Today’s identity management solutions generally rely on using a central LDAP directory as their main identity repository. This is where all information relating to any employee should be available.
However, in enterprise environments, this identity information either originates from, or is needed in, a variety of different repositories. A few examples include the human resources software that stores employees’ information in a database, Microsoft’s Active Directory solution for desktop computer management which needs users’ identities, or that old directory which just won’t replicate with any newer solution.
So, how do you keep information in all these different identity repositories in sync with each other? Manually copying and pasting information is obviously not a viable solution for any more that a few hundred users.
The LDAP Synchronization Connector (LSC) project is an Open Source tool to address this problem. Relying on standard protocols, it can address any SQL database and any LDAPv3 directory, as well as read from flat files, in order to set up continuous synchronization between different repositories. A very powerful mapping mechanism allows fine-tuning of which data goes where, including default values, external lookups and directory-specific tools, such as password hashing and account status management.
Published under the BSD license, LSC was created 5 years ago. Since the creation of the public website, http://lsc-project.org, two years ago, about 10 regular contributors have been working to improve the tool.
This talk will introduce the need and frequent use-cases for such a tool, present the tool and surrounding project and detail some specific examples for use, including a live demo.
6th–11th July 2010