Data sources (databases, directories)

Airlock IAM stores various types of information such as user- and authentication token data in a persistence layer.

This documentation contains database schema information for the supported database systems and provides information on how to use Airlock IAM with directories.

The database (or directory) for productive systems is not part of Airlock IAM. Airlock IAM is not responsible for the operation and backup/recovery of the persistence layer. This is also true if the H2 database shipped with IAM is used.

Types of user data sources

Choosing the type of user data source influences the set of features that can be used.

Type

Description

Relational Database

Store all data in a relational database using an IAM specific schema. Schema data is provided with this documentation.

Required to use all features.

This is the recommended data source type. Using a different data source type limits the feature set that can be used.

Relational Database with user data from directory

Uses all data in a relational database using an IAM specific schema but takes user data from a directory.

Allows to use all IAM features and combine it with an existing LDAP directory or AD.

Active Directory

User- and password data plus some other user attributes are stored and managed in an Active Directory (default schema).

Strongly limits the set of usable features.

LDAP with Standard Schema

User- and password data plus some other user attributes are stored and managed in an LDAP Directory. Usage of standard object classes (InetOrgPerson or OrganizationalPerson), i.e. no schema extensions necessary.

Strongly limits the set of usable features.

LDAP with Extended Schema

Storage of user data plus some IAM specific attributes in LDAP. Requires extension of default LDAP schema by Airlock IAM specific attributes and object classes.

Limits the set of usable IAM features.