FW: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: Internet Authentication Concepts: Pointers?

Thu, 04 May 2006 18:31:13 -0700

Title: RE: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: Internet Authentication Concepts: Pointers?

Brian what did you do on that message, that came through blank for me unless I looked at it in OWA or forwarded it from OWA to myself again stripping something from it.
 
Anyway COM.... Bwa ha ha ha ha. No. In the I don't know how many years that I have been writing code for Windows and COM being available I have written maybe 3 COM interfaces and hated it each time. I have to spitting mad to use one in c/c++ code and the only places I do are in exchmbx because they really want you to use cdoexm and in admod for a mechanism for changing passwords.
 
Wouldn't you rather just click, add tab in the app and then draw on the form telling it what you want where?
 
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 
 

From: joe [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 04, 2006 9:13 PM
To: joe
Subject: FW: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: Internet Authentication Concepts: Pointers?

 

From: [EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Thu 5/4/2006 9:10 PM
To: [email protected]
Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and Desires...... WAS: Internet Authentication Concepts: Pointers?

How about some good COM Addins so you can be consistent like MS? Then I can implement IJoePlugin17 to add a tab to your thing.

Addins with .net are rather easy to architect though - would be my preference.

Thanks,
Brian Desmond
[EMAIL PROTECTED]

c - 312.731.3132


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of joe
> Sent: Thursday, May 04, 2006 8:56 PM
> To: [email protected]
> Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and
> Desires...... WAS: Internet Authentication Concepts: Pointers?
>
> I was thinking of something a little more robust than ADUC with
> extensions. More of a combination of ADUC, DSSITES, ADSIEDIT, Schema
> Managemer, and some yet to be publicly seen ADAM specific management
> stuff. Maybe some form of tie in to MIIS/IIFP/ADAMSynch for easily
> configuring those products so you don't have to hurt your forehead
> slamming the wall.
>
> I understand the desire for extension capability but even there, how
> many people are actually taking advantage of it? Yes it is a pain now
> for ADUC but it exists and if people wanted to use it bad enough, they
> would figure it out. Next question, how do you do EASY extension
> capability that is flexible and powerful and useable? Add to that not
> requiring people to use NET to do things. I haven't completely shut the
> door on NET but it is bottom of the pile for things I want to do or
> require. I have had way too many people write me (some of whom I even
> respect) and say that one of the beautiful things about my code is that
> I am not using/requiring NET.
>
> I feel similar when I hear people say that NET and MONAD are going to
> make most everyone scripters and programmers. I think we will see
> Australian Ice Hockey becoming the next great global sport before we
> see everyone or even a majority of admins becoming scripters and
> programmers with NET unless MSFT dumbs it down considerably more, the
> object model is enough to scare most people away. Don't get me wrong, I
> think NET is going to be popular, just like JAVA was/is. But there are
> a lot of coders who won't go near it.
>
> So the next question is.... What kind of extension model do you go
> with? Honestly it would have to be some RAD drag and drop with field
> tweak kind of extension in my opinion. I would visualize you saying ADD
> TAB, then laying out the form the way you like to see data, specifying
> the attribute to be displayed in the various fields and specifying HOW
> it should be displayed with the schema being used to determine a
> default and possibly helping control what other ways it could be
> displayed. Possibly adding in data rules that control what can be typed
> in the fields (like forcing a phone to fit to (xxx)xxx-xxxx or
> something (yes I know I just pissed off every international person with
> that example... It was an example)).
>
> Possibly it have some ability to call out to external pieces but most
> likely not because that just adds all sorts of stability and
> supportability issues. Of course that would piss off a some folks who
> want to integrate some custom NET code or whatever but again I think
> that would be the minority of the folks. If someone is so good with
> NET, they are going to write their own tools anyway. Otherwise they are
> just playing with it and you don't want someone playing with NET
> writing extensions for your application, it would be a nightmare to
> support for a large company let alone someone small like me, myself,
> and I.
>
> So interesting. I expected more suggestions, are people just not really
> using ADAM yet or is everyone just happy with the command line tools
> they are using for it?
>
>   joe
>
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:ActiveDir-
> [EMAIL PROTECTED] On Behalf Of Al Mulnick
> Sent: Sunday, April 30, 2006 12:45 PM
> To: [email protected]
> Subject: Re: Re: [ActiveDir] ADAM Management Tool REQs and
> Desires...... WAS: Internet Authentication Concepts: Pointers?
>
> That really is the point of ADAM, isn't it? To be flexible and highly
> customizable?
>
>
> I have to agree with JoeK on this: it needs to be extensible in keeping
> with ADAM's charter.
>
> Some of the basics would be cool, but then how do you make sense of an
> object in a customized directory unless you have a way to a) read it
> and b) get some sort of manifest that tells you the meaning and c) maps
> it for you to your task? To my knowledge, there is no standards based
> definition in that sense.  I can pick whatever I want to be a <insert
> type> object and define whatever rules I want as well.  How would a
> tool know that?
>
> To make it easily extensible, i.e. create a totally easy language that
> plugs into a console would go a lot further in my opinion, than trying
> to capture an ADAM management tool that goes beyond ADSIEDIT/ldp.
> Today, it's write your own, or make do.  I'm sure some of that will
