adam bind-redirect

I am trying to understand if
our organization needs, could benefit from bind redirect/User Proxy Object
or perhaps should skip using it.

Our situation is as follows:
Our applications are ASP.Net apps running on IIS 6.0 and windows 2003.
Our Adam will have a user store where we put custom user attributes.
that are not in active directory.
We will also be using Azman. The store for Azman will also be an ADAM.

Internal Users/Apps.
We an internal Active Directory.
We will be using integrated security for internal applications

External Users/Applications:
Authentication is going to be handled by a third party.
They have there own SSO solution thats similar to forms authentication.
In addition, they have there authenticating agains there own Active Directory.

The adam will be located in our domain and we will be setting up a
trust between our domain and theres. So we can assign users to roles
from Azman.

Each environment (Internal/External) will have there own ADAM.

Comments:
1.If our are web apps are using integrated security we have
already authenticated the user in Active Directory. Isnt that
what the bind-redirect does (authenticates the user)?
Doing a bind redirect requires the username and password of the user being
authenticated. Correct or not?

The advantage is see by doing a bind redirect is that the user automatically
receives membership to the "Users" group in ADAM.
("When a user binds to an ADAM instance through a proxy object,
the user receives membership in the Users group on each naming
context that is held by the ADAM instance.")

2. The reviewers guide documentation:
I think the below statement is misleading or needs to be clarified
"With Active Directory Application Mode,
you can use bind redirection to provide Active Directory users
with access to both ADAM data and Active Directory data,
using Active Directory domain credentials as a single sign on (SSO)."




.

Relevant Pages

  • Re: ADAM Authentication
    ... Secure Password Authentication is checked on. ... will attempt to do a simple ldap bind. ... SDE, Active Directory team ... The ADAM ADSI editor ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Authentication
    ... Did you check "Use Secure Password Authentication" checkbox? ... will attempt to do a simple ldap bind. ... SDE, Active Directory team ... The ADAM ADSI editor ...
    (microsoft.public.windows.server.active_directory)
  • Re: adam bind-redirect
    ... > a third party doing authentication) then the proxy-redirect isnt an option. ... As Bind redirect requires the distinguishedName or userPrincipalName ... of the bind proxy object in the ADAM naming context and the Windows ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and Outlook XP Authentication
    ... What I meant to write was that I was trying to use Active Directory ... Application Mode as an LDAP directory for Outlook XP. ... >> I don't seem to be able to get Outlook XP to authenticate to an ADAM ... ADAM doesn't have mechanisms for authentication ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to write ASP.NET application that use ADAM for user authencati
    ... I agree with Lee on the virtual technology to help you take Active Directory ... Active Directory is used for identification, authentication (very ... ADAM on the other hand is more focused on holding objects and serving them ... > I think you would be better off developing Active Directory user ...
    (microsoft.public.windows.server.active_directory)
Loading