Re: Extending Active Directory using Attributes and XML

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

ADAM is interesting but I know very little about it and the
documentation is very poor.

The information I am trying to store is based on the user specifically.
The data will have a wider scope than the application (MI reports
etc.) though I expect the amount of data held in the attribute will not
be higher than a few kilobytes max.

Maybe if I clarify the purpose of the system. Basically we are
building a central application which will integrate with a number of
different systems; some on mainframes, some databases, some web
services etc. 100% of these systems are based around the user and that
user has a set of credentials that are required to use the system.
Sometimes these individual users have various levels of security and
you may have a username and logon but also a set of 'codes' which
identify you. To be honest the 3rd party systems are sometimes poorly
designed but we do have a one2one policy on user in our NT domain has a
single user on the 3rd party system.

In the first instance what we want to achieve is to store these
credentials in Active Directory (or similar) and provide seamless
access to these other systems through our bespoke central one. The
user will never know they have all these passwords codes etc.

On the other side these codes will be needed for reporting, so when
someone pulls stats from the 3rd party system they will need to marry
up the credentials (sometimes just numbers) with the real user.
Currently this is done through spreadsheets and is highly problematic
but moving forward we can do LDAP queries/exports instead.

So AD is the current line of thinking. To answer you're thinking yes
this is across all our sites and 70% of the companies users will be
affected and yes security is a big issue as usernames and passwords
will be held.

Thank you for advice so far but I haven't really grasped ADAM and may
need a few pointers.

.

Relevant Pages

  • Re: Extending Active Directory using Attributes and XML
    ... In order to use ADAM, you would essentially need to sync your AD with ADAM ... user has a set of credentials that are required to use the system. ... single user on the 3rd party system. ... user will never know they have all these passwords codes etc. ...
    (microsoft.public.windows.server.active_directory)
  • RE: My form locks up with my query
    ... you don't want to store your ... Your form can be based on the query. ... "Adam Horsman" wrote: ... > but also others ("associates", a variety of codes, etc) the form screen is ...
    (microsoft.public.access.forms)
  • Re: ADAM - SSO and provisioning considerations
    ... install an OU, do LDAP bind's to AD for authentication, and used some ... The above illustrates why you don't need ADAM. ... store for your identity store. ... they are all in the customer's identity store. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM and LDAP question
    ... My instincts tell me you really can use either store and it will work. ... does seem a little bit more of a natural fit though. ... to hear if you end up using ADAM for the data store for this, ... We used Admin account for everything. ...
    (microsoft.public.windows.server.active_directory)
  • Re: What is the best approach to the following situation?
    ... authorization system that derives role information from some sort of store. ... users in your ADAM store and create application-specific groups in ADAM that ... you simple use an ADAM LDAP bind for your Forms authentication ... application-managed authentication and authorization in web applications. ...
    (microsoft.public.windows.server.active_directory)