In a hybrid configuration, authentication and authorization data can be stored in the LDAP directory
while the rest of the metadata resides in a transactional RDBMS. This avoids
the need for replication of participants and entitlements data.
FDI (Fuego Directory Interface) is the internal API the ALBPM products use to
access the Directory Service information. All changes performed in the LDAP
directory become automatically visible to FDI applications without
replication. FDI access to the LDAP directory is read-only.
More specifically, when using a hybrid directory service, BEA AquaLogic
BPM Suite retrieves the following from the LDAP directory:
- Organizational data including users, groups, group assignments and organizational units
- Security credentials of participants (including administrators)
- A portion of authorization data. In this case, groups are assigned in the LDAP directory rather
than from ALBPM Process Administrator or any other AquaLogic BPM component. Roles, however, are stored in the ALBPM directory RDBMS and are assigned to groups by using the Process Administrator.
Note: All other metadata is stored in the relational database.