Domain Trusts and LDAP
From: GMartin (gmartin_at_gmartin.org)
Date: 01/13/05
- Next message: KingBuzzo: "Re: NT4/2K3 DNS Domain Name - Fallback Issues"
- Previous message: Doug Danco: "Deleted a group now want to recreate it and give it the same sid??"
- Next in thread: Chriss3 [MVP]: "Re: Domain Trusts and LDAP"
- Reply: Chriss3 [MVP]: "Re: Domain Trusts and LDAP"
- Maybe reply: Paul Bergson: "Re: Domain Trusts and LDAP"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 Jan 2005 09:57:19 -0500
We're building an AD infrastructure to authenticate users of our
external web via LDAP. We already use AD internally. We need a
mechanism to allow internal users to authenticate to the external system
without creating new credentials for them.
My idea is to create one-way trust from the external domain to the
internal domain. This should allow one-stop shopping for the
authentication (vs. LDAP referral and a hole in the firewall from the
app svr to the internal AD). I think this will work, but I have several
questions
1 - How do we authenticate? We typically do a search & bind to
authenticate against LDAP. If I understand correctly, the search would
not work as the external AD wouldn't search the internal. Would we use UPN?
2 - When we create an account externally, how can we ensure (dow e need
to ensure) the account is unique in both domains (I guess is we use UPN
this wouldn't matter)
Thought on these or other suggestion on approaching the problem?
\\Greg
- Next message: KingBuzzo: "Re: NT4/2K3 DNS Domain Name - Fallback Issues"
- Previous message: Doug Danco: "Deleted a group now want to recreate it and give it the same sid??"
- Next in thread: Chriss3 [MVP]: "Re: Domain Trusts and LDAP"
- Reply: Chriss3 [MVP]: "Re: Domain Trusts and LDAP"
- Maybe reply: Paul Bergson: "Re: Domain Trusts and LDAP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
