Re: Question on LDAP

["Drews, Jane E" <jane-drews () UIOWA EDU>]

Michael,
We have a fairly mature identity management and service provisioning
architecture, that closely binds our metadirectory (LDAP) with our
authentication engine (AD). The ldap houses person data that is used in
business rules for provisioning services. This is a highly controlled
environment. We have a governance structure for change management & control
(for everything from integrating/adding services, to specifying and
approving schema extensions) and it has been pretty successful for us. I
have to say that this isn't for the faint of heart - it's complicated and
tricky, both technically and politically. Let me know if you have specific
questions.

Jane Drews
The University of Iowa

-----Original Message-----
From: Krassos, Michael [mailto:mkrassos () MIAMI EDU]
Sent: Tuesday, September 27, 2005 10:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Question on LDAP

We are pondering whether or not to implement an LDAP architecture to support
authorization attributes.  This would be used to store attributes for
different applications for use upon successful authentication against our
Active Directory environment.  Does anyone have any experience with this, or
doing something similar?  Is this the general direction people are taking or
feel they should be taking?  Any feedback appreciated.

Attachment: smime.p7s
Description: