It's all about the answers!

Ask a question

Start with Federated Realm, move to LDAP later?

Francis Kemp (7212744) | asked Sep 06 '12, 4:14 p.m.

I'm getting ready to install CLM for a customer using an Enterprise topology (JTS, CCM, QM and RM on their own virtual server). Unfortunately, the virtual infrastructure can't access the corporate LDAP server because it hasn't been 'blessed'.  I'm leaning toward using a Federated Realm for users initially, then moving to LDAP in the future after the infrastructure gets blessed.

Question 1: How much pain will be involved in moving from a Federated Realm to LDAP?  The same user IDs will be used in both scenarios.

Question 2: My understanding is that each Virtual Server needs to be configured to access LDAP or the Federated Realm.  If Single SignOn is configured, shouldn't only the JTS server need to be configured to contact the user repository?

One answer

permanent link
Stephanie Bagot (2.1k1513) | answered Jul 22 '13, 12:31 p.m.
With regards to your questions:
1- the most important part will be ensuring that the usernames and IDs are correct so that they can easily be authenticated into LDAP (when you move to LDAP) without losing any history.

2- Authentication and Authorization is handled by Tomcat/Websphere. Each application will need the configuration files to be able to access LDAP. Even with single sign on, the configuration is still needed.

Mathieu Defianas commented Nov 09 '16, 8:10 a.m.

I have the same question for the opposal ...
I would like to change LDAP connection to Federated.
What is the impact ?
Thanks for your feedback

Your answer

Register or to post your answer.