LDAP BASED MULTI TENANT IN CLOUD IDENTITY MANAGEMENT SYSTEM

摘要

A multi tenant identity management (IDM) system enables IDM functions to be performed relative to various different customers domains within a shared cloud computing environment and without replicating a separate IDM system for each separate domain. The IDM system can provide IDM functionality to service instances located within various different customers domains while enforcing isolation between those domains. A cloud wide identity store implemented as a single LDAP directory can contain identity information for multiple customers domains. This single LDAP directory can store identities for entities for all tenants in separate partitions or subtrees of the LDAP directory each such partition or subtree being dedicated to a separate domain for a tenant. Components of the cloud computing environment ensure that LDAP entries within a particular subtree are accessible only to service instances that have been deployed to the domain that corresponds to that particular subtree.