I am going to work on a new project which is related to security. Currently, I am studying where to store user credential like password and token. What we have now is to store this sensitive information in MongoDB along with a user profile. Well, I am not sure if this is a good design or not. But, I would like to make a change by separating the credential and profile data to different storage like LDAP and MySQL or even MongoDB. The main difference is to store users' credential in LDAP and store profile data in either MySQL or MongoDB. Thinking of performance and security level an LDAP can provide, do you think the LDAP is still a relevant technology in such a case? Or, how do you use LDAP?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
Given the huge number of corporate "seats" that are managed via Microsoft's Active Directory (and things like Red Hat's Directory Server and related technologies), there's probably quite a large number of organizations and people that think LDAP is still a relevant technology for hosting security credentials.
Note that when you use technologies like OpenLDAP, you can use any number of back-ends for storing the directory-data. This means that, if you prefer to store your credentials in MongoDB but use OpenLDAP to provide a widely-adopted interface to that DB, you can.