Posted by: cmani2010 | April 30, 2009

LDAP or RDBMS – which one to use?

We were at a potential customer last week, where the problem statement was:

  1. We have several applications using RDBMS as the user repository, for user authentication. There are several databases for users, which may potentially have duplicates/li>
  2. We are expecting to grow rapidly, the current requirement of users is large and expected to grow exponentially.
  3. We would like to use Single sign on, in future

Considering the number of users required, and the primary requirement being user authentication, using an LDAP server like Sun Directory server enterprise edition (DSEE), seemed to make sense, and that’s what we suggested. The next question was (similar to other customers), why do we need LDAP? and how does it compare it to a RDBMS? There are several, several reasons for using an LDAP server (like Sun DSEE or OpenDS) in these situations, like read’s tend to be a lot faster, high availability situations like multi-master replication etc. Thanks to my friend Rajiv, we managed to get hold a fantastic technical white paper that highlights the difference’s between LDAP and RDBMS, and where to use, what. I have uploaded it here, as I was unable to refer to the original Sun location.

I have reproduced this table here, from the whitepaper :

Of course, this does not solve the problem of removing user data duplication, which was the other requirement. For that, you will need a product like Sun Identity Manager, which will be used for data reconciliation, user synchronization, to basically create a “authoritative user repository” !! This is the key step, the next step, will be to roll-out things like single sign on etc ..



  1. Mani,
    This white-paper is getting quite old, as Sun will soon be offering a way to get both LDAP and SQL access to the same data with OpenDS, and it’s support for MySQL Cluster Database as the data storage.
    This was announced last week at the MySQL conference. See

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: