[ppml] LDAP? Why not?

Michael.Dillon at radianz.com Michael.Dillon at radianz.com
Fri Jul 25 11:00:40 EDT 2003

>FYI, for documentation of a project that put considerable
>effort into attempting to do just that for domain whois, see
>In particular, Section 6 ("Lessons Learned") describes pretty
>plainly the disappointments that LDAP could not be used "out
>of the box".

I've read this document and the lessons learned are not what you claim.
In 6.1 they seem to be complaining that their original plan to map
the hierarchical domain name structure onto a relational database
caused problems. Perhaps that's because a relational database is not
a good datastore for hierarchically structured data? In any case, there
is more than one way to map an LDAP schema onto a relational database
and not all of them suffer this problem.

In 6.2 the author points out that the issue was not with LDAP but with 
a characteristic of the problem they were trying to solve.

In 6.3 the author points out that they could have designed a better schema 

if they had considered the needs of their GUI search client.

In 6.4 they discovered that there are no magic bullet solutions that will
do everything for everybody. Just because SQL is a standard database
access method doesn't mean that you can make a useful SQL client to access
any SQL database. Same thing with LDAP.

In 6.5 the author noted that they could have designed a more effective 
model if they had used DNS SRV records to locate the appropriate LDAP 

In 6.6 they noted that some people really want a bulk data download 
and a directory service isn't a good way to do this.

None of these lessons indicate a problem with LDAP.

>Having made that effort, note that the author of the document
>(and main proponent of the project) is now behind the *non* LDAP
>proposal for domain whois replacement in the IETF CRISP working

The CRISP working group has defined two different methods for replacing a 
of directory services including domain whois and ip address whois. One of 
the two
methods is based on LDAP and is called FIRS. The bulk of the work in 
defining FIRS 
has been to define the LDAP data schema. There is a second proposal called 
IRIS that
is based on XML but that is more complex because XML is just a data 
format, not 
a protocol. It remains to be seen whether LDAP's advantage of having a 
working protocol
with referral and replication will overcome the sexiness associated with 

I'll just note that it is a straightforward mapping to take LDAP data and 
present it
in XML format because the hard work of structuring the data has already 
been done. If
people need to feed XML into other tools, this conversion could easily be 
done by
an LDAP client. 

--Michael Dillon

More information about the ARIN-PPML mailing list