Re: Is is possible to have Active Directory use a different LDAP server for logging in users?

Cool, I hope you find it useful. I tried to fix as much as possible from the previous edition and add as much as I had time to to enhance its value.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Ian Becker wrote:
Thanks Joe, I think that will help out a lot and will look into it.

Kind of funny that you replied considering I am reading your book right
now.

-Ian


Joe Richards [MVP] wrote:
It is if you can kerberize the Tivoli stuff and make it into its own
realm (i.e. like a domain). Then you tell AD to trust that realm and it
will be similar to using another trusted domain.

Otherwise no, LDAP isn't a good auth mechanism and isn't an auth
protocol at all despite the fact that people use it for that. Windows
uses kerberos for Auth because it is a true auth protocol designed
specifically for that purpose.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Ian Becker wrote:
In our current environment, we have a Tivoli Directory server that is
our main LDAP server, would it be possible to have Active Directory
pass through logons to that to authenticate users without actually
replicating the databases?

Thanks,
Ian


.

Relevant Pages

  • Re: Large numbers of Users in an OU
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ...
    (microsoft.public.windows.server.active_directory)
  • Re: Is is possible to have Active Directory use a different LDAP server for logging in users?
    ... Thanks Joe, I think that will help out a lot and will look into it. ... LDAP isn't a good auth mechanism and isn't an auth ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ...
    (microsoft.public.windows.server.active_directory)
  • Re: unable to create email address
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... The child domain was removed using ntdsutil and using adsiedit. ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Re: Mail Enable : Discovering non-Mail enabled users
    ... Check out the Exchange chapter I originally wrote for the Windows Server COokbook, I am pretty sure that discusses that. ... It also made it to the Active Directory Third Edition and Active Directory Cookbook Second Edition. ...
    (microsoft.public.exchange2000.development)
  • Re: Learning Active Directory? Any ideas?
    ... I concur with Jorge, start with my book (Active Directory Third Edition), then if you want scripting info move into O'Reilly's Active Directory Cookbook, and then if you have a thirst for even deeper info go into Inside Active Directory Second Edition from Sakari Kouti. ...
    (microsoft.public.windows.server.active_directory)
Loading