Most directories don’t contain much information. They contain people data — user names, associated credentials (hashed password, X.509 certificate), addresses (email, physical, telephony, etc.); group data — lists employed to associate roles and permissions with people or as email distribution lists; and sometimes also server/service (physical and logical) data. And that’s just about it.
There are exceptions, however. The notable ones seem to be:
- Active Directory. This is becoming Microsoft’s, and therefore, many organizations’, primary repository for information about people, group, and server/service data.
- Identity Management Vendors. They use directories as the central place to store information about people, resources, and access privileges, across many applications and systems.
- Corporate Developers. Sometimes, not terribly often, they find that off-the-shelf products don’t provide a good model for things like customer, products, bills-of-material, and so on; and that the flexible hierarchy provided by a directory is a good tactical fix.
… David Ferris, with thanks to Nick Shelness and Persistent Systems’ Sameer Karmarkar