[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and Single Sign-on

To: openldap-general@OpenLDAP.org
Subject: Re: LDAP and Single Sign-on
From: David J N Begley <david@avarice.nepean.uws.edu.au>
Date: Wed, 10 Nov 1999 04:10:15 +1100 (EST)
In-reply-to: <38284379.9ED0F368@chubb.com>

On Tue, 9 Nov 1999, Tod Thomas wrote:

> I am interested in getting an idea of how many organizations have
> implemented LDAP as well as those that may be using it for single sign on.  
> I have the following questions:

In our case, not "single sign on" (as that requires different platforms and
applications to share the "state" of an authenticated session so that
additional authentication prompts are by-passed, or at least auto-answered),
but "single identity" (one login ID and password, across multiple platforms).

The "production environment" uses Novell NetWare 5/NDS 8 as the LDAP server,
but in testing OpenLDAP 1.2.1 was also used:

  http://www.nepean.uws.edu.au/users/david/qn99/

> * Has anybody implemented LDAP in a production corporate environment ?

There are plenty of organisations around the world generically using LDAP in a
production environment (for all sorts of things)...

> * If so what was its introduction expected to accomplish? How many users
> does it serve?

- Single identity (login ID) and password, with no synchronisation required,
  across NetWare (student labs) and Solaris environments.

- At last count, some 16,900+ users.

> * Has anyone used it to provide corporate wide single sign-on?

See above regarding single identity versus single sign-on.  In this case, the
scope was limited to a single mail server authenticating against the NDS
(already distributed to various sites over a WAN);  ultimately, however, this
will be expanded to other platforms and more users.

> * If so, was that a success and how heterogeneous was the login
> environment you started with?

- Success?  It works.  Most problems were getting one of the platforms to
  "play ball" properly.  Once that has been achieved, everything becomes a
  tweaking issue (for example, performance can be improved - areas have
  already been identified, they just haven't been acted upon yet).

- Original environment for this project was two separate environments with
  two separate authentication sources;  the same login ID was duplicated
  across both environments, but passwords were not synchronised (thus users
  had to remember a separate password for each environment).

> * And lastly, are there any sites that have this kind of information
> documented already that anyone can point me to ?

As above - perhaps not exactly what you're looking for, but if nothing else it
also contains links to further sites/info.

Cheers..

dave

References:
- LDAP and Single Sign-on
  - From: Tod Thomas <tthomas@chubb.com>

Prev by Date: LDAP and Single Sign-on
Next by Date: Re: 16-Bit MSDOS Client ?
Index(es):
- Chronological
- Thread