LDAP: Federate or Aggregate part 1
Tags :LDAP
With so many emails and questions coming in
about LDAP integration for single sign-on as well as Sametime lookups,
I imagined it was time to dump some quick information. Let's forget
which directory you are using for now as the LDAP source, be it your existing
Domino Directory, Active Directory or SunOne.
If you are using multiple directories then
starting out with Federating is a place to begin. A requirement though
is to have a common schema available across them all. That way naming
conventions and field mappings are so much simpler. Why would you
federate? Well maybe you don't wish to manage the entire user directory
and want certain departments, subsidiaries or groups to still maintain
their own. This way responsibility still lies with those areas to
update their directory since you are simply passing a request for the username
and password or name lookups. Here is a great definition:
Federation is the
process of "hooking" together naming systems so that the aggregate
system can process composite names. One basic means by which you federate
systems is to bind the reference of one naming system in a context in another
naming system.
So what is important in this scenario?
Having a common schema. One of the things we do not like to
see is sites that want to link multiple LDAP directories together but cannot
agree or establish some standard that everyone will work with. Domino
allows this federation through Directory Assistance by referring you to
other LDAP directories for user information. Imagine if one site
used (LastName Firstname) then another (FirstName LastName), a subsidiary
used (ShortName) and still another had an older product that would not
allow a schema modification to include the Notes username or Sametime server
field? You get the picture here.
part 2 tomorrow on aggregation.
blog comments powered by Disqus
On Monday, June 7th, 2004 by Chris Miller
