My job is requesting that a LDAP server be built that would
be able to communicate with the existing corporate Active Directory
environment. I do not have much experience with LDAP so this will be a
learning adventure for me. The reason for the LDAP Server is because of a massive project
the company is working on. The project will be the backbone of the
company and will require username and password authentication. The goal of the project is to have one centralized
management solution for all different area needs instead of the disparate solutions
that we have today. One immediate concern that I had with the project and
the use of the corporate DC’s was for any potential reports that are
generated. I believe that if you are no longer with the company, then
there is not need to keep your credentials or personal data on the network.
Therefore, I delete this information. By deleting the users, these
reports may become corrupt. This of course is a problem for management. Deleting
the users is not a problem but any errors in reporting information is.
Has anyone come across this problem before? Does this make sense? Another concern of mine was performance. The project
design calls for a number of servers, each of them having their specific
goals. It is very possible that any one server can hit the DC’s for
their information at any given time. My concern is that while this is
happening an uncontrolled amount of times at any given time of day may cause the
domain environment to suffer. Security is also a concern. The machines built as part
of the project will be in a secure well protected environment. But things
do happen unfortunately. I would rather see that the machines built as
part of the project call one server that has access to the domain to query the
information that it needs. That machine will be a read-only client of the
AD environment. My initial thought is to investigate Microsoft ADAM. If
ADAM can query the domain only checking for new entries while ignoring those
that are deleted, I think that I can accomplish the task of addressing all of
the concerns outlined above. What do you think? Is this solution possible? Is
there an easier solution? One that is preferable to this? Thank you in advance for your responses, Edwin |
- [ActiveDir] LDAP Server Request Edwin
- Re: [ActiveDir] LDAP Server Request Tomasz Onyszko
- Re: [ActiveDir] LDAP Server Request Al Mulnick