Can someone in the enterprise explain to me (who has never worked in a large enterprise) what LDAP actually accomplishes and why its better anything else? According to wikipedia:

Soo.... LDAP keeps track of phone numbers, contact info, corpate hierarchy info, and similar "stuff"? Wouldn't such data be better stored in (an extremely simple) database, flat text file with NIS, etc? Why are there 750 page books on LDAP 'programming'? Someone enlighten me.

Because, apart from other considerations, it's optimized for record search and retrieval (as opposed to insertion)

And you need highly optimized access to phone numbers and contact information?

Authentication, user profiles (eg email profiles), etc. at enterprise scale, etc., etc..

Distributable

See http://www.openldap.org/doc/admin24/...I%20use%20LDAP

LDAP is a world-wide directory system - or at least that was one of the original claims...
No one I know operates a public LDAP server, but corporations often have LDAP servers distributed across the globe and sharing information between different offices - well, sharing information that particular individuals may have rights to see that is. Don't expect to see the sales department's customer lists when you're in the "new kid" class.

LDAP looks to me like a very generalized protocol which has unlimited flexibility. Don't need all that?---don't use it!!

One thing I like is using the ldapsearch command in a terminal---once the config is set up, it's often the fastest way to find specific data---eg:

ldapsearch -X sn=webster|grep mobile

finds the mobile phone #'s for all users with last name "webster"

Our company puts the entire LDAP database (10,000+ people and other entities) on an open server--very handy.

A lot of time people tend to think of LDAP as a database. It is /not/ a database. It's a /protocol/ for accessing a database.

Linux comes with an openldap /database/ that you can install.

I make this distinction because I use ldap to access an active directory server and to access the openldap database.

Many identity management programs use ldap to communicate with a directory. For instance, when you login to your mortgage account, you give it a name + password. That name + password are then forwarded over to an identity management server. That server will then use ldap to connect to a Sun Directory server to verify the password. If the password is good, then it notifies the web server to allow you proceed and gives the web server information to put in a cookie for your browser so you don't have to type it in again as long as you stay on the web page.

Because there are many different types of back end databases, ldap is generally supported by those databases so that the database manufacturer doesn't have to write connectors for every single application that wants to access the database. If they make ldap available, then anyone with credentials can access and change data in the database.

Microsoft, Sun, Novell, and God knows who else all provide ldap connectivity.

Well said, i'm connecting my linux to a windoze domain, and one of the requirements in ldap to access the AD, and the other is Kerberos to authenticate.

Well said, i am connecting my linux box to my windoze domain, and one of the requirements is ldap to access AD and the other is Kerberos for authentication, and not to mention Tylenol also.