After spending hours wrapping my head around OpenLDAP and creating a single instance of it, getting 5 test servers to authenticate against it, and seeing it work I had to stop and think to myself, “Why the hell is this so hard?”
LDAP or Lightweight Directory Access Protocol is a way to store and access data. It’s usually used for storing contact information and passwords so that you can have a single source of this information for the many services a network provides. Makes updating passwords much easier.
OpenLDAP is essentially just a database. A hierarchical key/value store with search and indexing capabilities. It seems to be engineered to be difficult on purpose, but always comes up first in Google searches, so I assume it’s the leader in it’s field.
If that’s what I need to do to figure out LDAP, fine I’ll do it, and honestly after a bit, it did get easier once I saw how the server was architected. Then I tried to slave another backup LDAP server to it.
Bad move. I mean.. I assume it’s possible, and there’s probably lots of smart people who can set it up in seconds, or minutes or something faster than the hours I spent before I gave up trying to get it to work.
Typically in the linux world, the documentation isn’t super great. It makes perfect sense to the person who’s already familiar with the system, but a little worse for learners. And I have to admit, I didn’t hop on my neighborhood IRC channel to ask for help, or mail list.
After poking around a while I found OpenDJ. A Java based LDAP server. Keep in mind that I’m not a fan of Java’s typical memory-hogging meager performance, but I was a little desperate to find something to vindicate my strategy of using LDAP in the first place.
Surprisingly it was a pleasant experience, not unlike my surprise when first using Jenkins.
Go check out their quickstart guide!