#1 2011-07-19 11:49:18

**_david3800_**

LDAP Integration and other authentication solutions on campus

In talking with Adobe support on LDAP integration, they are telling me that you have to download the entire LDAP directory to the Connect 8 server in order to integrate campus authentication. That doesn't seem very practical in smaller installations, especially when your directory is some 70-100k users. Are there other solutions available that would be more efficient? Has anyone implemented CAS with Connect?

Thanks for your help.

-David

Last edited by **_david3800_** (2011-07-19 11:51:22)

**_tlchurch_**

Re: LDAP Integration and other authentication solutions on campus

David,

There are two parts to LDAP authentication - syncing the directory and authenticating the user.

Authenticating the user does a real-time lookup of the username and password and receives confirmation from the LDAP server re: whether the user is authenticated or not. You can configure what happens if the LDAP server authenticates the user but the user is not registered to Connect (i.e. create a new Connect account or not).

Separately you can configure a directory sync, which yes imports all users specified in your configuration (you can use the entire LDAP structure or specific branches as well as filter out accounts based on an LDAP query). You specify which LDAP fields to import, and how to map them to the Connect account information fields. You also specify the frequency of the sync, or start a sync manually.

We had sync enabled daily with about 50K users, and the sync actually crashed our servers (well, Connect's heartbeat thought it had hung so restarted the services). Now we sync manually, although we will probably revisit this once we are ready to deploy the next system upgrade (currently running 7.2).