How would you implement the system with the following goals:
- Authentication management, permission for hundreds of thousands of existing users who are currently closely integrated with a third-party application provider (we want these users to violate what we manage and to do our applications against it, and our third-party providers work against it).
- Manage profile information associated with these users
- It should be accessible from any number of web applications on almost any platform (Windows, * nix, PHP, ASP / C #, Python / Django, etc.).
Here are some implementation examples:
- LDAP / AD Server to manage everything. Use your own schema for all profile data. Everything can be authenticated against LDAP / AD, and we can store all kinds of ACLs and profile data in a user scheme.
- Use LDAP / AD only for authentication, bind LDAP users to the most reliable profile / authorization server, using some traditional database (MSSQL / PostgreSQL / MySQL) or a document-based database (CouchDB, SimpleDB, etc.). Use LDAP for authorization, then click on a DB for more advanced material.
- Use a traditional database (Relational or Document) for everything.
Are any of these three the best? Are there other solutions that meet the above objectives and are easier to implement?
** I must add that almost all applications that will authenticate against the user database will be under our control. The lone few outsiders will be applications in which we delete the current user database and possibly 1 or 2 others. Nothing so extensive that you need an openID server.
It is also important to know that many of these users have these accounts for 5-8 years and know their usernames and passwords, etc.
authentication django authorization active-directory ldap
Clint ecker
source share