I met one of the leaders of this project last night in Austin. I’ve been camped out working on better LDAP integration for a number of the Rails tools I’m building at work.
LDAP has some real advantages over relational databases. There end up being main problems.
To get the full value you really need to make it authoritative or you end up spending a lot of time trying to sync data into the tree (which depending on where the data is coming from and the velocity of change) - that can be cumbersome.
On the other side, it turns out LDAP experience is no where near as common as SQL experience. So you end up working through some alien technology.
It turns out there is an open source option that over comes both issues : FAQ | Penrose
Virtual directory technology offers a way to provide that consolidated view of user identity without having to reconstruct an entire directory infrastructure. Implemented in the form of middleware, a virtual directory is a lightweight service that operates between applications and identity data.
So basically you can use it as a middle layer to pretend to be an LDAP/ActiveDirectory server on top of your database. The engine handles caching and other details. This means you don’t have to deal with syncing and you get to operate more in the side of the house that most devs know - relational databases.
Apparently some big corporate customers are deploying it to handle exposing there CRM info to LDAP and using it as a proxy to consolidate multiple ADs into a single view.
I was hoping to play with it this week (been swamped prepping for RailsConf). I have a feeling I won’t be able to use it in full production because work already has a solution, but I am thinking about using it with some of development stuff since it would make admining the test directory services easier to manage.
Leave a Reply
Moderation Active: Old stuff here... Therefore your comment on this post will be moderated (i.e. don't submit twice !)