RE: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: Internet Authentication Concepts: Pointers?

Thu, 04 May 2006 17:38:38 -0700 

That was in the original specs I saw for MONAD. They backed off of it, I think 
some part of it might have been too tough for MSFT in the few years they had 
available... 
 


--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Wednesday, May 03, 2006 2:36 PM
To: [email protected]
Subject: Re: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: 
Internet Authentication Concepts: Pointers?

That is the type of thing that would be pretty reasonable to build by writing a 
provider for MSH (Monad) that exposes an LDAP store like AD or ADAM as a 
"drive".  I think a few people have taken a swing at this already, but I'm not 
sure if anything is shipping yet.

Having this integrated into MSH is going to enable a huge number of scenarios.

Joe K.

----- Original Message -----
From: "Matheesha Weerasinghe" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, May 03, 2006 12:26 PM
Subject: Re: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... 
WAS: Internet Authentication Concepts: Pointers?


> personally, I'd like a command line tool thats interactive like
> ntdsutil or nslookup. I'd be able to use this to browse the ADAM
> instance from a command line. Have a prompt which allows me to
> navigate the hierachy. Execute commands such as create/delete
> <objecttype> etc...
>
> M@
>
> On 4/28/06, Stewart, Fitz <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>> Heck, just give a user the ability to create and otherwise manage 
>> objects –
>> users, groups, the basics.  Name, etc.  Nothing fancy, just not the
>> command-line-ishness of ADSIEDIT.
>>
>>
>>
>>
>>
>>
>> -fitz
>>
>>
>> 703-866-7473
>>  703-626-5741 (cell)
>>
>>
>>  ________________________________
>>
>>
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of
>> joe
>>  Sent: Friday, April 28, 2006 3:46 PM
>>  To: [email protected]
>>  Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and Desires......
>> WAS: Internet Authentication Concepts: Pointers?
>>
>>
>>
>> I have some curiosity in this realm...
>>
>>
>>
>> What would everyone consider good things and requirements for an ADAM
>> management tool. Even assuming, cough, GUI.
>>
>>
>>
>>   joe
>>
>>
>>
>>
>> --
>>
>> O'Reilly Active Directory Third Edition -
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>>
>>
>>
>>
>>
>>  ________________________________
>>
>>
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of
>> Jef Kazimer
>>  Sent: Friday, April 28, 2006 10:01 AM
>>  To: [email protected]
>>  Subject: RE: Re: [ActiveDir] Internet Authentication Concepts: Pointers?
>>
>> Since it is "LDAP" I did look at some "friendlier" admin tools, but none
>> really hit the mark for me.   I believed that group looked at Softerra's
>> tool,  and there is the web based PHP LDAP manager, and also the C# LDAP
>> manager tool.  You can Live search the names or I can post the links here 
>> if
>> you want.
>>
>>
>>
>> In the end I wrote my own as a .NET web app since I found them lacking.
>> Yet as I said if I want to go global,  I don't know if I want to position
>> what I wrote without some major changes. :)
>>
>>
>>
>> J
>>
>>
>>
>>
>>
>>  ________________________________
>>
>>
>> Subject: RE: Re: [ActiveDir] Internet Authentication Concepts: Pointers?
>>  Date: Fri, 28 Apr 2006 09:44:55 -0400
>>  From: [EMAIL PROTECTED]
>>  To: [email protected]
>>
>>
>> That's a very good point.  Does anyone know of any 3rd parties which 
>> improve
>> the ADAM administrative UI "experience"?
>>
>>
>>
>>
>>
>>
>>
>> J. Fitzgerald (Fitz) Stewart
>>
>> Systems Architect
>>
>> IRM/OPS/ENM
>>
>> Worldwide Information Network Systems
>>
>> USAID/DoS IT Infrastructure Collaboration Program
>>
>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>
