LDAP is a protocol. Your directory is a database. In your scenario, if "application 1" is used in this manner, it would become an identity management platform. As long as this application has the ability to update your directory, you can do what you are suggesting. I would caution you, though, with so many accounts, and no idea what your security considerations are, you may wish to take a long think on this one. That's a lot of potentially sensitive information. Combining an application with your identity management platform on the same system will increase your risks. From a complexity standpoint, if your application has the ability to act as an identity management platform, it may also have the ability to update your "application 2" system directly, and eliminate the middle-man. Or possibly "application 2" could be configured to auth directly to "application 1". Depending on what type of user management features are available in "application 1".
Alexander Mayberry Enterprise Systems Engineer SD Group: EIT Infrastructure - OMA Enterprise.Systems Engineering.Infrastructure From: [email protected] [mailto:[email protected]] On Behalf Of Andy Spooner Sent: Tuesday, November 03, 2015 12:33 PM To: [email protected] Subject: [389-users] DB account master integrated with LDAP I am using ldap to share user account information across two applications. Is it possible to using 'Application 1' as the central reference instead of the LDAP server? E.g. Application 1' holds and maintains account information, which updates ldap periodically. 'Application 2' will look up LDAP for account informations. 'Application 1' is the main system and will hold millions of accounts which would operate quicker from the DB without having to refer to LDAP for usernames, passwords, etc. 'Application2' will require a small subset of users to logon using credentials of users in the master database - which can be done via LDAP.
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
