When extending Active Directory to Unwired Platform, understand the following design implications.
Factors that impact the implementation of Active Directory as and LDAP provider in a production environment include:
- Shared identities among Sybase components – If you are using Active Directory for all authentication requests (that is, administration logins to access Sybase Control Center and application logins to access data), you must set up both Sybase Control Center and Unwired Server to use this Active Directory installation. This configuration allows users to have a shared user identity in both components. However, the user identity must be already configured both as an Unwired Platform user as well as an administrator.
- LDAP data structure and administrative control – Depending on how much control your organization wants remote administrators to have, the LDAP structure may vary. For example, an organization with 100 employees that scattered among three different offices in three different parts of world:
- To grant remote administrators privilege for resetting passwords, unlocking user accounts, and so one, the organization may use organizational units (OUs) for each remote office and then place the user accounts from each office into the appropriate organizational unit. In this case control can still be maintained for the entire directory by a super administrator.
- To completely delegate control of the remote offices to the remote administrator, separate domain for each office may be created.
Because Unwired Platform requires that roles be added to the repository in specific locations, you must be sure that these roles are added in the organizational structure correctly or authentication may be problematic. In this case you may need to coordinate the implementation with one or more LDAP administrators.
- Resource and availability requirements – resource and availability plans may dictate that your organization may also maintain separate Active Directory sites for some offices. For example, the same organization with 100 distributed employees may use two physical server nodes in each remote office. One server would act as a domain controller, global catalog, DHCP, and DNS server. The other would act as a file server (possibly a DFS server). In this case, ensure that ADS server locations are configured appropriately when you configure LDAP providers in Unwired Platform.