Mani's blog: Mani Chandrasekaran's Weblog

We were at a potential customer last week, where the problem statement was:

1. We have several applications using RDBMS as the user repository, for user authentication. There are several databases for users, which may potentially have duplicates/li>
2. We are expecting to grow rapidly, the current requirement of users is large and expected to grow exponentially.
3. We would like to use Single sign on, in future

Considering the number of users required, and the primary requirement being user authentication, using an LDAP server like Sun Directory server enterprise edition (DSEE), seemed to make sense, and that's what we suggested. The next question was (similar to other customers), why do we need LDAP? and how does it compare it to a RDBMS? There are several, several reasons for using an LDAP server (like Sun DSEE or OpenDS) in these situations, like read's tend to be a lot faster, high availability situations like multi-master replication etc. Thanks to my friend Rajiv, we managed to get hold a fantastic technical white paper that highlights the difference's between LDAP and RDBMS, and where to use, what. I have uploaded it here, as I was unable to refer to the original Sun location.

I have reproduced this table here, from the whitepaper :

Of course, this does not solve the problem of removing user data duplication, which was the other requirement. For that, you will need a product like Sun Identity Manager, which will be used for data reconciliation, user synchronization, to basically create a "authoritative user repository" !! This is the key step, the next step, will be to roll-out things like single sign on etc ..