0

I have a peculiar case to work on. We are using a proprietary product which supports LDAP integration.

However, it can be configured to use only one LDAP service. (most of the products are shipped that way).

Now, our customers want to login to this product with their own authentication authority.

So, the question is, Am I looking at single Sign-on?

We basically need some service which can sync all these authentication services (e.g. Windows Active directory, Tivoli access manager, Redhat Directory Server...and many more) and then integrate with our application.

slayedbylucifer
  • 115
  • 5
  • It doesn't necessarily have to be single sign on, but you need an LDAP service that is able to check multiple types of authentication and return the proper results. – AJ Henderson Jun 23 '14 at 13:32
  • @AJHenderson, Could you provide any such service/product which can check multiple authentication type. I tried my luck at googling, but seems like I am not using the right key words while searching. Thanks. – slayedbylucifer Jun 24 '14 at 06:04
  • I'm not even sure such a thing exists. It should be able to since LDAP just needs to be able to have a directory and it should be possible to build a directory off of accounts on other services, but I have never gone digging for such a thing before. That's why I only commented. – AJ Henderson Jun 24 '14 at 06:10
  • @AJHenderson, I got some good information after searching google with the word "Metadirectory". Thanks to the answer I accepted below. And Thanks for your time. – slayedbylucifer Jun 24 '14 at 10:30

1 Answers1

2

If your application is constrained to a single LDAP server and does not have its own pluggable authentication, you will need a directory server with a pluggable back end. This architecture enables a single directory server to access multiple types of account databases/directories and expose them via LDAP. I would recommend OpenLDAP for this purpose.

Since the three products you mention are implementations of LDAP and are generally compliant, you can proxy those services using OpenLDAP's Metadirectory backend.

For services which aren't LDAP-compliant, you can use the Perl/Shell backend. The Java API may be a more stable long-term solution, but you can quickly prototype solutions with Perl by creating a module for OpenLDAP and importing other open-source Perl packages to do the heavy lifting of authentication. This backend also allows executing external binaries via the shell.

dartonw
  • 196
  • 4