• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

the rationale of a LDAP-server

 
Ranch Hand
Posts: 196
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is not a question about how to use some component.
I'm more interested in answers from an architect point of view.

Currently I use a LDAP-server when more than one application should use a single-sign-on principle. In this situation the LDAP-server stores the 'read-only' user information,f.e. username & password, and their rights. But I'm interested in other situations or other design questions when i should use a LDAP-server. Does anyone have a opinion, clear example or reference?
[ June 16, 2004: Message edited by: Arnold Reuser ]
 
Ranch Hand
Posts: 884
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How about storing your entire organisation's directory? Then you'll be able to find people easily.
 
Arnold Reuser
Ranch Hand
Posts: 196
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's correct. Because LDAP is based on the x500-protocol
it should be possible. I was already thinking about storing this kind of 'read-only' information in my LDAP-server. When there are more ideas, please let me know.
 
(instanceof Sidekick)
Posts: 8791
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sell me on LDAP. In what ways is it more than a very fast hierarchical database suitable for read-mostly operations?
 
Arnold Reuser
Ranch Hand
Posts: 196
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Speed is not an issue. It is more about what's the best choice based on some criteria. LDAP provides directory services over a network, like a telephone book. So the question is. What are the criteria so that the LDAP-server suits best.
 
Chengwei Lee
Ranch Hand
Posts: 884
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Stan James:
Sell me on LDAP. In what ways is it more than a very fast hierarchical database suitable for read-mostly operations?



LDAP is designed with read-only operations in mind, it works faster than database in terms of read-only operations. However, if you're going to do updates, inserts and deletes rather often, it's not going to be your choice.
 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are many reasons why LDAP is ideal as a central repository for identity management and some of them are listed below:

(1) It is a standard where practically every programming languages have interface to.

(2) It's capability in achieving highly availability and scalability through proper configuration of master and slave server

(3) The availability of many tools which allow many other repository to sync with LDAP server.

(4) It is an ideal location to store highly structured information because of the way information are stored and queried. E.g. organization-related information

Take for instance, the Sun Java Enterprise System stack of product, most of them are based on LDAP technology. The Identity Server uses a LDAP server as a user repository for authentication and authorization purposes. The Portal server uses LDAP as a portal configuration repository. Organization data that is residing in a variety of repository like Oracle, SQL Server ... can be sync into the LDAP server using Meta Directory Server and the sync can be bi-directional.

The arhitectural advantage of this approach is you can centralize all your authentication and authorization information into one repository which is highly scalability and available and it reduces the administration and management of organization data through synchronization tools to other repository.

Think about the possibility of application now with centralized repository, you can do single-sign-on. You can configure to achieve delegated administration. You can achieve account synchronization. etc
etc...
 
The happiness of your life depends upon the quality of your thoughts -Marcus Aurelius ... think about this tiny ad:
Garden Master Course kickstarter
https://coderanch.com/t/754577/Garden-Master-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic