How do you integrate Active Directory into a .NET app using DDD?

Question

How are you integrating Active Directory objects (users, groups, etc) into your DDD .NET app? What do your repositories look like and how are you handling LDAP sessions, transactions, and unit of work? Note that I'm not talking about simple authentication/authorization scenarios but rather when the AD objects are part of the core domain model of your app.

I'm working on an application that does provisioning/deprovisioning of AD users and I'm curious what other folks are doing for bringing AD objects into their DDD app. I imagine you're not dragging around the DirectoryEntry object throughout your app but I haven't found any good ORM-type tools for LDAP objects (maybe OLM - Object-LDAP Mapping?).

EDIT: More background info on the question is in this forum post from the Sharp Architecture project.

Answer 1

I'm doing something similar, actually. Not the same goal, but the fact of using DDD to build an app that works w/ AD.

My take is that the LDAP is my persistence layer. So my Domain Model is all made up of objects that are specific to my app, not specific to AD. My repository implementation is then all AD-specific stuff, taking my objects and mapping them to AD objects and so on. I actually built an IRepository for the base, and then IUserRepository, etc, as needed for the domain aggregates. The implementations then are named like ADUserRepository.

I find this to be the easiest way to manage all this and keep my mind; it also makes testing easier for what I'm doing (not sure it'll help w/ your app).

I don't know of any OLM (nice term) tools that you can use; I've just been mapping it manually since I'm really interested in just a subset of what AD has in it.