Re: ADAM and SQL Server
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 02/28/05
- Next message: Dmitri Gavrilov [MSFT]: "Re: Finding principal account type in AD or ADAM"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: ADAM and SQL Server"
- Next in thread: Mike Richards: "Re: ADAM and SQL Server"
- Reply: Mike Richards: "Re: ADAM and SQL Server"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 28 Feb 2005 16:17:19 -0700
Yes, I am pretty sure this is the case.
In order to impersonate you while going across the network, some special
provisioning needs to be done on your account and/or on SQL service account
(sorry, I don't remember the details off the top of my head). This is an OS
constraint -- the account(s) need to be marked as "trusted for delegation".
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote in message news:ezcpcbaHFHA.2936@TK2MSFTNGP15.phx.gbl... > I don't think SQL will impersonate your account when it calls in to ADAM. I > think you need to make sure that the service account SQL is running under > has read access to your ADAM instance. > > Joe K. > > "Mike Richards" <MikeRichards@discussions.microsoft.com> wrote in message > news:DCFA2997-9652-491D-A5C0-85DDD9D478D7@microsoft.com... > > Thanks for your speedy response, Dmitri; please excuse my delay. This is > > the > > security model: I use Windows authentication on my SQL Server, so I'm > > logged > > in to SQL Server as me (confirmed by SYSTEM_USER). My ADSI server > > definition > > says connections should be made using the login's current security context > > (and there are no impersonation definitions set up). I've added my Windows > > account as a reader (and a user, and an administrator) to my ADAM > > instance. > > So I thought that should work? or have I missed something? > > > > "Dmitri Gavrilov [MSFT]" wrote: > > > >> Check that SQL has read permissions in your ADAM instance. Add SQL > >> service > >> account (or whatever account it uses to connect to ADAM) to readers > >> group. > >> > >> -- > >> Dmitri Gavrilov > >> SDE, Active Directory Core > >> > >> This posting is provided "AS IS" with no warranties, and confers no > >> rights. > >> Use of included script samples are subject to the terms specified at > >> http://www.microsoft.com/info/cpyright.htm > >> > >> "Mike Richards" <MikeRichards@discussions.microsoft.com> wrote in message > >> news:DBB74A46-F70E-457A-A096-CE8FA5DEEA21@microsoft.com... > >> > Does anyone have experience of connecting to ADAM from SQL Server using > >> > Distributed Query? I'm running XP Pro SP2 and SQL2K SP3, and the query > >> > executes without errors but returns no information. This is true of SQL > >> > syntax and LDAP syntax, and the same query returns the information I > >> > would > >> > expect if issued via Directory Services in .NET. > >> > >> > >> > >
- Next message: Dmitri Gavrilov [MSFT]: "Re: Finding principal account type in AD or ADAM"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: ADAM Bind attribute question"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: ADAM and SQL Server"
- Next in thread: Mike Richards: "Re: ADAM and SQL Server"
- Reply: Mike Richards: "Re: ADAM and SQL Server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
