stackoom
  简体   繁体   中英

where to store personnel information LDAP or Database

 原文  2012-06-29 08:45:28       database/ authentication/ active-directory/ ldap/ sap

Question

In our application we are evaluating where to store all personnel information (name, email, phone, department, date of birth,date of hire, licenses/certificates, roles etc.). We will use LDAP/Active Directory for user authentication/authorization so at least some of these data will go into LDAP server. Our HR module and other applications also need some of these information and there is an overlap between them. We are thinking on storing all information in LDAP and just use user ID as a reference in our RDMS to LDAP user and populate other details of user during login process. Other than our application there will be other applications which will also use same user information. If we do not store personnel detail in ldap we will need to duplicate and synchronize user information in each system. LDAP will be needed for login information anyway. What is your recommendation on storing personnel detail in LDAP or DB tables?

2 answers

solution1
 5 ACCPTED  2012-06-29 14:32:03

Generally speaking, Active Directory isn't a good place to put sensitive PII like what you list. There's absolutely no technical reason that it can't store this data, but, securing it is more difficult. It's certainly not insurmountable, but, I would definetely suggest keeping HR data with HR and synchronizing any demographic information necessary to AD.

Use the Employee ID value in your HR system to maintain the relationship back to AD.

solution2
 1  2012-06-29 15:14:18

In our company, we built a middleware and an Intermediate Database which is updated 3 times a day. The middleware is an ABAP remote function that generates data from SAP, a C# program which uses SAP .NET connector to invoke the remote function and retrieve that data and save it in an Oracle Database.

This database is used to interchange information with Active Directory. Then systems as Exchange, messenger, SharePoint get the information of this Active Directory. Other internal systems have access to the Oracle database also. The advantage that we experienced is that we avoid the overhead that represents to access SAP and Active Directory everytime. We only access them 3 times a day but the users acces the Oracle database every second.

Hope it helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question android - store information in database Store Voting Information - Database Outline How to best normalize a personnel database, table options given Where do I store user personal information where to store information like gender and year of birth? Where to store possibly sensitive but unimportant information Where to store the database tables names? How to store user information in database in Angular 2? Best practices to store CreditCard information into DataBase Database Information : Store it in session or recreate it on every request?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM