Yes some users are autenticated on the daomain when they log on to there PC but some users and groups in the database will not be a part of the domain users or Domain Groups. they may communicate through the web or dial in. These users will be authenticated to the W2k domain through a pre-created account with the apropiate DACL. as the anonymous user. Example: IWO_System_User.
As well some members in the data base will have no direct assosiation to the domain other than being listed in the database. They may have assosiated contacts or devices, or the combination of both. I want these to be listed as well. Maybe extending the Person > Contact object. basicaly I want to replicate the entire user, group and device objects along with there specific properties and methods to ADSI so they are replicated and browseable across the domain. MGP ----- Original Message ----- From: "Gil Kirkpatrick" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 14, 2002 12:15 PM Subject: RE: [ActiveDir] Providers vs Extensions ?? > Hi Michael, > > If you could say more about your application requirements, any comments you > get would be more meaningful. But in any case... > > 1) Why do you want to bypass W2K authentication and use your own database > for authentication? I'm assuming your users have to authenticate into a W2K > domain anyway, so why force them into another set of credentials? > > 2) Generally speaking, if you want to store additional information > associated with AD objects such as users, groups, and computers, you should > simply extend the schema for those three classes, and store and retrieve the > additional data using ADSI/LDAP. It's quite simple and fits well. It does > not require modifying the provider, just the schema. > > 3) "I don't want the users to have to log on to a DC..." I'm confused by > this. Are you implying that your users are not authenticating into a W2K > domain already? If they are authenticating to the domain, they are already > "logged on to a DC". In any case, the default ACLs in W2K (not in .Net > Server though) are set to allow unauthenticated users to list things like > users and computers, so this should not be a problem. > > 4) Creating a new provider (I assume you mean ADSI provider?) is a large > task, and unless you have a really wacky database, I can't imagine why you > would bother. If your database is relational, there should be an ADO or ODBC > provider for it already. If not, writing an OLE DB provider for it would be > a much simpler solution. But then the question is why do you need to use a > wacky database? > > Hope this helps, > > -gil > > -----Original Message----- > From: Michael Penland [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 14, 2002 8:35 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Providers vs Extensions ?? > > All, > I know there are some true experts out here? > My question is: > I am creating an application that is maintained by a > data base. The database handles Authentication, storing the Users, Groups, > and Device specific information pertaining to those users or groups. > I don't want the users to have to log on to a DC for use of the > application, but I > want to list the users, and groups in the Active Directory for browsing, > status information and replication. > 1. (a.) Do I extend the LDAP providers Person Object, as well as the schema > to accomidate the added properties and functionality. > 1. (b.)Do I extend the LDAP provider creating a New DN under the rootDSE and > add as OU's the Users, Groups and Devices. > 2. Do I write a provider that extend the ADSI Directory to provide the > Objects and functionality of my application. If so, could I then also extend > the LDAP Provider > to access my Provider. Thus giving my application acces from the LDAP > provider as well. > > All suggestions are appreciated. > > MPenland > > VIRUS FREE SMTP! > MarinaOne > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > VIRUS FREE SMTP! > MarinaOne > > VIRUS FREE SMTP! MarinaOne List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
