The LDAP Proxy server solves significant business challenges for your system:
High availability of back-end servers: LDAP Proxy provides dynamic load balancing and automatic failover capabilities that ensure high availability and scalability of the directory infrastructure.
Enhanced security: LDAP Proxy acts as a directory firewall by using flexible network restriction policies. These policies control the connections based on the network identity of the client application. LDAP Proxy also protects the directory infrastructure from end users.
Enhanced access control: LDAP Proxy provides flexible and extensible identity-based policies. The identity can be grouped by the client's network, LDAP Bind DN, LDAP Bind DN container, and proxy listener interface. Additionally, you can have granular control over various aspects for all users or a specific set of users, including:
Routing connections to a specific back-end server group
Denying certain requests such as subtree searches with a (cn=*) filter, or allowing read-only access
Re-encoding requests to enforce a search time limit or size limit
Hiding containers and blocking certain attributes
Centralized auditing and live monitoring: LDAP Proxy acts as a single point of auditing and eliminates costly back-end auditing of directory servers. Centralized live monitoring helps to generate a graphical view of the ongoing activities at the proxy server and back-end directory servers. It helps to detect potential problems before they arise, so that you can take appropriate measures. Regardless of the vendor or version of the back-end servers, you can use the same auditing and monitoring solution.
Graphical trend analysis: LDAP Proxy provides a graphical view of trend data such as network traffic, load, and performance. This helps to analyze and fine-tune directory infrastructure.
Schema mapping: LDAP Proxy provides schema compatibility that helps applications to work with any LDAP directory. Furthermore, schema mapping enables you to have multiple views of the same Directory Information Tree, based on identity. Therefore, applications do not need to change when the directory infrastructure changes.
Data consistency: LDAP Proxy allows access to the latest directory data regardless of the distributed nature of a directory infrastructure. This is achieved by using the request-route-dit attribute. For more information, see request-route-dit:.