aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes LDAP for Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "LDAP for Authentication" Watch "LDAP for Authentication" New topic
Author

LDAP for Authentication

Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
I would just like to take a general view from the members about the LDAP authentication. I understand that it's definitely faster than DB and many people like much (including me). I think, it's better approach to use LDAP when there are multiple applications in the system and SSO becomes a right candidate for the selection. SSO thru LDAP makes much sense. Do you think, considering LDAP for a single application makes more sense than DB? Please share your thought.
Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
Anybody?

Also, one more question: what all the things needs to be shown for SSL certificate security? https in deployment diagram is enough or there is another place to be mentioned?
Thalys de Aguiar Gomes
Greenhorn

Joined: Mar 31, 2008
Posts: 15

I worked in a very big project of user management for a company in the telecommunications area with about 2 to 3 000 users using LDAP with WebSphere Portal, and Spring LDAP API to communicate with the LDAP database, the authorization was based on a hierarchy of groups that defined the types of permissions and authentication was done directly through the Portal.

Now I need to develop a system to permit only WAS and am studying with Spring Security, most still do not know exactly what would be best if someone can give some alternative, and present some solution I appreciate it.


SCJP 5 - 74%, SCWCD - 89%, SCBCD in progress
Rishi Shehrawat
Ranch Hand

Joined: Aug 11, 2010
Posts: 218

I think LDAP should be fine. Most organizations already have existing LDAP, in that case using the existing LDAP server always is better than new database, etc. as the same user id/password can be used by the user & no additional investment is required. You might need to upgrade the hardware on which LDAP server is running in case your application is expected to increase the load on LDAP server substantially.

In case companies don't have existing LDAP it is still more suited for authentication/authorization vis-a-vis a database.
Sharma Ashutosh
Bartender

Joined: Apr 06, 2001
Posts: 346
I think, it's better approach to use LDAP when there are multiple applications in the system and SSO becomes a right candidate for the selection. SSO thru LDAP makes much sense. Do you think, considering LDAP for a single application makes more sense than DB? Please share your thought.

Your application is just one of the application in the shared infrastructure environment of the organization and it can make use of LDAP for Authentication and organization level authorization. Application specific authorization should be done at the application level.

Just think of the scenario if you don't integrate to corporate LDAP:
1) Your application is having seperate userID/passwords than Corporate SSO ID/password.
2) Your application has to do it's own user management-biggest headache in real world projects.

If the SuD has any admin/corporate users-better to use LDAP. Even the external users(coming via internet)-LDAP is a better choice. Some of the containers-Oracle Weblogic Portal has embedded LDAP but also capable of integrating with any commercial or external LDAP directory servers.


Ashutosh Sharma
SCJP 1.2, SCEA 5, Brainbench certified J2EE Developer, Documentum Certified Professional
Blog : http://scea5-passingpart2and3.blogspot.com/
Ranganathan Kaliyur Mannar
Bartender

Joined: Oct 16, 2003
Posts: 1075
    
  10

I am mentioning 'https' in the deployment diagram to show ssl


Ranga.
SCJP 1.4, OCMJEA/SCEA 5.0.
Rajan Choudhary
Ranch Hand

Joined: Mar 17, 2011
Posts: 196
is the mention of https in deployment diagram enough? Others, please....
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LDAP for Authentication
 
Similar Threads
Which Tier will LDAP fit in?
Hurrah!! I created a webservice on Tomcat4.1
SCEA Assignment - Introducing MOM as an external system
Difference between agile and XP?
LDAP & Active Directory Explained (please)