Start with Federated Realm, move to LDAP later?
I'm getting ready to install CLM for a customer using an Enterprise topology (JTS, CCM, QM and RM on their own virtual server). Unfortunately, the virtual infrastructure can't access the corporate LDAP server because it hasn't been 'blessed'. I'm leaning toward using a Federated Realm for users initially, then moving to LDAP in the future after the infrastructure gets blessed.
Question 1: How much pain will be involved in moving from a Federated Realm to LDAP? The same user IDs will be used in both scenarios.
Question 2: My understanding is that each Virtual Server needs to be configured to access LDAP or the Federated Realm. If Single SignOn is configured, shouldn't only the JTS server need to be configured to contact the user repository?
One answer
1- the most important part will be ensuring that the usernames and IDs are correct so that they can easily be authenticated into LDAP (when you move to LDAP) without losing any history.
2- Authentication and Authorization is handled by Tomcat/Websphere. Each application will need the configuration files to be able to access LDAP. Even with single sign on, the configuration is still needed.