Re: Oh.... I'm just wondering who's seen this stumper...

There won't be a requirement to auth with say the UPN as any of the credential mechanisms will result in the same token, however, if say for instance the userid is specified with a blank password they would be authenticated as anonymous.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Ace Fekay [MVP] wrote:
In news:eKrq18esGHA.4784@xxxxxxxxxxxxxxxxxxxx,
Joe Richards [MVP] <humorexpress@xxxxxxxxxxx> stated, which I commented on below:
Oh, to add on, using LDAP to update attributes works in a delegated
manner, I have seen it in hundreds of production forests and thousands
of test forests. If delegating specific attributes to a user and that
user can't write them then they

a. Aren't authenticating properly
b. Aren't using LDAP properly
c. Aren't just updating those attributes or are updating those
attibutes incorrectly.

Joe,

I was following this thread and initially I thought to ask how authentication is written in the script. Now you mentioned A above, I wonder if it matters, especially in a multi-domain forest, or the fact that LDAP requires it, to authenticate using the UPN (username@xxxxxxxxxx) instead of an NTLM method (domain\user)? I think if it were the domain admin that cached credentials are used, but any other account would require specific authentication? Am I off base?


.

Relevant Pages

  • IAS forwarding / Multi-Forest / CA Requirement - trusted authority in PEAP properties
    ... Setup for 802.1x machine only authentication. ... "Protected PEAP" ... IAS is setup to forward requests to other domain if a computer ... Forwarding is working great between forests. ...
    (microsoft.public.internet.radius)
  • NTLM Authentication Across Forests
    ... Considering that the domains are in separate forests and that Kerberos ... authentication does not work across forests via external trust, ... since both .html and .aspx files reside on the same web server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Oh.... Im just wondering whos seen this stumper...
    ... I have seen it in hundreds of production forests and thousands ... authentication is written in the script. ... Microsoft MVP - Directory Services ... Instead of the website you're using, I suggest to use OEx (Outlook Express ...
    (microsoft.public.windows.server.active_directory)
  • Re: NTLM Authentication Across Forests
    ... > contains a website which in turn contains two files TestAccess.html ... > Considering that the domains are in separate forests and that Kerberos ... > authentication does not work across forests via external trust, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Similar User Names - OWA Access
    ... Ironically I am using Forms Based Authentication and have also instructed ... the user to try using their UPN. ... Try to find any documentation or articles ... > orange screen) and then the logon. ...
    (microsoft.public.exchange.misc)