Re: Integration issues...
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 19:45:47 -0500
ADAM won't really help much with two untrusted domains unless something like
MIIS is used to sync the passwords from both domains into ADAM. ADAM has
the ability to authenticate users in AD via passthrough and bind proxy auth,
but you could only do one domain at a time this way.
If the OP has the ability to control the code that is doing the LDAP auth,
the poor man's solution would be to try LDAP auth against the first domain
and then try the second one. I've seen a few apps that handle things this
way. ADFS actually uses a mechanism like this to support both AD and ADAM
user stores.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
news:%23$vLiZ8xGHA.2396@xxxxxxxxxxxxxxxxxxxxxxx
Can you expand on your requirements? Do you want to have these
applications interoperate with both AD domains? I can't see what you want
to do, or how ADAM will help, unless you wish to synchronise two
directories into one unified view to present to the application.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Follow-Ups:
- Re: Integration issues...
- From: Mark
- Re: Integration issues...
- References:
- Integration issues...
- From: Mark
- Re: Integration issues...
- From: Paul Williams [MVP]
- Integration issues...
- Prev by Date: Re: Utilizing a slow link
- Next by Date: Re: 2K AD and no DNS service running with replication errors PLEAS
- Previous by thread: Re: Integration issues...
- Next by thread: Re: Integration issues...
- Index(es):
Relevant Pages
|
Loading