>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>
>> 703-866-7473
>>
>> 703-626-5741 (cell)
>>  ________________________________
>>
>>
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of
>> Jef Kazimer
>>  Sent: Friday, April 28, 2006 9:27 AM
>>  To: [email protected]
>>  Subject: RE: Re: [ActiveDir] Internet Authentication Concepts: Pointers?
>>
>>
>>
>> Mylo,
>>
>>
>>
>> Thanks for the information!
>>
>>
>>
>> I have setup ADAM utilizing a custom web UI utilizing AZman for a small
>> project before, but I have concerns about scalabilty.  The issues are not
>> with the ADAM instance at all, but the UI that is needed to manage ADAM.
>> ADSIedit is great for someone who understands the directory, but it's not
>> that user friendly for web application owners, helpdesk, etc.  This was 
>> for
>> a simple application of about 500 users, and it met their needs but I 
>> don't
>> see this as a scalable solution from a global perspective.
>>
>>
>>
>> This will be a backend data store that contains the user identity, but 
>> the
>> applications that utilize it will be of different flavors from DMZ hosted
>> web apps, to externally hosted apps.   The flavors of web apps will range
>> from websphere, ColdFusion,  .NET and I suspect some PHP apps.
>>
>>
>>
>> With AD,  I guess I was thinking it has a well known support interface
>> (though I am sure I would need to customize anyway...so I'm not sure that
>> value is really there).   So I was expecting to maybe find 3rd parties 
>> that
>> do sit in front of this to manage the IDs stored. Though this could be AD 
>> or
>> ADAM with ADAM being the most cost effective.   This looks like 
>> siteMinder
>> might be a good solution to manage all of these environments but I will 
>> need
>> to look into that.
>>
>>
>>
>>
>>
>>  I suppose I am getting ahead of myself, because I do not know the
>> requirements as of yet, and I'm making assumptions that could be totally 
>> off
>> the mark here.   I guess it's a new environment and wanted to get some 
>> info
>> ahead of before it was needed. :)
>>
>>
>>
>> Thanks again!
>>
>>
>>
>> Jef
>>  ________________________________
>>
>>
>> > Date: Fri, 28 Apr 2006 01:40:09 +0200
>>  > From: [EMAIL PROTECTED]
>>  > To: [email protected]
>>  > Subject: Re: [ActiveDir] Internet Authentication Concepts: Pointers?
>>  >
>>  > Jef,
>>  >
>>  > As Al pointed out, there are numerous products
>> from vendors such as
>>  > IBM/BEA/Oracle/RSA/Netegrity/Entrust/Baltimore Labs
>> (RIP) etc providing
>>  > web-based authentication/authorisation in front of
>> AD. Since from a
>>  > design point-of-view it's generally not a good idea
>> to stick AD too
>>  > close to the Internet, often these solutions comprise
>> a presentation
>>  > tier, e.g. with  IIS (using  some sort of ISAPI plugins)
>>  that th! en hooks
>>  > into your business&n bsp;logic (e.g. middleware) or your
>> data tier (e.g.
>>  > LDAP/AD/SQL) ... if you want to look at this from an
>> MS purist
>>  > perspective then I'd suggest having a look at
>> n-Tier solutions within
>>  > the MSDN area. Although, this has a more developer
>> emphasis than you'll
>>  > probably want, it gives a good insight into how
>> Internet authentication
>>  > works, particularly .NET as well as older products
>> such as Site
>>  > Server/Commerce..
>>  >
>>  > Try googling on Authorization Manager (AZMan) to give
>> a good example of
>>  > how a& nbsp;role-based mana! gement approach (assuming a
>> web t ier) with an AD
>>  > backend would work..... Also look at ADAM as an initial
>> 'point' solution
>>  > for Internet usag rather than AD alone.
>>  >
>>  > You also mentioned self-registration and this
>> kicks off an entirely
>>  > different thread (in my mind anyway)...
>>  >
>>  > 1. What are you providing access to?
