Re: HELP! Really strange problem w/AD and LDAP/LDIFDE

Joe,

FYI, I've just sent off an email with my "analysis" of what may be going on in this one, particular environment. Basically, I'm theorizing that there are two factors at work here:

1) Having the two AD machines with exactly the same Windows domain name (but different hostnames, and different IP addresses), and

2) Some behavior which I/we haven't been able to identify with the way that AD handles simple LDAP binds, among the 3 different username formats.


I've suggested that they can either:

1) Leave things as-is, since my web app is now working, or

2) Re-configure things into a more "orthodox" configuration. In particular, I've suggested/recommended that they eliminate the "2nd AD", and let me point my web app at the "1st" ("real") AD/Domain controller, since this is how the other sites are configured.

I wasn't involved in the original decision to standup the "2nd AD", so I don't know exactly why they did that, but this particular site is suppose to be testbed-type site, so it's suppose to resemble the other sites as closely as possible anyway.

My guess is someone was overly risk-aversive and didn't want to have the web app affecting the "1st AD" (strange, since this web app is already in production at 3 other sites :)!)...


I'd still be interested if anyone has any insight into what is going on with the current, admittedly strange, configuration, in particular as to how and why this would interact with the format of the usernames used for the simple LDAP binds!!

Thanks again!

Jim




Joe Kaplan wrote:
I think you may be on to something here, as there may be some additional involvement with DNS and/or the GC in order to service the simple bind with UPN username and perhaps that is behaving weirdly in this environment due to something in its "checkered" past. :)

However, I'm clueless on this level of detail, so I'd want someone from MS (or a more useful MVP type :)) to step in and hopefully elaborate on what's going on under the hood.

Joe K.

.

Relevant Pages

  • Re: Secure some pages and not other
    ... > wanting how to set such multi-authroized configuration in a single ASP.NET ... > web app, yes? ... > Then we can specify different authorization protections for them via t he ... > heirarchical configuration Inheritance in web.config: ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Secure some pages and not other
    ... Thanks for posting in the community! ... you're using the Formsauthentication in your ASP.NET ... wanting how to set such multi-authroized configuration in a single ASP.NET ... web app, yes? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Configuration block behavior in n-tier application
    ... I have an n- tier application where a web app calls a web service to ... The Web service is configured to use the data access block. ... the context object's configuration file property points to the web ... How do i specify that the context information should be obtained from ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: SQL Database Connection Size
    ... Check your timeouts (web app, if involved, connection and command). ... > However, if the data is large> 15MB, it is prompt for username and> password. ... > Error Message ... > You do not have permission to view this directory or page using the> credentials that you supplied. ...
    (microsoft.public.dotnet.framework.adonet)
  • Custom configuration section handlers with Namespaces
    ... conjunction with my web.config in an ASP.NET web app. ... While I can specify a namespace in my ConfigurationSectionHandler, ... Of course, I could make my configuration a little more general, and have ... But it seems a shame to have XML Namespaces, and not be able to use them! ...
    (microsoft.public.dotnet.framework.aspnet)