Subject: Re: Ldap neophite with basic conceptual question(s)???
Author: eLDAP
In response to: Ldap neophite with basic conceptual question(s)???
Posted on: 11/20/2006 01:29:07 PM
Hi bobmct,
I am trying to determine the feasibility of using ldap as a central authorization mechanism in our corporate intranet (mostly web based applications) and possibly tying in SAML for some tokenizing.
Definitely yes. LDAP is all about central authentication and authorization.
Is it possible to support multiple concurrent ldap tables/databases or whatever they are technically referred to on the same system? Is it possible to have one's ldap application access TWO different ldap tables/databases concurrently?
Yes. While AD, SunOne, Tivoli, eDirectory focusing on homogeneous source of data, there are some servers focusing integration and aggregation of non-homogeneous data. Technically, there are two ways to reach the goal of single central view point: meta-directory or virtual directory. The underlying data can be anything (DB, LDAP, or on fly application) from anywhere (local system, intranet backend servers or remote internet servers). Two major vendors in this enterprise business are Radiant Logic, Inc and OcteString, Inc.
My superiors stated they would like to keep the mail address bood definitions as-is but not have to double define the entries but we need to support additional attributes to enhance our planned authentication/authorization.
It can be handled by JOINing attributes to form a single entry: some attributes from entries resided in DB/LDAP, some attributes from different entries. RadiantOne Virtual Directory Server (VDS) from Radiant Logic, Inc can do this kind of job.
Please point me in the correct direction to find this information because even with the ldap books I've perused and the many docs I've read on-line, there seems to be NO clear answer to these most basic questions?
See above
Regards,
eLDAP
>
> On 11/16/2006 07:36:57 AM
bobmct wrote:
Gentlemen;
I appologize in advance for my ignorance about ldap. I am trying to determine the feasibility of using ldap as a central authorization mechanism in our corporate intranet (mostly web based applications) and possibly tying in SAML for some tokenizing.
Currently we systems uses Bynari for mail filtering/handling and it already uses ldap for its address book. So here's my (embarassingly) basic question:
Is it possible to support multiple concurrent ldap tables/databases or whatever they are technically referred to on the same system? Is it possible to have one's ldap application access TWO different ldap tables/databases concurrently?
My superiors stated they would like to keep the mail address bood definitions as-is but not have to double define the entries but we need to support additional attributes to enhance our planned authentication/authorization.
Please point me in the correct direction to find this information because even with the ldap books I've perused and the many docs I've read on-line, there seems to be NO clear answer to these most basic questions?
Thanks to anyone who can help.
bobmct
References:
