This past week I've been investigating implementing an integration script so that a login to my application (EMC Smarts) would authenticate to an external authentication authority. EMC Smarts uses a flat database file called serverConnect.conf (same as /etc/passwd on UNIX for instance) for authentication. It works but there are problems with it.
The problems are:
1. For UNIX users, Smarts allows a
passwd files ldap
It won't work with Smarts.
2. For Windows users, if Smarts is installed on a Windows host then "user@domain" would authenticate to AD (as long as the host was a member of the domain
3. No cross-platform central authentication authority except for the flat file
4. Smarts application doesn't allow users to modify their passwords
The good part is that EMC provides a script as a proof-of-concept that allows you to integrate with another authentication authority.
So the process for me was:
1. Learn LDAP
2. Learn Active Directory
3. Learn the script
4. Integrate the script
Directory services and LDAP
LDAP is a protocol but it is often confused with a data store (or database). The problem is that LDAP as a data store is described as a hierarchical database (as opposed to a relational database). But could you use the LDAP protocol separate from the database? Anyway, LDAP is a new protocol that simplifies X.500. There is a huge writeup on the Internet regarding this technology. I'm still unclear about it. But for my present purpose I know enough.
Active Directory
Active Directory is Microsoft's directory services. It is an LDAP compliant directory service. Most of IT uses AD as it's central authentication authority. It works and it's administration efficient (meaning it saves people time over the UNIX solution).
The script
It may not be interesting for anyone not working with Smarts, ... (more later)
No comments:
Post a Comment