joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

LDAP Application Developers get off your collective asses already

by @ 9:44 pm on 7/12/2007. Filed under tech

I am about sick to death of running into LDAP apps that need hardcoded host names. What the hell is wrong with you people? There is a perfectly good RFC out there for locating LDAP Services (as well as other services) that works quite well and you still refuse to use it. FYI, if you don’t know about it, it is RFC 2782 – A DNS RR for specifying the location of services (DNSSRV) –

All you are doing is making your apps susceptible to single server failure and requiring businesses to try to solve issues with failover for you. You look like a bunch of schmucks, stop that shit. I know it can be done, I saw people doing it on UNIX more than five years ago.

Rating 3.00 out of 5

6 Responses to “LDAP Application Developers get off your collective asses already”

  1. Jef Kazimer says:

    Amen my brother!!!

    Do we still live in the world where enterprises have only 1 LDAP server? Application developers seem to think we do..

    We recently just had IBM in to troubleshoot their Websphere portal crashing over and over. They had made a stink that we didn’t have redundant LDAP servers, when in fact we have hundreds of replicas, but they can only use one of them in their configuration.

    So the problem is surely not just the smaller development houses…

  2. joe says:

    Jef: Oh yes, IBM and WebSphere, boy do I have some “memories” from that product from about 2002/3 time frame. You will note I didn’t mention any specific company names… In actual fact some of the worst AD “integrated” programs I have had to deal have come out of some of those places like IBM and EMC and others…

  3. jingalls says:

    I know ONE company that has Websphere, among others, and the EAs/DAs, per their mgr., have to KEEP TRACK of what apps have hardcoded to which DC. I’m glad I don’t work there anymore. 🙂

  4. Mike Bouck says:

    Anybody try sticking a bundle of DCs behind a CSM ? I’ve often thought about writing some middle-ware for serving up LDAP but never do because it creates a single-point-of-failure. May be relegated to sticking ADAM (with a read-only partition) on every application server that performs LDAP queries.

  5. joe says:

    Mike: I recall someone doing that and running into issues with it, I don’t recall the details though.

    As for ADAM read-only partitions… how will you accomplish that? I have some theories but there is no way to guarantee the read only nature.

  6. Robbie Allen says:

    Hi Joe,
    Long time no talk. I totally agree about hardcoding hostnames. However, in some situations locating the closest DC is an expensive operation. For non-Windows based systems that aren’t site aware, finding a “close” DC can involve several LDAP and DNS queries. If the app is attempting to provide authentication capabilities with AD on the backend, doing all of these queries can impact performance. The alternative is to use non-site based SRV records with a single query, but then you might end up with a DC on the other side of the world.

[joeware – never stop exploring… :) is proudly powered by WordPress.]