Good article. Explain to me what you mean by referrals from AD to the LDAP server.
MGP ----- Original Message ----- From: "Roger Seielstad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 14, 2002 1:44 PM Subject: RE: [ActiveDir] Providers vs Extensions ?? > I would think that you really just want to run a stand along LDAP directory > for authentication, and use referrals from AD to the LDAP server. > > Take a look at http://www.openldap.org > > ------------------------------------------------------ > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis - Formerly Harbinger and Extricity > Atlanta, GA > > > -----Original Message----- > > From: Michael Penland [mailto:[EMAIL PROTECTED]] > > Sent: Monday, October 14, 2002 12:50 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [ActiveDir] Providers vs Extensions ?? > > > > > > Yes some users are autenticated on the daomain when they log on > > to there PC but some users and groups in the database will > > not be a part of > > the domain users or Domain Groups. they may communicate > > through the web or > > dial in. > > These users will be authenticated to the W2k domain through > > a pre-created account with the apropiate DACL. > > as the anonymous user. > > Example: IWO_System_User. > > > > As well some members in the data base will have no direct > > assosiation to the > > domain > > other than being listed in the database. > > They may have assosiated contacts or devices, or the > > combination of both. > > > > I want these to be listed as well. Maybe extending the Person > > > Contact > > object. > > > > basicaly I want to replicate the entire user, group and > > device objects along > > with there > > specific properties and methods to ADSI so they are replicated and > > browseable > > across the domain. > > > > MGP > > > > ----- Original Message ----- > > From: "Gil Kirkpatrick" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, October 14, 2002 12:15 PM > > Subject: RE: [ActiveDir] Providers vs Extensions ?? > > > > > Hi Michael, > > > > > > If you could say more about your application requirements, > > any comments > > you > > > get would be more meaningful. But in any case... > > > > > > 1) Why do you want to bypass W2K authentication and use > > your own database > > > for authentication? I'm assuming your users have to > > authenticate into a > > W2K > > > domain anyway, so why force them into another set of credentials? > > > > > > 2) Generally speaking, if you want to store additional information > > > associated with AD objects such as users, groups, and computers, you > > should > > > simply extend the schema for those three classes, and store > > and retrieve > > the > > > additional data using ADSI/LDAP. It's quite simple and fits > > well. It does > > > not require modifying the provider, just the schema. > > > > > > 3) "I don't want the users to have to log on to a DC..." > > I'm confused by > > > this. Are you implying that your users are not > > authenticating into a W2K > > > domain already? If they are authenticating to the domain, > > they are already > > > "logged on to a DC". In any case, the default ACLs in W2K > > (not in .Net > > > Server though) are set to allow unauthenticated users to > > list things like > > > users and computers, so this should not be a problem. > > > > > > 4) Creating a new provider (I assume you mean ADSI > > provider?) is a large > > > task, and unless you have a really wacky database, I can't > > imagine why you > > > would bother. If your database is relational, there should > > be an ADO or > > ODBC > > > provider for it already. If not, writing an OLE DB provider > > for it would > > be > > > a much simpler solution. But then the question is why do > > you need to use a > > > wacky database? > > > > > > Hope this helps, > > > > > > -gil > > > > > > -----Original Message----- > > > From: Michael Penland [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, October 14, 2002 8:35 AM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] Providers vs Extensions ?? > > > > > > All, > > > I know there are some true experts out here? > > > My question is: > > > I am creating an application that is maintained by a > > > data base. The database handles Authentication, storing the > > Users, Groups, > > > and Device specific information pertaining to those users or groups. > > > I don't want the users to have to log on to a DC for use of the > > > application, but I > > > want to list the users, and groups in the Active Directory > > for browsing, > > > status information and replication. > > > 1. (a.) Do I extend the LDAP providers Person Object, as well as the > > schema > > > to accomidate the added properties and functionality. > > > 1. (b.)Do I extend the LDAP provider creating a New DN > > under the rootDSE > > and > > > add as OU's the Users, Groups and Devices. > > > 2. Do I write a provider that extend the ADSI Directory to > > provide the > > > Objects and functionality of my application. If so, could I > > then also > > extend > > > the LDAP Provider > > > to access my Provider. Thus giving my application acces > > from the LDAP > > > provider as well. > > > > > > All suggestions are appreciated. > > > > > > MPenland > > > > > > VIRUS FREE SMTP! > > > MarinaOne > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : > > http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > VIRUS FREE SMTP! > > > MarinaOne > > > > > > > > > > > > VIRUS FREE SMTP! > > MarinaOne > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > VIRUS FREE SMTP! > MarinaOne > > VIRUS FREE SMTP! MarinaOne List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
