I would just like to take a general view from the members about the LDAP authentication. I understand that it's definitely faster than DB and many people like much (including me). I think, it's better approach to use LDAP when there are multiple applications in the system and SSO becomes a right candidate for the selection. SSO thru LDAP makes much sense. Do you think, considering LDAP for a single application makes more sense than DB? Please share your thought.
Joined: Mar 17, 2011
Also, one more question: what all the things needs to be shown for SSL certificate security? https in deployment diagram is enough or there is another place to be mentioned?
I worked in a very big project of user management for a company in the telecommunications area with about 2 to 3 000 users using LDAP with WebSphere Portal, and Spring LDAP API to communicate with the LDAP database, the authorization was based on a hierarchy of groups that defined the types of permissions and authentication was done directly through the Portal.
Now I need to develop a system to permit only WAS and am studying with Spring Security, most still do not know exactly what would be best if someone can give some alternative, and present some solution I appreciate it.
I think LDAP should be fine. Most organizations already have existing LDAP, in that case using the existing LDAP server always is better than new database, etc. as the same user id/password can be used by the user & no additional investment is required. You might need to upgrade the hardware on which LDAP server is running in case your application is expected to increase the load on LDAP server substantially.
In case companies don't have existing LDAP it is still more suited for authentication/authorization vis-a-vis a database.
I think, it's better approach to use LDAP when there are multiple applications in the system and SSO becomes a right candidate for the selection. SSO thru LDAP makes much sense. Do you think, considering LDAP for a single application makes more sense than DB? Please share your thought.
Your application is just one of the application in the shared infrastructure environment of the organization and it can make use of LDAP for Authentication and organization level authorization. Application specific authorization should be done at the application level.
Just think of the scenario if you don't integrate to corporate LDAP:
1) Your application is having seperate userID/passwords than Corporate SSO ID/password.
2) Your application has to do it's own user management-biggest headache in real world projects.
If the SuD has any admin/corporate users-better to use LDAP. Even the external users(coming via internet)-LDAP is a better choice. Some of the containers-Oracle Weblogic Portal has embedded LDAP but also capable of integrating with any commercial or external LDAP directory servers.