"After deploying the basics of LDAP from the first part, now you
dive into practical usage of LDAP in the wild. Some of the
biggest ISPs authenticate everything they can against their LDAP
trees, starting with RADIUS (Remote Authentication DIalin User
Service), going over to the complete employee index, up the
authentication of the firewalls and SecureID cards. Each of these
LDAP trees are big. Searches take time before matches are returned.
A service like RADIUS runs fast into a timeout, so think about
this before you plan your LDAP tree."
"The next issue worth your attention is LDAP security. By
default, LDAP's only built-in features are the access lists of the
slapd.conf file, where you can define read-only or write access for
certain users or certain distinguished names. This strong and
complex feature is fairly useful. However, you must add a extra
layer of security when sending LDAP data over the wires. It is
clear text per default, but TLS (transport layer security) can be
used. Newer versions (many vendors ship a version < 2.0) do
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.