don quigley idmquig@gmail.com. what is a virtual ldap directory? layer of abstraction between...
Post on 16-Dec-2015
217 Views
Preview:
TRANSCRIPT
What is a Virtual LDAP Directory?
Layer of abstraction between backend user and data stores and applications that consume LDAP (or maybe SQL).
Let’s take a closer look at that first picture….
So, if I’m actually pulling information from all of those data sources listed in the picture what’s performance going to look like? Are these data stores highly available? Are they running on an old 486 under some guy’s desk (don’t laugh)? Are they even in the same country as my servers?
What if there’s not a common key between these stores?
In Memory and Persistent Cache
In memory cache sounds nice… except we’re talking about a virtual directory. It could be really useful or it could just be a huge waste of system resources. In memory caches work best on systems that have a single version of the truth.
Standalone directory and metadirectory
Persistent Cache … excellent for data that doesn’t change often or does not have a high cost when it’s out of date.
So why do I want one?App developers & vendors can’t agree on what attribute values look like let alone what the DIT should look like. You could use a metadirectory and a separate standalone LDAP directory but that seems like a lot of work.
Directories should be flatAll app users should be under a common OUstreetAddress is the physical addressstreetAddress is the mailing addresstelephoneNumber should only be numerictelephoneNumber should be (xxx) xxx-xxxx My app crashes if uid isn’t the naming attribute but all of my
users are in Active Directory I need SSN but it can’t be the real one
Keep talking… Mergers Users in more than one
user store Prevent duplication of
information (entitlements)
Flexible taxonomy Availability Fast Complete Up to date Everyone else has one
Cheaper than correlating data on a per app basis
Layer of abstraction works both ways
Makes a great PIP if you’re into that sort of thing
(cue dramatic music…) The Cloud!
Really good auditing Single point of security Can write back Sharepoint!!!
Current VendorsRadiant LogicMarket Leader. Lot’s of good stuff. The prettiest diagrams of the lot.Radiantlogic.com
OptimalIDM.Net based for you Java haters.Optimalidm.com
Symlabs Virtual Directory ServerQuest One Identity Solution & Quest MigrationPretty nice and it’s the fastest virtual directory out thereSymblabs.com
Oracle Virtual DirectoryHey, no one ever got fired for buying Oracle.They also have Virtual Directory Lite (SunONE Directory)Oracle.com
top related