>>  > 2. Whom are you registering and for what ?
>>  > 3. What authentication mechanism do you wish to use
>> (username/password,
>>  > certs, OTP).
>>  > 4. Do you need to provide some form of authorisation
>> once authenticated
>>  > as  well? What form&nb! sp;does this need to take?
>>  > &nb sp;
>>  > Hope this helps.
>>  >
>>  > Regards,
>>  > Mylo
>>  >
>>  > if you need an initial
>>  >
>>  > Jef Kazimer wrote:
>>  >
>>  > >Al,
>>  > >
>>  > >I apologize,  as I am going only on what little
>> information I have.  I guess I was trying
>> to do some pre-meeting recon work since I had
>> seen it metioned here about 25mil internet
>> users for some people.  I had assumed
>> there might be some scenario documentation
>> for such a thing.
>>  > >
>>  > >I will know more after the meeting of course, so
>> I'll see if I can  explain myself better.> >
>>  > >I understand dire ctory design for an enterprise, but
>> have never done so for a internet instance that
>> would have self registration.  I suspect
>> there are some different lessons learned
>> from that scenario so was curious.
>>  > >
>>  > >Thanks,
>>  > >
>>  > >Jef
>>  > >
>>  > >
>>  > >
>>  > >
>>  > >
>>  > >>Date: Thu, 27 Apr 2006 15:31:33 -0400> From:
>> [EMAIL PROTECTED]> To: [email protected]> Subject: Re:
>> [ActiveDir] Internet Authentication
>> Concepts: Pointers?> > That's not a lot to go on, Jef.
>> Can you give some more information?& gt; >
>> For example,!  these public internet sites? Are  they web
>> only? What type> of authentication is
>> needed? What were your plans for
>> authorization?> Are you planning to use
>> something like SiteMinder or Tivoli or ?? to> help you deal
>> with authorization if using web sites?> >
>> Al> > On 4/26/06, Jef Kazimer <[EMAIL PROTECTED]> wrote:> >>
>> >> > Ok, here is something I'm just
>> starting to research, and I thought maybe>
>> > someone here has some pointers or a
>> direction they can steer me in.> >> >> >>
>> > We are looking&nbs p;at a potential consoli! dated directory/database
>> to contain>&nbs p;> user registrations
>> (Self registration and possible bulk load)
>> for multiple> > public internet sites for
>> products of our company.> >> >> >> >> >> >> >> > I
>> was wondering if there are any published
>> scenarios that addess this> > solution as
>>  > >>
>>  > >>
>>  > >a starting point for consideration.  We are thinking
>> of using a> > public AD forest as the
>> potential repository, but I am curious if there
>> are> > any lessons learned when designed&
>> nbsp;such a scenario.> >&! gt; >> >> > Thanks,>  >> >> >> > Jef> >> >> >> 
>>  >>
>> >> >> > ________________________________>
>> > Upgrade for free to Windows Live Mail beta
>> and you could win an African> > Safari
>> Learn more> [1]ا~m
>>  > >List info   : http://www.activedir.org/List.aspx
>>  > >List FAQ    : http://www.activedir.org/ListFAQ.aspx
>>  > >List archive:
>> http://www.mail-archive.com/activedir%40mail.activedir.org/
>>  > >
>>  > >
>>  >
>> >------------------------------------------------------------------------
>>  > >
>>  > > ;No virus found in this incoming message.
>>  > >Checked by AVG Free Edition.
>>  > >! Version: 7.1.385 / Virus Database:&nbs p;268.5.1/326 - Release
>> Date: 27/04/2006
>>  > >
>>  > >
>>  >
>>  >
>>  > List info   : http://www.activedir.org/List.aspx
>>  > List FAQ    : http://www.activedir.org/ListFAQ.aspx
>>  > List archive:
>> http://www.mail-archive.com/activedir%40mail.activedir.org/
>>
>>
>>  ________________________________
>>
>>
>> Join the next generation of Hotmail and you could win a trip to Africa
>> Upgrade today
>>
>>
>>  ________________________________
>>
>>
>> Join the next generation of Hotmail and you could win the adventure of a
>> lifetime Learn More.
>>
> .+w֧B+v*rz Vryi˽箊 

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to