Based On The Research And Design Of The Ldap Directory Service Of A Unified Authentication System

Along with the deepening of the informatization, the number of application system of enterprises has been increasing, the amount of users has been booming, the role and identity of users have also been complicated. Moreover, the dispersion of application system has led the storage of user information to scatter, i.e., one user is related to inconsistent data and asynchronous life circles, which have formed the bottle neck of enterprise informatization. For the administrators of application system, the complication of user information and registration number management has already become a heavy burden. Although they have paid laboring work, the efficiency of management has not been substantially improved yet. For the users, some troubles have also been brought up in maintaining the different registration numbers and key words, which results in many repetitions when they log in different systems to revise their personal information.In order to improve the using experience of both administrators and users, fundamental changes need to be made to the current situation where every application system maintains its user information independently. And the research project of Integrated ID Management Platform is introduced here to resolve this problem.Based on the "SG186" Project of State Grid Corporation of China, this research has integrated the seven application systems of Sichuan Power Corporation, has combed all the user information of Sichuan Power Corporation, and has established the standard for the user information of Sichuan Power Corporation. The system has laid its groundwork on Lightweight Directory Access Protocol (LDAP afterwards), has analyzed the user record of the systems available in Sichuan Power System, and has designed the Sichuan Directory Management System through the coexistent data models from ID directory, recognition directory, and business resources directory. In this system, two important modules, ID synchronic sub-system and recognition sub-system, have been developed; ID synchronization between application systems and the function of multi-system single-sign-on for users have been realized. The system has formed the fundamental platform of the "SG186" project.This paper has done a comparative analysis on the key techniques of the Integrated ID Management Platform; has illustrated the framework of directory service technique; has acquired the data synchronization between application system and authorized source through the analysis and design of directory system frame based on HR Management System of Sichuan Power Corporation; has obtained the function of single-sign-on and the reverse proxy server of application system which is front-ended with portal system. To secure the stable and efficient operation of the system, this thesis has tested and analyzed the key points that would influence the whole project, and then acquired the expected results.The system has been accepted in May 2008 and put into operation.