LDAP-based multi-tenant in-cloud identity management system

摘要

A multi-tenant identity management (IDM) system performs IDM functions for a variety of different customer domains within a shared cloud computing environment without duplicating a separate IDM system for each separate domain Make it possible to do. The IDM system can provide IDM functionality for service instances located in a variety of different customer domains while performing isolation between those domains. A cloud-wide identity store implemented as a single LDAP directory may contain identity information for multiple customer domains. This single LDAP directory can store identities for entities for all tenants in a separate partition or subtree of the LDAP directory. Each such partition or subtree is dedicated to a separate domain for the tenant. A component of the cloud computing environment ensures that an LDAP entry in a particular subtree is accessible only to service instances deployed in the domain corresponding to that particular subtree.