This is not a question about how to use some component. I'm more interested in answers from an architect point of view.
Currently I use a LDAP-server when more than one application should use a single-sign-on principle. In this situation the LDAP-server stores the 'read-only' user information,f.e. username & password, and their rights. But I'm interested in other situations or other design questions when i should use a LDAP-server. Does anyone have a opinion, clear example or reference? [ June 16, 2004: Message edited by: Arnold Reuser ]
That's correct. Because LDAP is based on the x500-protocol it should be possible. I was already thinking about storing this kind of 'read-only' information in my LDAP-server. When there are more ideas, please let me know.
Speed is not an issue. It is more about what's the best choice based on some criteria. LDAP provides directory services over a network, like a telephone book. So the question is. What are the criteria so that the LDAP-server suits best.
Originally posted by Stan James: Sell me on LDAP. In what ways is it more than a very fast hierarchical database suitable for read-mostly operations?
LDAP is designed with read-only operations in mind, it works faster than database in terms of read-only operations. However, if you're going to do updates, inserts and deletes rather often, it's not going to be your choice.
There are many reasons why LDAP is ideal as a central repository for identity management and some of them are listed below:
(1) It is a standard where practically every programming languages have interface to.
(2) It's capability in achieving highly availability and scalability through proper configuration of master and slave server
(3) The availability of many tools which allow many other repository to sync with LDAP server.
(4) It is an ideal location to store highly structured information because of the way information are stored and queried. E.g. organization-related information
Take for instance, the Sun Java Enterprise System stack of product, most of them are based on LDAP technology. The Identity Server uses a LDAP server as a user repository for authentication and authorization purposes. The Portal server uses LDAP as a portal configuration repository. Organization data that is residing in a variety of repository like Oracle, SQL Server ... can be sync into the LDAP server using Meta Directory Server and the sync can be bi-directional.
The arhitectural advantage of this approach is you can centralize all your authentication and authorization information into one repository which is highly scalability and available and it reduces the administration and management of organization data through synchronization tools to other repository.
Think about the possibility of application now with centralized repository, you can do single-sign-on. You can configure to achieve delegated administration. You can achieve account synchronization. etc etc...