Pragmatic Approach, Practical Designs, Secure Implementations

Enterprise LDAP directory can provide a low cost standards based solution to expose large amounts of structured data to applications. Properly designed LDAP schema and directory information tree will allow application delivery teams to avoid data duplication, simplify service provisioning and avoid expensive call to EAI layer.

 

However LDAP directory is not a substitute for relational databases and is typically not configured to master any data except user security information like passwords. relational functions can still be achieved using LDAP, but it will require significantly more logic in the application layer.

Concept of services matches very well with LDAP object class layering principle where responsibility for data ownership can be distributed between systems in the enterprise, while data will still exist as a single object available to the consuming applications in highly reliable form.

Clarionics client was in the process of implementing a system which required fast reliable customer information lookups available outside of corporate network where this information is typically mastered.

During this project we were able to create LDAP directory design which satisfied following goals:

  • Provided low latency platform neutral interface for applications
  • Can be exposed on IT and engineering networks (across firewalls)
  • Provides easily accessible service-to-service and service-to-customer relationships without requirement to touch EAI layer
  • Serve as main security and identity store for customers/dealers