billbailey
Programmer
Hi,
I'm seeking input and opinions on LDAP vs. Database for user management. I understand the basics, but am running into questions when it comes to integrating user info in an LDAP server with other data that needs to be tied to a user, but is not stored in LDAP. For example, storing the username, password, first & last name, address, phone, etc. in LDAP seems perfectly natural, but when you have reporting needs that require joining this information with data stored in other databases (e.g. transaction data or other frequently modified data not suitable for storage in a directory server). I can only do such joins if all the information is also stored in the database, but if I do that then I find myself asking why I should use the LDAP server (it just becomes redundant data at that point). If the integration and synchronization were cleaner (e.g. if you could automatically replicate to an RDBMS somehow or if there were an adapter that could be used to include LDAP data in a query to e.g. MySQL) then it might seem less of an issue, but I've had little or no luck finding tools that do either. I've considered a nightly batch to synchronize the database contents with the LDAP server since reporting typically doesn't need the data to be up to the second, but even that feels pretty redundant.
I'm curious to here how others may have dealt with this or what opinions others may have on this topic.
Thanks in advance.
Bill Bailey
I'm seeking input and opinions on LDAP vs. Database for user management. I understand the basics, but am running into questions when it comes to integrating user info in an LDAP server with other data that needs to be tied to a user, but is not stored in LDAP. For example, storing the username, password, first & last name, address, phone, etc. in LDAP seems perfectly natural, but when you have reporting needs that require joining this information with data stored in other databases (e.g. transaction data or other frequently modified data not suitable for storage in a directory server). I can only do such joins if all the information is also stored in the database, but if I do that then I find myself asking why I should use the LDAP server (it just becomes redundant data at that point). If the integration and synchronization were cleaner (e.g. if you could automatically replicate to an RDBMS somehow or if there were an adapter that could be used to include LDAP data in a query to e.g. MySQL) then it might seem less of an issue, but I've had little or no luck finding tools that do either. I've considered a nightly batch to synchronize the database contents with the LDAP server since reporting typically doesn't need the data to be up to the second, but even that feels pretty redundant.
I'm curious to here how others may have dealt with this or what opinions others may have on this topic.
Thanks in advance.
Bill Bailey