To be fair, though, that's sort of how the RFC process works. For example, TCP is kind of a rat's nest of documents too: <a href="http://www.networksorcery.com/enp/protocol/tcp.htm#RFCs" rel="nofollow">http://www.networksorcery.com/enp/protocol/tcp.htm#RFCs</a>
As someone who has had to maintain a midsized openldap setup I can only agree wholeheartly: The day the LDAP dinosaur dies will be a happy day.<p>LDIF is sort of bearable once you found proper tooling (ldapvi!) and overall the whole thing looks quite sensible and usable at first. For a few minutes. Right after installing slapd and adding your first organizationalPerson.<p>A few hours later, after wiring up a few applications, things will unfortunately have changed for the worse. Your schema is now cluttered with insane amounts of cruft and redundancy, because every application that supports LDAP (which is not the most common feat in first place) seems to have a slightly different idea of what your schema should look like or what a good password hash is.<p>Getting to the point of true single-signon is a major undertaking. And during large parts of that journey you will feel a lot like Indiana Jones. You get to puzzle together fragments of ancient documentation while fighting off a mythologic multi-headed hound. You get to spend hours in endless dungeons of subtle incompatibilities and meaningless error messages. And if you ever get bored there's always a fair share of cryptology waiting for the inquiring archeologist, sometimes humorously declared as "documentation" - but usually just in the form of brief S.O.S-messages carved into a usenet stone-wall somewhere on the internet. Sometime in 1983. By some other poor soul stumbling around in a similar - but of course not compatible and long deprecated - maze.<p>Yea, lots of fun can be had with LDAP. Not.
So, in the same spirit...<p>Why nobody uses DNS:
<a href="http://www.faqs.org/rfcs/np.html#DNS" rel="nofollow">http://www.faqs.org/rfcs/np.html#DNS</a>
LDAP doesn't pass the Global Disaster test. That is, if some global disaster happened and we lost most of our computing resources and had to rebuild from the ground up we would not rebuild LDAP. We'd do something much better.<p>I'd also put SMTP, POP3, and IMAP in this category.
Pretty sure that Zimbra's email server uses LDAP "under the covers". The Zimbra mail server is behind Comcast's email system, and many other ISPs and hosting companies use it as well.
Nobody as in "every company, small and large, I've ever worked for in the software, automotive, telco and banking industry". Also, ActiveDirectory is an LDAP at the end of the day. RedHat just started their own LDAP server with the old Netscape sources a few years ago.<p>I agree that getting started with LDAP when you are only used to relational databases is a real pain. On top of that, a lot of software with "LDAP support" is pretty bad at it. But once you have it up and running, you can integrate it with almost everything. I'm a big fan of the Sun LDAP Server and all its features like multi-master replication, ACLs and all those neat ways it offers you for modeling your directory data.<p>Also: "LDAP was originally intended to be a lightweight alternative protocol for accessing X.500 directory services through the simpler (and now widespread) TCP/IP protocol stack." (wikipedia) So that's what that lightweight is all about.<p>DO NOT mix up LDAP and "single signon" (e.g. kerberos) which are two separate things. You can use LDAP, however, to store your users and passwords and have all kinds of systems use that for authentication and authorization but that is not single signon.
Most SSO products I know use LDAP as their datastore, though.<p>I have always liked LDAP for its strong standardization and simplicity and LDIF is a plain, simple format that you can easily generate or type by hand. There is not a lot of overhead.
Having worked with over 40 start-ups over the past three years who use LDAP, I have to ask how you define the term "Nobody". That being said, I think LDAP is just as awful as all of the other centralized technologies that came out of old-guard academia in the '80s and '90s.