Menu
▾
▴
Re: [Unity-idm-discuss] LDAP as backend for Unity
|
From: Krzysztof B. <go...@ic...> - 2015-09-08 21:19:17
|
Dear Gerben, W dniu 08.09.2015 o 09:47, Gerben Venekamp pisze: > Dear all, > > Unity has its own user database and I am wondering if it is possible to > use LDAP instead. The second use case described in the Unity > documentation (1.1 Use cases) seems to hint at this. However, the > remainder of the document does not seem to further detail it. Of course > the documentation describes how Unity can be configured to use LDAP for > remote authentication. What I would like to know: is Unity able to use > LDAP for its user database (instead of using either the H2 or MySql > databases)? > No, it is not (and won't be) possible. You can only relay on LDAP as an external IdP service. > The idea behind this is that Unity can act as a master and replicate the > LDAP database to its slaves. This could be valuable when Unity for > authentication is temporally not reachable, but services can still > validate already known users. It would ensure that people can continue > using a service in case Unity in not able to provide authentication. Well, I don't understand this idea. When you write "Unity can act as a master" do you mean that "LDAP instance used by Unity can act as (LDAP) master"? If so: how this would help you? I don't know what for you use Unity, but I assume it adds some value to your setup. And then if Unity is down you won't be able to operate. If you have a mixed setup and some services use LDAP directly, and some (e.g. web) via Unity with its added features, then you can replicate LDAPs and also set up two Unity instances, each configured to use different LDAP - so you have real HA. Or do you have another setup in mind? My interpretations are not really aligned with what you wrote... Best regards, Krzysztof |
