large number of questions that come in on the topic of LDAP and Centrinity's support of LDAP within the FirstClass product, I thought I'd create this FAQ document which attempts to answer the most common questions.
Q. What is LDAP?
A. LDAP is a directory access protocol used to search, read and write directory information over a network. It stands for Lightweight Directory Access Protocol, and is derived from DAP which is an X.500 protocol, and fairly complex. X.500 specified protocols for User Agent (client) access to directories and also protocols for directory servers to communicate with each other. DAP is the client protocol, and LDAP is the lightweight adaptation of this.
Q. When did Centrinity add LDAP support to FirstClass?
A. LDAP support was added to FirstClass Internet Services in version 5.5.
Q. What version of LDAP does FirstClass support?
A. FirstClass Internet Services currently supports LDAP v2.
Q. What does "LDAP support" mean in the context of FirstClass?
A. Our current (as of FC7) LDAP support consists of Internet Services listening on the LDAP TCP port (389) and servicing lookup requests presented there. In other words, the FirstClass directory can be accessed through LDAP, which is the sort of functionality needed for LDAP clients (including email clients that use LDAP such as Outlook Express) to look up the email addresses of users in the FirstClass directory. Our LDAP implementation supports both authenticated and unauthenticated access. Our LDAP module does not support updating of the FirstClass directory through LDAP.
Q. How much of the directory can an unauthenticated user see through LDAP? How much can an authenticated user see?
A. The view of the directory as seen through LDAP (or any other protocol) is set by the system admin by using the server's directory filtering feature. So, the admin can make unauthenticated users unable to see any of our directory, while users could continue to see a full directory when authenticated. When authenticated, users see their normal directory view, including their network address book.
Q. How does the FC7 "single sign in" feature affect LDAP integration, or does it?
A. In FC7 we are introducing a mechanism for third party developers to add external authentication modules into the FirstClass server. No external authentication modules will ship with FC7, however, we do have a new sample database extension which provides basic external LDAP authentication. It is suitable for use as-is, or can be used as a skeleton example for custom LDAP authentication or custom authentication using other external sources. It is not an officially supported product. This sample application can be found in the DBTK v2.4 and later which can be found in the downloads section of our web site (http://www.centrinity.com/Downloads/Toolkits/DBToolkit).
Q. Why doesn't FirstClass use LDAP, NDS, or Active Directory for it's directory subsystem?
A. FirstClass is a robust and scalable collaboration system, and as such, it needs a powerful directory subsystem which is capable of keeping up with the demands of such a system. These demands include the need to handle thousands of updates per hour, tens of thousands of log-ins per hour, hundreds of thousands of message delivery look-ups per hour, and millions of user information look-ups per hour. The systems mentioned in the question were designed with only the login problem in mind and struggle to keep up with that.
|