Re: How Redirect ADAM to AD ?
- From: marc <marc@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Aug 2006 23:11:01 -0700
Hello Joe,
Here, I must migrate my ldap current towards ADAM in order to be able to use
authentification AD to use a Web application.
Initially I analyzed data LDAP. Then I carried out a retrieval ldif of the
applicatives data. Then, I created the whole of my classes and attributes
specific for this application and I extended ADAM schema.
In order to be able to authenticate my users with their account AD I thought
of making a redirection proxy but the SID is not developed.
I wondered how to make to be able to authorize them has to use the
application without Re-developing the applicatif code.
"Joe Kaplan (MVP - ADSI)" wrote:
Hi Marc,.
Don't worry about the language. I think I follow you. Thanks for trying to
speak English. :)
Regarding the first problem, I'm not sure I understand. In order to do an
LDAP bind (using a tool like LDP.exe or something else), you should not need
to be in the readers role. Bind just authenticates the user. The group
membership is only needed if you want to be able to search for objects in
ADAM (authorization) using that user's security context.
Regarding the second problem, bind proxies are only useful for users in AD.
I do not know how you could use those with another LDAP directory. Are you
migrating those users into AD and then accessing them in ADAM, or are they
going to be created directly in ADAM? If they are going straight into ADAM,
then you don't need bind proxies or secure binds. ADAM users are
authenticated via LDAP simple bind (or Digest auth in SP1).
Can you explain a bit more on both of these scenarios?
Thanks!
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"marc" <marc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CD6658AB-2F8F-485A-A66E-8F150D97B95A@xxxxxxxxxxxxxxxx
Hi Joe,
In first, i would to excuse me for my poor english.
And I would like if it's possible to exemplain me the first solution.
If a user connect to ADAM with LDP by a secure bind. I have a message. The
user is not authenticated. But if I add the user on the Role user, it's
good.
Is it the good process ?
For the second solution, my problem is the SID.
I do migrate a LDAP Z/OS with a database DB2 to ADAM but the SID is not a
data
to develop in this database. And I have more of 22000 users for this
application.
Thanks for your help
Best Regard
Marc
"Joe Kaplan (MVP - ADSI)" wrote:
There are two ways that users in AD can be authenticated by ADAM. You
can
either do a secure bind (negotiate auth) to ADAM and ADAM will redirect
the
auth to the operating system. At that point, any domain that the machine
has a trust relationship with can be authenticated.
If you want to use LDAP simple bind, you can create bindProxy objects for
your AD users in ADAM.
There are more details on both of these scenarios in the ADAM
documentation
(worth a read).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"marc" <marc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2277DCC7-E1E7-4FDB-8100-66B560DAB793@xxxxxxxxxxxxxxxx
I would to know how to redirect authentication back to AD
Marc
- Follow-Ups:
- Re: How Redirect ADAM to AD ?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How Redirect ADAM to AD ?
- References:
- Re: How Redirect ADAM to AD ?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How Redirect ADAM to AD ?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How Redirect ADAM to AD ?
- Prev by Date: Re: Stupidest Mistake in AD History - It's almost ingenious, almost EVIL
- Next by Date: Site replication
- Previous by thread: Re: How Redirect ADAM to AD ?
- Next by thread: Re: How Redirect ADAM to AD ?
- Index(es):
Relevant Pages
|
