File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Active Directory vs. LDAP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Active Directory vs. LDAP" Watch "Active Directory vs. LDAP" New topic

Active Directory vs. LDAP

Tom Stevns
Ranch Hand

Joined: Nov 20, 2001
Posts: 122
We have just implemented LDAP successfully.
But I still need a lot of good arguments for implementing LDAP instead of Active Directory.
So Please reply if you have some important knowledge.

Regards Tom Stevns, SCJP2
Clayton Donley

Joined: Mar 03, 2003
Posts: 27
I know people who use both. Clearly if you're a Windows shop there is going to be a lot tighter integration between out-of-the-box tools that run on that platform and Active Directory. Also hard to come up with a good reason not to go the Active Directory route if you're already managing all of the organization or site's users in a Windows environment, since you're really not going to be able to effectively replace all of the functionality of Active Directory in a Windows environment without being very invasive by changing around DLLs and such.
On the other hand, going to a pure LDAP will allow you to take better advantage of some software that comes out of the box with LDAP support (policy servers, Java application servers, etc...). If you're developing primarily Java-based applications to use the directory, pure LDAP is almost always the best way to go, since certain functionality in Active Directory is not available via LDAP and therefore can not be accessed via pure-Java APIs such as JNDI and JLDAP (only ADSI, so prepare to use Visual Studio .NET to write some JNI if your application or portal requires password self service functionality).
As far as server operation I don't see a lot of difference. Some non-AD LDAP directories certainly promise higher levels of scalability, particularly when used on high-end hardware that AD won't run. The old argument that AD is too tied to the OS is a little less persuasive these days because of Microsoft's application directory strategy.
[ March 17, 2003: Message edited by: Clayton Donley ]

Clayton Donley, CTO<br />Octet String, Inc.<br />Phone: +1-847-358-9358 ext. 111<br />Email:<p>Author: LDAP Programming, Management, and Integration<br />Manning: <a href="" target="_blank" rel="nofollow"></a><br />Amazon: <a href="" target="_blank" rel="nofollow"></a>

Joined: Jun 13, 2003
Posts: 3
I'm starting out investigating what shortcomings there are in using AD in a Webphere application. AD is, for good or bad, the "best" available directory in this Co. I don't want to have to invent new directories here or registries.
Can anyone point me to a source of information on using AD with Java/Websphere?
I agree. Here's the link:
subject: Active Directory vs. LDAP
It's not a secret anymore!