|
LDAP is a protocol. Your directory is a database. In your scenario, if “application 1” is used in this manner, it would become an identity management platform. As long as this application has the ability to
update your directory, you can do what you are suggesting. I would caution you, though, with so many accounts, and no idea what your security considerations are, you may wish to take a long think on this one. That’s a lot of potentially sensitive information.
Combining an application with your identity management platform on the same system will increase your risks. From a complexity standpoint, if your application has the ability to act as an identity management platform, it may also have the ability to update
your “application 2” system directly, and eliminate the middle-man. Or possibly “application 2” could be configured to auth directly to “application 1”. Depending on what type of user management features are available in “application 1”. Alexander Mayberry
Enterprise Systems Engineer SD Group:
EIT Infrastructure – OMA Enterprise.Systems Engineering.Infrastructure From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx]
On Behalf Of Andy Spooner I am using ldap to share user account information across two applications. Is it possible to using 'Application 1' as the central reference instead of the LDAP
server? E.g. Application 1’ holds and maintains account information, which updates ldap periodically. 'Application 2' will look up LDAP for account informations. 'Application 1’ is the main system and will hold millions of accounts which would operate quicker
from the DB without having to refer to LDAP for usernames, passwords, etc. ‘Application2’ will require a small subset of users to logon using credentials of users in the master database – which can be done via LDAP. |
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
