Hi Michael, If you could say more about your application requirements, any comments you get would be more meaningful. But in any case...
1) Why do you want to bypass W2K authentication and use your own database for authentication? I'm assuming your users have to authenticate into a W2K domain anyway, so why force them into another set of credentials? 2) Generally speaking, if you want to store additional information associated with AD objects such as users, groups, and computers, you should simply extend the schema for those three classes, and store and retrieve the additional data using ADSI/LDAP. It's quite simple and fits well. It does not require modifying the provider, just the schema. 3) "I don't want the users to have to log on to a DC..." I'm confused by this. Are you implying that your users are not authenticating into a W2K domain already? If they are authenticating to the domain, they are already "logged on to a DC". In any case, the default ACLs in W2K (not in .Net Server though) are set to allow unauthenticated users to list things like users and computers, so this should not be a problem. 4) Creating a new provider (I assume you mean ADSI provider?) is a large task, and unless you have a really wacky database, I can't imagine why you would bother. If your database is relational, there should be an ADO or ODBC provider for it already. If not, writing an OLE DB provider for it would be a much simpler solution. But then the question is why do you need to use a wacky database? Hope this helps, -gil -----Original Message----- From: Michael Penland [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 8:35 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Providers vs Extensions ?? All, I know there are some true experts out here? My question is: I am creating an application that is maintained by a data base. The database handles Authentication, storing the Users, Groups, and Device specific information pertaining to those users or groups. I don't want the users to have to log on to a DC for use of the application, but I want to list the users, and groups in the Active Directory for browsing, status information and replication. 1. (a.) Do I extend the LDAP providers Person Object, as well as the schema to accomidate the added properties and functionality. 1. (b.)Do I extend the LDAP provider creating a New DN under the rootDSE and add as OU's the Users, Groups and Devices. 2. Do I write a provider that extend the ADSI Directory to provide the Objects and functionality of my application. If so, could I then also extend the LDAP Provider to access my Provider. Thus giving my application acces from the LDAP provider as well. All suggestions are appreciated. MPenland VIRUS FREE SMTP! MarinaOne List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
