Hi Geert and others, > It mainly depends on where you need access to the > permissions/privileges/users, and what artifacts are already in place. It is > not uncommon to have user administration in an LDAP server. In that case you > don't want to replicate all user info into MarkLogic database, as that would > involve continuous synchronisation.
In this particular case, there are +1000 users that authenticate against a +10000 users identity provider, so there's a real benefit in using that existing infrastructure. > If you want to fully utilize the security layer of MarkLogic, then perform > all authentication and authorisation against the MarkLogic database. Should > be that very difficult, though there is no LDAP api for connecting to > MarkLogic. (Perhaps a nice to have? ;) No, I'd want it the other way round and have MarkLogic use an existing directory service and authentication provider. The MarkLogic users are only a subset of the complete user database. Am I right in believing that Mark Logic Server does not support application-external authentication and role mapping? regards, Jeroen 2009/10/5 Geert Josten <[email protected]>: > Hi Jeroen, > > It mainly depends on where you need access to the > permissions/privileges/users, and what artifacts are already in place. It is > not uncommon to have user administration in an LDAP server. In that case you > don't want to replicate all user info into MarkLogic database, as that would > involve continuous synchronisation. > > If you want to fully utilize the security layer of MarkLogic, then perform > all authentication and authorisation against the MarkLogic database. Should > be that very difficult, though there is no LDAP api for connecting to > MarkLogic. (Perhaps a nice to have? ;) > > Kind regards, > Geert > >> > > > Drs. G.P.H. Josten > Consultant > > > http://www.daidalos.nl/ > Daidalos BV > Source of Innovation > Hoekeindsehof 1-4 > 2665 JZ Bleiswijk > Tel.: +31 (0) 10 850 1200 > Fax: +31 (0) 10 850 1199 > http://www.daidalos.nl/ > KvK 27164984 > De informatie - verzonden in of met dit emailbericht - is afkomstig van > Daidalos BV en is uitsluitend bestemd voor de geadresseerde. Indien u dit > bericht onbedoeld hebt ontvangen, verzoeken wij u het te verwijderen. Aan dit > bericht kunnen geen rechten worden ontleend. > > >> From: [email protected] >> [mailto:[email protected]] On Behalf Of >> Jeroen Pulles >> Sent: maandag 5 oktober 2009 15:30 >> To: General Mark Logic Developer Discussion >> Subject: [MarkLogic Dev General] Integration with single sign >> on and directory services? >> >> Hi, >> >> What are the possibilities for Mark Logic Server to integrate >> with a single sign on (SSO) system for user authentication >> and directory services for mapping group membership to Mark >> Logic roles? I am specifically interested in integration with >> a SAML 2.0 environment. >> >> My application has a Java layer in place in front of Mark >> Logic. All access to Mark Logic Server is done over the XCC >> connector. I /could/ do all privilege and permission control >> in the Java layer. That seem to be a waste to me as ML >> newbie, however, since the permissions/privilege >> functionality is just what I want for my document management. >> And I don't want to end up duplicating existing document >> permissions/privilege functionality. >> >> Any advice? >> >> regards, >> Jeroen >> >> -- >> Jeroen Pulles >> Xopus B.V., The Netherlands >> >> Xopus: The web based WYSIWYG XML Editor _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
