Re: How Redirect ADAM to AD ?
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 9 Aug 2006 09:12:37 -0500
If you wish to authenticate your users in AD against ADAM using a simple
LDAP bind, then a bind proxy is what you want to create. All of your AD
users definitely have a SID. AD and Windows don't work without those. The
trick with bind proxy classes is that you have to populate the objectSid
attribute at creation time. Once you have done that, it should work fine.
Your ADAM server would need to be joined to a domain that has a trust with
the AD in question as well so that the authentication is possible.
If there is some other problem with the users in AD, please explain.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"marc" <marc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:49FBB84B-2017-4B98-9882-5459A4F09D2F@xxxxxxxxxxxxxxxx
Hello Joe,
Here, I must migrate my ldap current towards ADAM in order to be able to
use
authentification AD to use a Web application.
Initially I analyzed data LDAP. Then I carried out a retrieval ldif of the
applicatives data. Then, I created the whole of my classes and attributes
specific for this application and I extended ADAM schema.
In order to be able to authenticate my users with their account AD I
thought
of making a redirection proxy but the SID is not developed.
I wondered how to make to be able to authorize them has to use the
application without Re-developing the applicatif code.
"Joe Kaplan (MVP - ADSI)" wrote:
Hi Marc,
Don't worry about the language. I think I follow you. Thanks for trying
to
speak English. :)
Regarding the first problem, I'm not sure I understand. In order to do
an
LDAP bind (using a tool like LDP.exe or something else), you should not
need
to be in the readers role. Bind just authenticates the user. The group
membership is only needed if you want to be able to search for objects in
ADAM (authorization) using that user's security context.
Regarding the second problem, bind proxies are only useful for users in
AD.
I do not know how you could use those with another LDAP directory. Are
you
migrating those users into AD and then accessing them in ADAM, or are
they
going to be created directly in ADAM? If they are going straight into
ADAM,
then you don't need bind proxies or secure binds. ADAM users are
authenticated via LDAP simple bind (or Digest auth in SP1).
Can you explain a bit more on both of these scenarios?
Thanks!
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"marc" <marc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CD6658AB-2F8F-485A-A66E-8F150D97B95A@xxxxxxxxxxxxxxxx
Hi Joe,
In first, i would to excuse me for my poor english.
And I would like if it's possible to exemplain me the first solution.
If a user connect to ADAM with LDP by a secure bind. I have a message.
The
user is not authenticated. But if I add the user on the Role user, it's
good.
Is it the good process ?
For the second solution, my problem is the SID.
I do migrate a LDAP Z/OS with a database DB2 to ADAM but the SID is not
a
data
to develop in this database. And I have more of 22000 users for this
application.
Thanks for your help
Best Regard
Marc
"Joe Kaplan (MVP - ADSI)" wrote:
There are two ways that users in AD can be authenticated by ADAM. You
can
either do a secure bind (negotiate auth) to ADAM and ADAM will
redirect
the
auth to the operating system. At that point, any domain that the
machine
has a trust relationship with can be authenticated.
If you want to use LDAP simple bind, you can create bindProxy objects
for
your AD users in ADAM.
There are more details on both of these scenarios in the ADAM
documentation
(worth a read).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"marc" <marc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2277DCC7-E1E7-4FDB-8100-66B560DAB793@xxxxxxxxxxxxxxxx
I would to know how to redirect authentication back to AD
Marc
.
- Follow-Ups:
- Re: How Redirect ADAM to AD ?
- From: marc
- Re: How Redirect ADAM to AD ?
- References:
- Re: How Redirect ADAM to AD ?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How Redirect ADAM to AD ?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How Redirect ADAM to AD ?
- From: marc
- Re: How Redirect ADAM to AD ?
- Prev by Date: Re: Security Group Keeps getting removed???
- Next by Date: Re: Default Group Policy issues
- Previous by thread: Re: How Redirect ADAM to AD ?
- Next by thread: Re: How Redirect ADAM to AD ?
- Index(es):
Relevant Pages
|
