LDAP vs Relational Database

authentication ldap authorization relational-database
10,339

Solution 1

For authentication and authorization purposes, in my opinion LDAP provides the best mix between performance and simplicity or installation and maintenance. LDAP as a protocol is quite small, requiring relatively little network bandwidth. The small protocol also makes encrypted transmission fairly high-performance.

LDAP is also simple, servers are easy to deploy, and modern, professional-quality LDAP servers provide impressive performance vs. relational database, all other things being equal such as hardware and query type.

I agree that either could be used in your case, but generally LDAP is better for authentication and authorization because of its simplicity and lower maintenance costs. As for performance, the LDAP server with which I am testing provides about 28,000 authentications per second vs. postgres providing about 42% of that number on the same hardware, though it is difficult to compare apples and oranges.

Modern professional-quality LDAP servers also provide extremely powerful and fast cryptographic hashes for secure password storage - as well as reasonably strong reversible block ciphers like AES in the event a reversible password is required if the client must SASL's DIGEST-MD5 mechanism for password-less authentication.

Solution 2

I agree with Al, it is impossible to say generally which is faster. It's all contextual. I love that after this truism, Al then offers up a general opinion that LDAP is slow. :) I digress...

Joking aside, it comes down to what you're trying to do vs. what the target system is optimized to do. MySQL/MSFT SQL Server/etc. are built as general purpose stores where you will (tend) to store normalized data with a variety of query patterns over the data. They have all sorts of logic at many layers of the stack to try and help you do a variety of types of queries & computations over your data, and even let you hint things in to the QP when you know best. LDAP directories tend to be optimized quite differently...like for the storage of hierarchically organized objects with a specific set of query patterns over it (as specified by LDAP RFCs). AD for example is fast...quite fast. It's optimized for object search & retrieval and associated operations (like auth).

Like anything, you can use either well or poorly.

Short of being in a crazy scale mode, I suspect you could use either quite successfully.

Share:
10,339
saada
Author by

saada

Computer Science Student and Research Assistant at Arizona State University

Updated on June 04, 2022

Comments

  • saada
    saada almost 2 years

    I come to you after a desperate disappointing search online for an answer to my question: Which one is faster: LDAP or Relational Database?

    I need to setup a system with both authentication and authorization of users. I know LDAP has the "structure" for that kind of need, but is it really faster than, say, MySQL?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Linux Central Authentication/Authorization Methods
undefined method `admin?' for nil:NilClass
User authentication over LDAP in asp
LDAP authentication failed:data 52e
LDAP Authentication on Windows
Could not authenticate you from Ldapmain because "Invalid credentials for user.name"
The proper way of implementing user login system
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found in ASP.NET Core 2.0
Uncategorized exception for using correct credentials in LDAP authentication
How to Deactivate a LDAP User?