On November 11th, a group of enthusiasts gathered in Edinburgh, Scotland, to attend the fifth edition of LDAPCon. This biennal conference on LDAP and, more broadly, on Identity Management, authentication and permission issues is the opportunity to meet the major players in these fields. Directory Services and management tools developers, recognized integrators and advanced users shared loads of informations in these two days, taking stock of the activity of the community and ensuring that it is alive and well!
Personally, I was there primarily as a member of the LemonLDAP::NG, LDAP Tool Box and LDAP Synchronization Connector communities. I had the opportunity to give a talk on the OpenID Connect protocol. It was the first time I was going to represent Savoir-faire Linux, one of the event’s corporate sponsors, whose « I ♥ LDAP » badges have been much appreciated. 😉
The opening conference was given by David Goodman — a prominent figure in the field that has worked since the 1990s on X.500 and then on LDAP in organizations such as IBM, Nokia or Ericsson.
David picked up with Ludovic Poitou’s 2011 conference and its provocative title: “Is LDAP dead?” Two years later, it is clear that this is not the case and David tries to imagine what it will be like in 2020.
To this end, he traces the history of the protocol starting with X.500 that he helped publicize via PARADISE (Piloting A ReseArchers’DIrectory Service for Europe), a project for telecom providers to prove that it was a viable protocol. But facing X.500 complexity and integration issues with Mac and Windows clients, the designers of X.500 imagined LDAP — first as a gateway to X.500, then as an independent standard. Finally, Netscape announced it would support LDAP in 1996 and a year after, LDAPv3 came out and X.500 was considered dead.
So what about today? Key players (Oracle, IBM, CA, Microsoft, to name a few) are all offering solutions based on LDAP. However, the Cloud revolution appears to leave this standard out. Azure AD, for example, does not offer LDAP access. It is also noted that developers are now more keen on API XML or JSON than they are on native LDAP — not to mention the NoSQL database popularity.
Finally, what does the future hold for LDAP? This standard is still significantly established in the current ecosystem and will not be forgotten five years from now. But in order to make sure it does not turn into another obsolete technology it must address new needs related to cloud computing, performance, development tools, combination with other standards such as SCIM, for instance.
It was uneasy to start this LDAP event by giving a talk on a whole different protocol but this is the way the schedule had been designed. So I quickly presented the OAuth 2 standard before getting to OpenID Connect — a protocol based on OAuth 2 and the javascript security layer JOSE for signature and JSON data encryption.
Compared to SAML, OpenID Connect is the next-generation — REST implementation, offline mode, mobile application-ready, and so on.
I have noticed that, despite its youth — it was not a standard until 2014 — this protocol is already well known and attracts a great deal of corporate players and community interest, both having already integrated it in their products or preparing themselves to do so in the upcoming months. This is the case for LemonLDAP::NG which will support OpenID Connect starting with version 2.0.
All the talks given during these two days were fascinating and it would be challenging to summarize them in this article. Check the presentations available on the LDAPCon 2015 website if you are interested.
Key points to bear in mind:
slapmodify/slapdelete tools, OpenSSL elliptic curve support, a TOTP module, database or overlay deactivation in cn=config and everything that was discussed above. 
The LDAPCon is an international conference on LDAP technology and the issues such as identity management, authentication and empowerment. LDAPCon is a biennial event and this year it will take place from 19 to 20 October in iconic city of Brussels, the capital of Belgium, where the business of the European Union and NATO is run. In the […]
This article aims to explain how to automate the installation as well as configuration of Nexus’s Repository Manager version 3.x with Ansible. Ansible is a deployment tool, which enables playbooks to automate applications […]
We are happy to have completed a joint project – an informative video – with Microsoft on the relevance and significance of open source technologies in the Azure cloud environment. First Microsoft Open Source Partner in Canada We are the first “Microsoft Open Source Partner” in Canada. This partnership has been a testimony to our […]
The city of Villeurbanne (France) is interested in open source technologies and has chosen Lemon LDAP::NG to control its users’ access rights. The city of Villeurbanne had many web applications where the authentication was already delegated to a central CAS server (Central Authentication Services), modified to Villeurbanne’s needs, to give access to current internal users […]
After months of negotiation, the Red Hat Microsoft cloud partnership was announced on November 4th. This agreement of historic proportions heralds radical changes in the global computing ecosystem. It will have significant impacts on many organizations in Quebec and elsewhere in the world. This partnership deals with two important elements: Public cloud with Azure Microsoft’s […]
[…] had the opportunity to talk about this new protocol in many conferences as the LDAPCon on last […]