Some personal observations ...
The database:
- Heirarchical database, not relational. Schema is moderately flexible.
- Frequently implemented in flat files. (Can you say "what is scalability? what
is reliability?")
- Oracle has implemented the heirarchy in relational tables. (Do not attempt to
understand the dictionary unless you are adequately 'wasted'. We're talking a
'dynamic pivot table' kind of phenomena!)
- Traditional tools (SQL*Plus, etc.) not recommended (unless you enjoy having a
.44 pointed at your foot). Use the supplied admin tools!
- The Oracle9iDB is used for the data store.
Accessing LDAP:
- Implemented by processes listening on a specific port.
- Traditionally 1 process/machine, 1 machine/'directory'
- multiple machines = multiple databases which are kept in sync using ???? (more
processes!)
- Traditional process (frequently single threaded) is responsible for catching
request as well as data management.
- User's request intercepted by process, process looks up info & (usually)
returns same "record" with blanks filled in or 'Found=Yes/No' response.
- Oracle's implementation allows multiple, lighter processes per machine, all
talking to one database. This supports distributed architecture, etc.
- At least part of the LDAP processes in Oracle are/were only available through
the 9iAS; possibly just those interfaces between Oracle's LDAP and other
directories. (Check OTN!)
In an Oracle environment: (there may be licening implications)
- called Oracle Internet Directory (had that name for 3 years - time for a name
change?)
- it can be used to replace Names Servers
- it can be used to provide a single "central security repository" to keep all
userid/authentication/authorization info.
- it can be extended to add new types of info
- it can interface with other directories (Novell, Active Directory, etc.)
- it can interface to an HR system to automatically keep the info up to date
Received on Thu Apr 03 2003 - 14:47:51 CST