A user directory authenticates users against a list of user information, but does not authorize users. A directory can tell you if someone is a valid user of the system, but cannot assign ColdFusion security permissions to the user. When you create a security context, you select users and groups from a user directory, then individually assign them access rights to ColdFusion resource. ColdFusion developers then include code in the applications that check if a user has access rights.
You can incorporate any of the following industry-standard user directories into ColdFusion:
Lightweight Directory Access Protocol (LDAP) — If you run ColdFusion Server in a UNIX platform, you can use only LDAP directories to store security profile information. Install the LDAP Directory Server on UNIX before installing ColdFusion Server. If you already installed ColdFusion Server and you want to use the LDAP Directory Server, reinstall ColdFusion after installing the LDAP Directory Server.
Windows NT domain — If you work in a Windows NT platform or deploy your application code to a Windows NT environment, authenticating against a Windows NT domain is a good choice. This method provides a quick way to implement ColdFusion Advanced security because users and groups are already defined. ColdFusion Advanced Security does not provide any user/group management facilities; you must manage users and groups using the Windows NT User Manager for Domains administrative utility.
ODBC data source — If your ColdFusion applications already use a Sybase, Oracle, or any other database that supports connections through ODBC, you can use your existing database to also store your security profile tables. You must register an ODBC data source with ColdFusion before you can use it to store security profile information.
Because ColdFusion uses your existing LDAP directories, NT domains, or data sources, you do not have to create and maintain redundant user directories to develop or deploy ColdFusion applications. Using existing NT or LDAP provides an added bonus; user groups to whom you assign security privileges automatically inherit changes to group membership. You do not have to perform any additional maintenance.
For example, suppose your company's domain contains a user group called BigDev. You used Advanced Security to give the BigDev group access to a number of tags. Your company hires a new developer to work in the BigDev group. When the new developer is added to the BigDev group in your company's NT domain, she's automatically granted access to the custom tags because of her user group affiliation.