Re: ADAM Proxy Bind re-direction - In reverse
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 22:35:23 -0600
You can't. It doesn't work like that. :)
The closest thing you could come to approximating something like this would
be to authenticate against ADAM via an LDAP bind and then use Kerberos S4U
to do protocol transition to create a Windows logon token for the user. S4U
is accessed programmatically via the LsaLogonUser API call or in .NET via
the WindowsIdentity constructor that takes the user's UPN.
Perhaps you are trying to do something like that? If not, please explain
your application in more detail.
Interestingly, this is one of the methods that ADFS uses to integrate web
applications that require Windows tokens with alternate identity stores like
ADAM.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"GeoW" <lanman@xxxxxxxxxxx> wrote in message
news:1168975397.762689.153900@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Most are probably familiar with the ADAM Proxy Bind feature which
basically allows an ADAM user account to be authenticated against an
Active Directory password. I'd like to do exactly the reverse - I want
to authenticate Active Directory users against a password stored in our
ADAM directory.
Any idea how this might be accomplished?
George
.
- Follow-Ups:
- References:
- ADAM Proxy Bind re-direction - In reverse
- From: GeoW
- ADAM Proxy Bind re-direction - In reverse
- Prev by Date: Re: ADSI Problem
- Next by Date: Re: Satellite Branch Office Woes
- Previous by thread: ADAM Proxy Bind re-direction - In reverse
- Next by thread: Re: ADAM Proxy Bind re-direction - In reverse
- Index(es):
Relevant Pages
|
