Integrating a product with customer LDAP server
In the past, my company has written custom code to integrate the authentication piece of our web/thin client with a customer's LDAP directory. The functions we used the LDAP directory for were very basic: "authenticate the user" and "get the groups that a user is a member of" are 2 examples.
When we wrote this the first time we noticed that each customer's LDAP directory could potentially have it's own unique structure. To make future integrations easier we stored the LDAP queries that we need in a .ini file. Now we just edit the ini file after we figure out how someone's directory is organized.
My question is: was this the best approach? It works well, but I get the sense that there has to be a better way of integrating our product with various LDAP directories. We'd really like to add this as a 'works out of the box' feature. Is there some way that we could alter our design to make this possbile?
Monday, February 10, 2003
Fog Creek Home