Re: AD or ADAM as a user database
- From: Tomasz Onyszko <T.Onyszko_nospam_@xxxxxx>
- Date: Wed, 16 Aug 2006 23:35:14 +0200
BizTalk Benjamin wrote:
Hi, I'm working on a pretty standard piece of functionality at the moment attempting to design a user repository. . This repository should hold all the registrations of people visting a website and will contain names, addresses, user names, passwords, mappings to other back office system references etc. The repository itself will be accessed via web services.
Now i've been reading some articles which recommend that LDAP and specifically ADAM would be the best way to proceed instead of basing this on a relational database. I looked up some stuff on ADAM and ASP.NET and all the articles seem to talk only about Roles and membership and dont say anything about using it as a database.
I think You have read about using AzMan and role based authorization with ADAM under the hood - that's why You've got impression that this is only way to do this.
Of course authorization should be based on something - it may be based on different things, especially if You are building You authorization mechanism on Your own. Using group membership is nice and easy way to do this.
No - You should not treat ADAM same as a database, it is directory.
Does anyone in this newsgroup have any comments on this? Can we use AD or ADAM for my requirements or would it be better to just build a relational DB?
If You need to create repository of a users for purpose of authentication and authorization ADAM or AD would be a good tool. Rather ADAM as I see Your scenario as a repository with custom schema for custom application on web only.
ADAM will let You define Your own schema (You can use existing schema as a base) and define own security in directory. Then You can create objects and fill it with attribute values - that's how You can store Your data in LDAP directory, and of course retrieve them as well :).
What is missing in ADAM is Kerberos authentication, which is present in AD. But You can easily implement authentication based on simple LDAP bind or digest authentication in Your application. If You are interested in SSO for Your users You may incorporate also some federation technology (like ADFS for example) into Your app's world.
I think that You may find this site:
http://directoryprogramming.net/
and these blogs:
http://www.joekaplan.net/
http://dunnry.com/blog/
interesting.
Probably few other person will drop something in this thread with more information.
--
Tomasz Onyszko
http://www.w2k.pl/blog/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
.
- Follow-Ups:
- Re: AD or ADAM as a user database
- From: BizTalk Benjamin
- Re: AD or ADAM as a user database
- Prev by Date: Re: Lookup account based on SID
- Next by Date: Re: ghost and SIDs
- Previous by thread: Re: AD or ADAM as a user database
- Next by thread: Re: AD or ADAM as a user database
- Index(es):
Relevant Pages
|
