Re: DB account master integrated with LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you for the feedback. I will take a step back to review how we can engineer our setup to be efficient and manageable.

From: <389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx> on behalf of "Mayberry, Alexander" <AMayberry@xxxxxxxx>
Reply-To: "389-users@xxxxxxxxxxxxxxxxxxxxxxx" <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tuesday, 3 November 2015 19:17
To: "389-users@xxxxxxxxxxxxxxxxxxxxxxx" <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: DB account master integrated with LDAP

LDAP is a protocol.

Your directory is a database.

 

In your scenario, if “application 1” is used in this manner, it would become an identity management platform.  As long as this application has the ability to update your directory, you can do what you are suggesting.  I would caution you, though, with so many accounts, and no idea what your security considerations are, you may wish to take a long think on this one.  That’s a lot of potentially sensitive information.  Combining an application with your identity management platform on the same system will increase your risks.  From a complexity standpoint, if your application has the ability to act as an identity management platform, it may also have the ability to update your “application 2” system directly, and eliminate the middle-man.  Or possibly “application 2” could be configured to auth directly to “application 1”.  Depending on what type of user management features are available in “application 1”.

 

Alexander Mayberry 

Enterprise Systems Engineer

SD Group: EIT Infrastructure – OMA

Enterprise.Systems Engineering.Infrastructure

 

From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Andy Spooner
Sent: Tuesday, November 03, 2015 12:33 PM
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: DB account master integrated with LDAP

 

I am using ldap to share user account information across two applications. Is it possible to using 'Application 1' as the central reference instead of the LDAP server? E.g.  Application 1’ holds and maintains account information, which updates ldap periodically. 'Application 2' will look up LDAP for account informations. 'Application 1’ is the main system and will hold millions of accounts which would operate quicker from the DB without having to refer to LDAP for usernames, passwords, etc. ‘Application2’ will require a small subset of users to logon using credentials of users in the master database – which can be done via LDAP.

 
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux