Are these apps good candidates for authentication and attribute
acquisition via Shibboleth? If they live on the main web farm, we may
need to talk about relocation, but UVM's Shib IdP (login.uvm.edu)
provides authentication service coupled with consistent release of
attributes direct from the canonical source.
Sam Hooker | [log in to unmask]
Systems Architecture and Administration
Enterprise Technology Services
The University of Vermont
On 20100915 16:17 , Mike Austin wrote:
> On Wed, 15 Sep 2010, Wesley Alan Wright wrote:
>> Ideally, I suppose, the apps needn't keep their LDAP derived data
>> privately, since they can always look up the latest data with another
>> ldap search. Otherwise, the app would need to perform periodic
>> resynchronizations with LDAP.
>> What would you ETS Systems folks prefer? in terms of both security and
> I'd much rather not have that data copied elsewhere if possible - just
> re-query LDAP as needed. Given the scale of our LDAP systems, I
> wouldn't think it would be a performance problem to query every time.
> If you can provide the actual query being made by emailing [log in to unmask],
> we can make sure the queries are using appropriate indexes...