Is there any plan to plug Alfresco directly on a LDAP ?

In our enterprise, Users and Groups are managed into a LDAP. So we are currently using the Alfresco LDAP synchronization mechanism to import the corresponding users and groups into the Alfresco repository.

The problem is that we currently have about 3000 Groups to import and about 12.000 users. So the synchro process (based on XML file creation and import) takes more and more time and sometimes fails (please note that most of the time is does not really failed due to errors, but it is stopped because we are running the synchro during night and we also have to stop the server for backup).

We are currently implementing a custom “user provisionning” process to manage the synchro in a more robust way, but I have asked to Alfresco editor if there are any plan to allow customer to plug Alfresco directly on an external User repository (like an enterprise LDAP).

 

Here is basically the Alfresco feedback:

First, the synchronization will always be the approach chosen by Alfresco. This is mandatory if we want to keep good performances (caching access rights vs on the fly retrieving groups from LDAP). Moreover, LDAP administrator will probably not appreciate to see thousands of request sent to LDAP per seconds each time a user access to an alfresco space).

However the current LDAP synchro mechanism is currently being redesigned and will not be based on the current approach (i.e synchro of full LDAP entries at each batch execution).

My interlocutor was not able to describe the new detail design of the process but this is a priority for engineering for the 3.2 release. But the new approach will still be based on a synchronization solution (full or delta mode).

 The first relase of this process should be available in 3.2E beta.

—————-

Well, my point of view is still that it would be really useful for big customer like us if Alfresco could be plugged directly on a LDAP…this will avoid maintaining and “monitoring” the synchro process, and also this would prevent any problem of synchronisation. This is an existing option of some “advanced” softwares we already use internally, and this is working well. Of course to garantee good performances a very efficient User/Group caching strategy/layer must be implemented at the software level (on top of LDAP), but this is technically feasible…

Hope Alfresco will change its strategy in future release…

Advertisements

One Response to Is there any plan to plug Alfresco directly on a LDAP ?

  1. […] planned in v3.2 I did raise my concerns to Alfresco Editor regarding LDAP synchronization (see my previous post), and I’m happy to see that they have been able to take our needs into […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: