Configuring WCS with LDAP
WCS supports federated repository configuration while integrating with LDAP, this means you can potentially make use of more than one LDAP server for authenticating Admin and Site users.
WCS uses the underlying WebSphere Member Manager(WMM), the WAS User Registry component for LDAP interaction.
Why do we need LDAP for WCS?
1. An oragnization maintains the internal employee details in an existing LDAP server and you have a requirement to authenicate WCS Admin tools with coporate LDAP server.
2. WCS needs to participate in SSO with other non WCS / non WAS applications.
3. You want to decouple WCS member management component partially from WCS to an independent external storage system.
Are LDAP servers efficient when compared to database?
1. LDAP servers usually have an embedded database within them, Most of the popular LDAP servers in the market make use of Berkeley DB, although some of them support use of more popular databases as backend DB.
2. LDAP is a special type of database which is optimized of READ or SEARCH operations as they are optimized for fast look up authentication and can support 100's and millions of transactions with a response time of less than 10 milliseconds.
3. LDAP servers have come a long way of evolution and they can now support very complex / distributed and high availability architecture with near zero downtime, It is beyond the scope of this blog to write about all such advantages, do refer to your product documentation or resources on the internet.
What is the overhead of LDAP on WCS?
1. Let's put it straight, Federation is not cheap, they come at a cost, LDAP interaction adds only a negligible overhead on server side processing time, When you look at the cost of Federation traffic which may at times involve interaction/redirects between multiple systems to achieve SSO, they typically add up to the total response time on the browser.
2. Once WCS is configured with LDAP it is not easy to re-configure it to make use of WCS DB for authentication, you essentially have a single point of failure, so if LDAP communication is down site users can not login to the site to perform checkout, although this should not impact Browse and guest checkout behavior, hence it is very important that the LDAP arhictecture should support high availability with near zero downtime.
What are the choices of the LDAP server out there?
I will refrain from talking about commercial ones, Apart from the commercial counterparts there are two very popular open source LDAP servers available as of today
Java Based:
http://opends.java.net/
http://directory.apache.org/
Native Code:
http://www.openldap.org/
What about the instructions?
The instructions in this document are for OpenDS and WCS V7, but you should be able to follow similar configuration steps for any other LDAP servers which are LDAP V3 complaint
https://docs.google.com/document/d/1l_tvc0TQiIqyWTxvda5t4p171CxGk9skA-VvQ8epOhc/edit
WCS uses the underlying WebSphere Member Manager(WMM), the WAS User Registry component for LDAP interaction.
Why do we need LDAP for WCS?
1. An oragnization maintains the internal employee details in an existing LDAP server and you have a requirement to authenicate WCS Admin tools with coporate LDAP server.
2. WCS needs to participate in SSO with other non WCS / non WAS applications.
3. You want to decouple WCS member management component partially from WCS to an independent external storage system.
Are LDAP servers efficient when compared to database?
1. LDAP servers usually have an embedded database within them, Most of the popular LDAP servers in the market make use of Berkeley DB, although some of them support use of more popular databases as backend DB.
2. LDAP is a special type of database which is optimized of READ or SEARCH operations as they are optimized for fast look up authentication and can support 100's and millions of transactions with a response time of less than 10 milliseconds.
3. LDAP servers have come a long way of evolution and they can now support very complex / distributed and high availability architecture with near zero downtime, It is beyond the scope of this blog to write about all such advantages, do refer to your product documentation or resources on the internet.
What is the overhead of LDAP on WCS?
1. Let's put it straight, Federation is not cheap, they come at a cost, LDAP interaction adds only a negligible overhead on server side processing time, When you look at the cost of Federation traffic which may at times involve interaction/redirects between multiple systems to achieve SSO, they typically add up to the total response time on the browser.
2. Once WCS is configured with LDAP it is not easy to re-configure it to make use of WCS DB for authentication, you essentially have a single point of failure, so if LDAP communication is down site users can not login to the site to perform checkout, although this should not impact Browse and guest checkout behavior, hence it is very important that the LDAP arhictecture should support high availability with near zero downtime.
What are the choices of the LDAP server out there?
I will refrain from talking about commercial ones, Apart from the commercial counterparts there are two very popular open source LDAP servers available as of today
Java Based:
http://opends.java.net/
http://directory.apache.org/
Native Code:
http://www.openldap.org/
What about the instructions?
The instructions in this document are for OpenDS and WCS V7, but you should be able to follow similar configuration steps for any other LDAP servers which are LDAP V3 complaint
https://docs.google.com/document/d/1l_tvc0TQiIqyWTxvda5t4p171CxGk9skA-VvQ8epOhc/edit
0 Response to "Configuring WCS with LDAP"
Post a Comment