7. Future Work

LDAP has succeeded in making X.500 more accessible and is largely responsible for a substantial increase in X.500 client development. Despite this success, X.500 deployment on the Internet remains disappointing. One reason for this is the heavyweight nature of X.500 servers; to take advantage of the proliferation of LDAP clients to access local data, a site must first bring up a full X.500 service. To address this problem we are developing a stand-alone LDAP server called slapd. Slapd exports the same LDAP functionality described above but is backended by its own local database, not by X.500.

To prevent stand-alone LDAP servers from being isolated from the rest of the X.500 world, we have made a compatible extension to LDAP that allows the return of referrals to the client. This adds some complexity on the client side to follow the referrals, but in return we gain simplicity in the server.

The 1993 version of the X.500 standard includes many features missing from 1988 X.500, on which LDAP is based. Among the new features are access control, replication, schema management, and various DAP extensions. A new version of LDAP is under development by the Internet Engineering Task Force that will incorporate some of these features, as well as address some security concerns with the present version of LDAP, such as its lack of strong authentication and integrity insurance capability.

The DAP extensions include the ability to retrieve search results a "page" at a time, specify a byte limit on the size of an attribute to return, treat the attributes of a DN as part of the entry during a search, and more. The security features being considered include strong (public key-based) authentication, and signing of operations.

Finally, with the growing popularity of the World Wide Web, we see interesting and exciting possibilities for merging the two technologies. Work has already begun on defining a URL format for LDAP [3], and a URL-valued attribute for X.500 [8].


[Contents] [Previous] [Next]