1

I work for a growing company that has several Rails-based SaaS applications. In it's growth, the company is going after larger clients, and one of the features that has come up as a requirement for these large companies is more sophisticated user management to ease the management of their thousands of users. Right now, client membership is simplistic and completely flat, and we've been asked to replace that with a customizable nested user-group-role management system capable of modeling any (reasonable) corporate hierarchy. We expect this to be a colossal undertaking.

To complicate matters, the company is trying to grow the business into a "platform" so we've taken on a few mortar projects to glue our existing and future applications together. One of these is a user-group-role management SOA project that all of our platform applications will use via web services rather than implementing their own.

I realize that implementing user-groups is not a new problem, so I'm interested in horror and success stories, and, of course, recommendations. What's the zeitgeist? Does anyone have any recommended reading? Should we roll our own RDBMS schema to handle this system, or should we implement something like LDAP?

jmaxyz
  • 928
  • 1
  • 8
  • 19
  • Not sure that it's the right place to write about "Zeitgeist". you are asking for a consulting advice. In a few words I would say, have a look to Single Sign On (SSO) architecture. – JPBlanc Apr 14 '11 at 05:15
  • By zeitgeist, I just meant "current thinking". – jmaxyz Apr 14 '11 at 12:51

1 Answers1

1

If you roll your own RDBMS schema, the performance and scalability is all up to your implementation. Instead you could use LDAP. You dont need to implement the LDAP (or below x.500 directory service). There are existing servers that can be used like OpenLDAP. If your company can afford you could use eDirectory from Novell or AD from MS. eDirectory supports some nice feature called dynamic groups. You may read that from here http://www.novell.com/coolsolutions/feature/5414.html.

kalyan
  • 3,076
  • 1
  • 22
  • 29
  • Yes, by "implement LDAP" I meant "setup and integrate with an LDAP server like OpenLDAP". – jmaxyz Apr 14 '11 at 12:53
  • ok. The question was not clear when you said implementing LDAP. For your problem I would say go LDAP. – kalyan Apr 15 '11 at 13:08