We want everything to be integrated. Who would not? It usually sounds as though it should not be too difficult. But often it is rather more complex than it seems.
An example: user profiles. Telligent make an excellent collaboration platform for forums and blogs called Community Server. It is simple to set up and use, inexpensive and runs on Windows. Community Server comes with an optional Active Directory (AD) authentication module. That’s alright then. We can implement it inside an organisation and have people use their normal Windows account. Except they can’t, entirely.
The Community Server AD authentication module does not actually defer to Windows for account management. It still creates an account in its own database, but it marks it as a Windows account and lets Windows tell it whether the logon is valid or not. This works fine when you log directly onto Community Server. But if you try to connect to Community Server with an editor to upload content the authentication will fail. You would need to know the random password stored in the database for the parallel account.
Also, you would like the user details in Community Server to be the same as the user details in Active Directory. For example, details like e-mail address, phone number, title. But in fact the two accounts are entirely separate. Details you have in AD do not show up in the Community Server profile, even though you are using the AD authentication module. And if you change your password in Community Server it does not change in AD.
This is not in any way a criticism of Community Server. The AD authentication module does what it says, in allowing the user logon to be authenticated against an AD account. But it does not provide an integrated Windows service. To do that, you would need to build CS to use the standard Lightweight Directory Access Protocol (LDAP), and then to connect to a compatible LDAP database for all its accounts details, and provide an LDAP interface to manage the account. Then you could use Windows, or other LDAP compliant systems, for your integrated accounts.
A product like Confluence from Atlassian, for enterprise wiki’s, also has an LDAP module for AD integration. This handles the user account and group memberships. But they also have not yet implemented a common user profile, so contact details in Confluence will still be different from AD.
To make web services like these work more easily for the user we use another product, EmpowerID from The Dot Net Factory. EmpowerID has components that enable the user to manage their password and profile on the web. The nice thing about these components is that they can integrate into other web services. For example, if your logon fails, the web site will bring up the MyPassword component for password recovery. In our view this kind of integration makes the services much more usable.