0

what is the best way to manage user data for multiple applications using opendj. is creating different backends with different baseDN a good option?

ex: 
backend1 baseDN dc=app1,dc=abc,dc=company,dc=com
backend2 baseDN dc=app2,dc=abc,dc=company,dc=com
....

searching in this case be done using,

  $ ldapsearch --baseDN dc=app1,dc=abc,dc=company,dc=com "search"

or modify the modify the ldap schema to include an objectClass/attribute value as an application name? in this case, searching certainly can be an issue.

Bharath
  • 1,787
  • 1
  • 20
  • 37

1 Answers1

1

It really depends what you are trying to achieve. Usually, it is preferable to have a user be represented by a single entry (and single credentials for the user). The application specific data can be either a set of attributes (from an Auxiliary objectClass) or a set of sub entries.

But if the application data is not user specific, and there are no (and very close to zero) duplicated data, the model of having a branch per application can work.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • we have multiple client facing applications to manage. a same user having account in different application is considered as distinct users. there is no reason to be identified as the same user (infact it may not be possible to identify as the same user). Also, some of the fields which can be application specific is oauth token. – Bharath Nov 21 '16 at 06:24
  • Then you should organize the data per application, and thus by naming context (baseDN). – Ludovic Poitou Nov 21 '16 at 13:11
  • just to clarify, that also means creating separate backends for each application. – Bharath Nov 23 '16 at 07:24
  • 1
    With OpenDJ, you can have multiple suffixes in the same backend, but that means a single set of indexes. If you need different indexes, use separate backends. – Ludovic Poitou Nov 23 '16 at 10:55