
Ldap.js - vier
http://ldapjs.org/
======
stdbrouw
I did a lot of work with LDAP half a year ago, and the concept of ldap.js was
the first thing that sprung to mind as a way to make the whole experience more
developer-friendly. Only I was too lazy too actually go ahead and build it...
kudos to Mark Cavage for pulling this off :-)

There's just something very wrong about having to use 90s database technology
solely because people like (or are stuck with) the associated protocol.

~~~
charlieok
I wouldn't call LDAP "90s database technology" because a much better word
choice would be "directory". The data is arranged in a tree, in very much the
same way directories on your local filesystem are arranged in a tree.

I think the primary use case is to allow user records for a site to be very
distributed, therefore fast and highly available. DNS for people/accounts,
maybe.

It's even web friendly, in the sense that ldap:// identifiers are urls.

You might be able to argue that it was a NoSQL solution over a decade before
NoSql was cool, however :)

[http://www.engineyard.com/blog/2009/ldap-directories-the-
for...](http://www.engineyard.com/blog/2009/ldap-directories-the-forgotten-
nosql/)

~~~
acdha
"90s database technology" in the sense that it's hard to work with and the
support costs are unnecessarily high. The protocol is hard to work with -
which makes debugging less appealing and thus most people avoid trying - and
no server I've seen with the arguable exception ActiveDirectory has well-
designed logging for typical sysadmin needs.

Beyond that everyone other than Microsoft uses the OpenLDAP code, which has a
number of basic errors and rough-edges. slapd has numerous deadlock conditions
and the only backend which doesn't have a low risk of corrupting your data
(MySQL) is discouraged. The client libraries had basic design failures for
aeons - the most glaring being the assumption that the network is perfect and
will never drop or delay packets (timeouts are checked after blocking
operations return, which takes several days due to retries at multiple
levels). This means that OS X, Linux, FreeBSD, etc. clients will become
unusable if your LDAP server is less than perfect - and since slapd deadlocks
under normal use, this will occur sporadically. The developers were largely in
denial about this - my patch to set SO_RCVTIMEO / SO_SNDTIMEO was ignored with
unproven claims that this would magically work in the bleeding-edge trunk
version (untrue then, could have changed now) but the libpam-ldap maintain is
more conscientious so the similar patch there was accepted a couple years ago
so at least Linux clients actually attempt to failover.

~~~
charlieok
You definitely have more detailed knowledge of LDAP than I do. Do you know if
there is a better alternative? One which could serve as a user directory for
most or all of the major desktop and mobile operating systems?

~~~
acdha
The problem is a massive network effect: almost everything supports LDAP -
even Active Directory uses LDAP under the hood - and so there's a real network
effect working against attempts to introduce something simpler. I was half-
tempted to say "Facebook" since I'd lay even odds that LDAP won't be replaced
by a similar network protocol rather than something which brings other selling
points to increase the benefit of switching, and indeed it's becoming more and
more common to use web-based authentication systems so that might be the
eventual successor.

Something like ldap.js does seem like a good compromise: using a real database
and a modern implementation without so much legacy baggage would probably be
the best bet as you wouldn't be forced to upgrade every client just to get a
working server.

~~~
charlieok
Web(http)-based or not, I'm interested in network protocols that aren't tied
to a specific website, or otherwise encumbered.

By now somebody must have designed a decent protocol mapping LDAP's data model
directly onto a nice RESTful API that R. Fielding and TBL would be proud of.

That should make for a good upgrade path, no?

------
stdbrouw
Also (almost forgot), for people looking for straight-up MongoDB integration,
EDS should work out of the box: <https://github.com/master/eds>

------
username3
<https://github.com/joewalnes/node-ldapauth>

~~~
novumordo
For those interested, node-ldapauth covers a very small, specific set of use
cases. I had to heavily modify it to work with my LDAP server. ldap.js looks
much nicer and I wish it existed 6 months ago.

------
nodebunny
Awesome idea! I just got node.js installed so I'll keep this one bookmarked

------
chrisbroadfoot
Wish I had this when I was using JScript to extract stuff from Active
Directory.

 _shudder_ I still have bad memories of GetObject("LDAP://

------
georgefox
Relatively off-topic: The API and Page Contents menus open and immediately
close for me in Firefox. Chrome works fine.

