Use-Case

The following scenarios are some of the most popular applications of Penrose:

1. LDAP Gateway: Allowing LDAP clients to access relational database server. Penrose converts LDAP Queries into SQL Queries and convert the SQL result into LDAP-Style response.
2. Speed-up Policy Server Deployment: When deploying a policy server, such as CA Siteminder, it requires a directory server to store all of user profiles. If all of your user profiles are stored in RDBMS, such as Oracle, you can use Penrose to dynamically repurpose the data from RDBMS and to make make the data available to the policy server, without creating another user profile container.
3. Authentication: In many organizations, Active Directory server is central store of user attribute information, including password. Penrose can pass through credentials to Active Directory for password authentication. Penrose can do so without storing AD passwords in two locations. (Screencast)
   
4. Directory Integration: In general, the closer information to its source, the more accurate and timely the info is likely to be, for at least 3 reasons:
   1. the source of the information, by definition, the most accurate.
   2. Extra delay and opportunity for error between the source and directory are eliminated
   3. Depending on the info and the application, the source is likely to be the party most motivated to maintain the information correctly.
   Based on this assumption, Penrose can integrate multiple directories spread out from a single department, multi-departments or even from other organizations, leaving the task of updating their directories to the respective owners.
5. Directory Firewall/Proxy/Auditing: Penrose can record user activities against the targeted directory/database. This could help businesses comply with the audit requirements regulations, such as HIPAA (Health Insurance Portability and Accountability Act), the Graham-Leach-Bliley Act and the Sarbanes-Oxley Act.
6. Identity Federation: by leveraging Penrose Virtual directory platform combined with federation server, such as PingFederate, companies can expect to reduce implementation costs for their federated identity efforts. By making these numerous identity stores appear as a single virtual interface PingFederate can seamlessly make these attributes available to federation partners.