Leveraging on the Active Directory Infrastructure

When CF developers talk of not reinventing the wheel, we tend to quickly think of CFLIB.org, fancy web services, borrowed CFCs, commercial components like SoEditor, KTML, etc.

However, right under our noses are established frameworks that we could leverage, consequently speeding the time to market for (mostly enterprise) applications.

When I first started with CF application development, building, tweaking and supporting user administration modules for these applications was one heluva work to do. More annoyingly, users don’t want to have many usernames and password. Tracking profile changes from across the network to application privileges wasn’t fun.

Then I discovered Active Directory. Now I know that not all organizations run on AD but since Microsoft is still the dominant OS, I assume that there is a large number of AD implementations out there.

After a particular harrowing experience on my user admin modules, I sat there wondering why I couldn’t off load all my worries on AD? So I jumped into AD, LDAP and CFLDAP documentations, cooked up my code, and presto, I have a universal service interface between AD and my legion of applications.

So, if a user resigns, good, my apps bounce him out. If he leaves IT for another department, he automatically loses admin rights. User profiling is mirrored on the AD security profiles. The benefits are obvious; the network and security admins can continue their administration while the applications live their lives without breaking a sweat. Also, there is a better ROI because we don’t need to train and maintain application administrators, and there are less modules to breakdown anyway. Meanwhile, the downside is that if the AD, or my fancy interfaces have seizures, service failure epidemics will bring down the whole application ecostructure.

Over the next few posts, I will discuss more on how the interface was implemented and probably get ideas on how it could be fine-tuned in a sleeker way.