LDAP has succeeded in making X.500 more accessible and is largely responsible
for a substantial increase in X.500 client development. Despite this success,
X.500 deployment on the Internet remains disappointing. One reason for this
is the heavyweight nature of X.500 servers; to take advantage of the proliferation
of LDAP clients to access local data, a site must first bring up a full
X.500 service. To address this problem we are developing a stand-alone
LDAP server called slapd. Slapd exports the same LDAP functionality
described above but is backended by its own local database, not by X.500.
To prevent stand-alone LDAP servers from being isolated from the rest of
the X.500 world, we have made a compatible extension to LDAP that allows
the return of referrals to the client. This adds some complexity on the
client side to follow the referrals, but in return we gain simplicity in
the server.
The 1993 version of the X.500 standard includes many features missing from
1988 X.500, on which LDAP is based. Among the new features are access control,
replication, schema management, and various DAP extensions. A new version
of LDAP is under development by the Internet Engineering Task Force that
will incorporate some of these features, as well as address some security
concerns with the present version of LDAP, such as its lack of strong authentication
and integrity insurance capability.
The DAP extensions include the ability to retrieve search results a "page"
at a time, specify a byte limit on the size of an attribute to return, treat
the attributes of a DN as part of the entry during a search, and more. The
security features being considered include strong (public key-based) authentication,
and signing of operations.
Finally, with the growing popularity of the World Wide Web, we see interesting
and exciting possibilities for merging the two technologies. Work has already
begun on defining a URL format for LDAP [3], and a URL-valued attribute
for X.500 [8].