Joe is correct here. Basic authentication as implemented in IIS DOES NOT use an LDAP query. It calls into the LogonUser API to log the user into Windows. This will in turn use Kerberos or NTLM under the hood to build a logon token for the user.
In general, all of the built-in Windows security in IIS is tightly integrated with the domain authentication model. Joe K. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, August 10, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] replacing AD with openldap I highly doubt it is even possible to start to do this with OWA. > One of Outlook Web Access 2003's authentication method is basic > authentication which does an ldap query to Active Directory for > the username & password. Lara, where do you get that OWA is doing an LDAP query for auth? OWA nor anything in the Windows world should be using LDAP auth, it should always be using kerberos and if that isn't working fall through to NTLM. Also as usual, Al is right on in terms of the integration between AD/Exchange. To even have an Exchange Mailbox you will need an AD user object and you aren't going to force AD to use OpenLDAP to authenticate that user. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Tuesday, August 10, 2004 9:04 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] replacing AD with openldap I suppose the first question that comes to mind is, why? Exchange OWA is going to require you to eventually identify and authenticate to Active Directory. What's the use of doing it in openldap first? Help us to understand the bigger picture and somebody may have a better suggestion? As it stands, I have not heard of anyone being able to change OWA's authentication to a separate LDAP directory. Exchange and Active Directory are married on too many levels. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lara Adianto Sent: Tuesday, August 10, 2004 5:39 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] replacing AD with openldap Hi, One of Outlook Web Access 2003's authentication method is basic authentication which does an ldap query to Active Directory for the username & password. Is it possible to configure it to query an external ldap server (such as Openldap) instead of to active directory ? My objective is to make OWA to use LDAP authentication. My LDAP server is openldap. regards, lara ===== ------------------------------------------------------------------------ ---- -------- La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------ ---- -------- __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
