[Date Prev][Date Next] [Chronological] [Thread] [Top]

Seeking advice on building an application based on LDAP

I am designing an e-learning system that will server many (~100) organizations that each have tens of thousands of employees.
Each organization can have multiple organizational levels.
Each organization can have course catalogs at each of the organizational units and each employee will have a personal course catalog and some limited history about courses taken, marks received, certifiactions achieved and courses in progress.
The organizations may have their own administrators at each level who will be able to sign students up for courses.

The master course catalog in LDAP will have minimal information in it with pointers to external files/database entries (MySQL)

The client will interface to this through Web Services so it will never be exposed to the internet directly. I am hoping that LDAP will be easy to access from Web Services.

It seems possible and looks like it might actually be a "good" idea but I would like to get some expert opinion.

From my reading, it appears that LDAP can be used to hold all kinds of information that has the following characteristics
1) few updates, many searches
2) naturally hierarchical
3) needs scalable repository

I have found some very good help on the web so far.
The IBM Redbook series was very interesting and helpful. It was a bit confusing because of the customization that they had done to the schema stucture which they treated as part of the standard LDAP functionaility.
"Understanding and Deploying LDAP Directory Services" by Timothy A. Howes, Mark C. Smith, Gordon S. Good looks like a good book with some sections on customization.

Some of the advantages of using LDAP are:
1) simple directory style navigation
2) intrinsic replication and proxy capability for scalability
3) standards based but customised to the point of unrecognizability
4) single database for authentication and full user profile
5) distributed administration built-in to LDAP design
6) natural ability to handle multiple organizations and multiple organizational units within each organization.

The alternative is to go all custom with everything in a series of MySQL databases.

From this limited thumbnail, what advice can you give me?

1) Am I on the right track?
2) Does anyone know if anyone has ever done this and created a schema that can be used?
3) If I use LDAP, what kind of problems am I going to have? Besides the usual errors
4) Any design guidelines that you have found useful in the past.
5) Any good resources for customization of LDAP schemas.
6) Any good design tools for planning and documenting LDAP structures
7) Should I care about the backend that LDAP uses?