Enterprise Architecture: From Incite comes Insight...

Mark Wilcox questions the usage of ADAM in some scenarios. I figured, I would provide another perspective...

Whenever I hear about ADAM being deployed - I always question why is it being deployed - so see if there is a better way. For example if the reason ADAM is being deployed is because you have data that exists in another database but you need it to be LDAP accessible, then that is clearly a benefit of deploying OVD.

I would love to know your thinking on why a database itself can't be exposed via the LDAP protocol? For example, what would prevent Microsoft from allowing SQL Server to be accessed by not only the TDS protocol but also LDAP? The code required to make this happen, wouldn't be too difficult for a talented team to get right. Of course, if you have less talented individuals then performance or other factors may emerge. Anyway, by putting it into the DB itself, wouldn't it help customers avoid purchasing yet another product with yet another support model?

Or it could be that you need to make your existing AD user data look like InetOrgPerson (instead of AD's proprietary user schema). OVD can on the fly make AD look like InetOrgPerson without needing to bring up ADAM.

Relational databases have always had the notion of a view and it was built-in the database without requiring an extra product. So, isn't this another scenario where Microsoft or other LDAP vendors should be thinking about views for LDAP?

Another slight twist to this use case is where you are deploying an application such as a portal,web access management or Unix authentication that needs to store data in user's entry but you can't extend the AD schema.

OK, so what would be the real reason why the AD schema can't be extended? Microsoft provides all the right tools. Is it stupid thinking in large enterprises?

exposes a standards-based changelog so your provisioning tools can easily integrate with it.

OK, I guess I am now officially confused. I wasn't aware that the concept of changelog was in any LDAP standard. If ADAM doesn't implement changelog, does this make ADAM non-LDAP compliant? I do know that the use of changelog isn't just limited to provisioning tools and many fugly ECM products also leverage (used in the negative sense) this functionality.

I guess I would ask Mark, to instead of questioning the usage of ADAM, help others outside of Oracle write better enterprise applications that bind natively to LDAP and don't require anything fugly like syncronization...