LDAPCon 2015 — Quick notes and what to expect from OpenLDAP 2.5

On November 11th, a group of enthusiasts gathered in Edinburgh, Scotland, to attend the fifth edition of LDAPCon. This biennal conference on LDAP and, more broadly, on Identity Management, authentication and permission issues is the opportunity to meet the major players in these fields. Directory Services and management tools developers, recognized integrators and advanced users shared loads of informations in these two days, taking stock of the activity of the community and ensuring that it is alive and well!

LDAPCon2015

Personally, I was there primarily as a member of the LemonLDAP::NG, LDAP Tool Box and LDAP Synchronization Connector communities. I had the opportunity to give a talk on the OpenID Connect protocol. It was the first time I was going to represent Savoir-faire Linux, one of the event’s corporate sponsors, whose « I LDAP » badges have been much appreciated. 😉

ldapcon_2015_badges

Opening conference: LDAP in 2020?

The opening conference was given by David Goodman — a prominent figure in the field that has worked since the 1990s on X.500 and then on LDAP in organizations such as IBM, Nokia or Ericsson.

ldapcon_2015_david_goodmanDavid picked up with Ludovic Poitou’s 2011 conference and its provocative title: “Is LDAP dead?” Two years later, it is clear that this is not the case and David tries to imagine what it will be like in 2020.

To this end, he traces the history of the protocol starting with X.500 that he helped publicize via PARADISE (Piloting A ReseArchers’DIrectory Service for Europe), a project for telecom providers to prove that it was a viable protocol. But facing X.500 complexity and integration issues with Mac and Windows clients, the designers of X.500 imagined LDAP — first as a gateway to X.500, then as an independent standard. Finally, Netscape announced it would support LDAP in 1996 and a year after, LDAPv3 came out and X.500 was considered dead.

So what about today? Key players (Oracle, IBM, CA, Microsoft, to name a few) are all offering solutions based on LDAP. However, the Cloud revolution appears to leave this standard out. Azure AD, for example, does not offer LDAP access. It is also noted that developers are now more keen on API XML or JSON than they are on native LDAP — not to mention the NoSQL database popularity.

Finally, what does the future hold for LDAP? This standard is still significantly established in the  current ecosystem and will not be forgotten five years from now. But in order to make sure it does not turn into another obsolete technology it must address new needs related to cloud computing, performance, development tools, combination with other standards such as SCIM, for instance.

OpenID Connect

It was uneasy to start this LDAP event by giving a talk on a whole different protocol but this is the way the schedule had been designed. So I quickly presented the OAuth 2 standard before getting to OpenID Connect — a protocol based on OAuth 2 and the javascript security layer JOSE for signature and JSON data encryption.

LDAPCon2015_OpenIDConnectCompared to SAML, OpenID Connect is the next-generation — REST implementation, offline mode, mobile application-ready, and so on.

I have noticed that, despite its youth — it was not a standard until 2014 — this protocol is already well known and attracts a great deal of corporate players and community interest, both having already integrated it in their products or preparing themselves to do so in the upcoming months. This is the case for LemonLDAP::NG which will support OpenID Connect starting with version 2.0.

Other talks

All the talks given during these two days were fascinating and it would be challenging to summarize them in this article. Check the presentations available on the LDAPCon 2015 website if you are interested.

Published by

Clément Oudot

A Free Software and Identity Management enthusiast, Clément is a spercialist of infrastructure and security. He works with and contributes to software projects such as LemonLDAP::NG, OpenID Connect, LDAP Synhronization Connector and LDAP Tool Box. Clément joined Savoir-faire Linux Europe in June, 2015. [Twitter] [LinkedIn] [Viadeo] [SlideShare] [Lanyrd]

One thought on “LDAPCon 2015 — Quick notes and what to expect from OpenLDAP 2.5”

Leave a Reply

Your email address will not be published. Required fields are marked *