Re: LDAP outcome entry
Aaron Stone <aaron@serendipity.cx> Tue, 23 February 2010 19:06 UTC
Return-Path: <aaron@serendipity.cx>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0BF7728C1CA for <apps-discuss@core3.amsl.com>; Tue, 23 Feb 2010 11:06:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.643
X-Spam-Level:
X-Spam-Status: No, score=-1.643 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dBYjYS0s8jMF for <apps-discuss@core3.amsl.com>; Tue, 23 Feb 2010 11:06:57 -0800 (PST)
Received: from slice.serendipity.cx (slice.serendipity.cx [67.23.2.90]) by core3.amsl.com (Postfix) with ESMTP id E9CA63A7D92 for <discuss@apps.ietf.org>; Tue, 23 Feb 2010 11:06:56 -0800 (PST)
Received: from mail-pw0-f49.google.com (mail-pw0-f49.google.com [209.85.160.49]) by slice.serendipity.cx (Postfix) with ESMTPSA id A6D07110100 for <discuss@apps.ietf.org>; Tue, 23 Feb 2010 11:16:03 -0800 (PST)
Received: by pwj2 with SMTP id 2so2717584pwj.22 for <discuss@apps.ietf.org>; Tue, 23 Feb 2010 11:08:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.141.107.10 with SMTP id j10mr1557652rvm.282.1266952134070; Tue, 23 Feb 2010 11:08:54 -0800 (PST)
In-Reply-To: <4B838DBB.4060804@ninebynine.org>
References: <4B82AF43.1090304@dcrocker.net> <4B838DBB.4060804@ninebynine.org>
From: Aaron Stone <aaron@serendipity.cx>
Date: Tue, 23 Feb 2010 11:08:34 -0800
Message-ID: <1629dc8c1002231108s49c3ce70lda09b38eeb6f6a20@mail.gmail.com>
Subject: Re: LDAP outcome entry
To: Graham Klyne <GK-lists@ninebynine.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: discuss@apps.ietf.org, dcrocker@bbiw.net
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2010 19:06:58 -0000
On Tue, Feb 23, 2010 at 12:11 AM, Graham Klyne <GK-lists@ninebynine.org> wrote: > Dave CROCKER wrote: >> >> 2. Usage: My impression is that LDAP is hugely deployed and used within >> enterprises, so that the ++ is correct. Yes? I'm curious about the >> listing's asserting significant derivative work. While it makes sense there >> would be this, I'd like to get confirmation here. > > Some work I'm doing at the moment seems to indicate that Microsoft's > active directory service is significantly a combination of Kerberos and > LDAP. > To the extent that AD "supports" LDAP, the ++ would seem to be justified > [1]. Active Directory is a combination of Kerberos, LDAP, and Windows RPCs for domain control. The LDAP part is quite interoperable since first release in Windows 2000, the Kerberos part has become increasingly interoperable, and the Windows RPCs and CIFS are now supported by Samba (though I don't think CIFS ever made it off the ground for open standardization). I managed a fairly large Win2k domain, wrote several LDAP authenticated web applications, and LDAP authentication for a mail system, from 2001 to 2004, so I can definitely attest to deployment and usefulness of this combination. > AFAICT, LDAP is also widely deployed for authorization data in SSO > environments like University networks. Yep, my university and every company I've been at. > It also appears to be a popular > authorization framework for use with Samba. I wish it were easier to deploy small setups for home and small business users, though :\ > #g > -- > > [1] "AD added many features, the most important of which was LDAP support" > -- http://www.symas.com/documents/Adam-Eval1-0.pdf, cited by wikipedia > page on AD > > > > > _______________________________________________ > Apps-Discuss mailing list > Apps-Discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss >
- Re: LDAP outcome entry Eliot Lear
- Re: LDAP outcome entry Dave CROCKER
- RE: LDAP outcome entry Steve Kille
- LDAP outcome entry Dave CROCKER
- Re: LDAP outcome entry Dave CROCKER
- RE: LDAP outcome entry Steve Kille
- Re: LDAP outcome entry Graham Klyne
- Re: LDAP outcome entry Aaron Stone
- Re: LDAP outcome entry Dave CROCKER
- Re: LDAP outcome entry Peter Saint-Andre
- Re: LDAP outcome entry Graham Klyne
- Re: LDAP outcome entry SJ Kissane