> continue, but having the ability to easily write your own and plug it
> into a well thought out graphical based administration system might be
> useful to some. At the least, I'm sure it would differentiate ADAM from
> other lightweight ldap directories that run on more platforms ;-)
>
> -ajm
>
>
> On 4/29/06, Joe Kaplan <[EMAIL PROTECTED]> wrote:
> > The difficulty with building a tool like this is that it is a huge
> > leap to go from a low level editing tool like ADSI Edit to a high
> > level, task-based UI like ADUC.  The problem is that it is nearly
> > impossible to infer the semantic meaning of attributes in the
> > directory in a generic way such that you can have objects with
> > arbitrary schema.  It is already hard enough just to come up with
> > reasonable text and graphical views of all the random binary data
> that
> > a directory can store.  For example, your directory might store
> GUIDs,
> > X509Certificates and JPEGs, but the schema only knows it is binary
> > data.  Unless you have a hard-coded list somewhere, it is hard to do
> > anything with it besides showing you the raw bytes (which is almost
> never interesting to most people).
> >
> > As such, you kind of need to either come up with a UI that just
> > provides some compelling task-based features for a very narrow schema
> > that ships with the product and/or provide a really well-conceived
> > extensibility mechanism that allows easy declarative construction of
> > useful UI features with minimal coding (or you'll scare away the
> > non-coders).  Doing something like that successfully it a pretty huge
> > undertaking, not matter what presentation framework you choose (web,
> CLI, Windows, etc.).
> >
> > Personally, I think the answer for this type of tool lies with the
> > whole managed code/Monad-based MMC thing that is coming.  It will
> > significantly lower the bar to getting custom extensions into the UI
> > and hopefully create a new eco-system of useful tools that vary from
> > universally needed to extremely domain-specific.
> >
> > That said, there are probably some tools that we really need for ADAM
> > that would be hard for most of us besides Joe to write.  I'm not
> > entirely sure what the sweet spot is though.
> >
> > Joe K.
> > ----- Original Message -----
> > From: Jef Kazimer
> > To: [email protected]
> > Sent: Friday, April 28, 2006 4:26 PM
> > Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and
> Desires......
> > WAS: Internet Authentication Concepts: Pointers?
> >
> >
> > Ok....
> >
> > So are you thinking winForm Gui?  Web? MMC?  Console? I know you like
> > command line....but ad I hear there are some great tools already in
> > existence. :)
> >
> > ADSIedit is great for MOST things, but I would fear giving it to a
> > helpdesk guy, or an application admin who has no idea what LDAP
> really
> > is.  They just want an Identty store.
> >
> > Soo....
> >
> > Something that abstracts the user from LDAP (OUs, DNs, etc....scary
> > stuff!) but shows them as a simple TreeView of the directory
> >
> > Management templates that glean data from the defined Schema and are
> > customizeable.   Since ADAM can have a very custom Schema, the tool
> would
> > need to be flexible to accommodate that.  IE select the Dog object,
> > and be able to modify the Neutered boolean attribute.
> >
> > These templates should be customizable in a simple fashion that does
> > not require extensive development knowledge :)
> >
> > Build in basic routines for common functions like password reset,
> etc.
> >
> > I guess a more customizeable ADUC for ADAM :)
> >
> >
> > Maybe the name should be "theWelch" since Jerry said "ME!"?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > From: [EMAIL PROTECTED]
> > To: [email protected]
> > Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and
> Desires......
> > WAS: Internet Authentication Concepts: Pointers?
> > Date: Fri, 28 Apr 2006 16:38:16 -0400
> >
> >
> > I am not quite sure what question that response was intended to
> answer....
> >
> > Was that, you would like a good ADAM management tool? If so, describe
> > that tool. If Murray isn't happy, we can take it offlist. I can do
> > this through personal email or spin up a forum on my website for it.
> I
> > am very interested in hearing what people think is needed. I was told
> > the perfect name for the tool over a year ago, I just haven't written
> > the tool to go with the name yet. At some point I will have to do
> > something with it. :)
> >
> >
> > --
> > O'Reilly Active Directory Third Edition -
> > http://www.joeware.net/win/ad3e.htm
> >
> >
> >
> >
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Jerry Welch
> > Sent: Friday, April 28, 2006 4:21 PM
> > To: [email protected]
> > Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and
> Desires......
> > WAS: Internet Authentication Concepts: Pointers?
> >
> >
> > ME !
> >
> > Jerry Welch
> > CPS Systems
> > US/Canada: 888-666-0277
> > International: +1 703 827 0919 (-5 GMT) IP Phone (Skype):
> Jerry_Welch
> > ( www.skype.net )
> > IP Phone (VOIP):   Jerry_Welch   ( www.voipstunt.com )
> > VOIP to Landline:   callto:+1-703-827-0919
> >
> >
> >
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of joe
> > Sent: Friday, April 28, 2006 3:46 PM
> > To: [email protected]
> > Subject: RE: Re: [ActiveDir] ADAM Management Tool REQs and
> Desires......
> > WAS: Internet Authentication Concepts: Pointers?
> >
> >
> > I have some curiosity in this realm...
> >
> > What would everyone consider good things and requirements for an ADAM
> > management tool. Even assuming, cough, GUI.
> >
> >  joe
> >
> > --
> > O'Reilly Active Directory Third Edition -
> > http://www.joeware.net/win/ad3e.htm
> >
> >
> >
> >
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Jef Kazimer
> > Sent: Friday, April 28, 2006 10:01 AM
> > To: [email protected]
> > Subject: RE: Re: [ActiveDir] Internet Authentication Concepts:
> Pointers?
> >
> >
> > Since it is "LDAP" I did look at some "friendlier" admin tools, but
> none
> > really hit the mark for me.   I believed that group looked at
> Softerra's
> > tool,  and there is the web based PHP LDAP manager, and also the C#
> > LDAP manager tool.  You can Live search the names or I can post the
> > links here if you want.
> >
> > In the end I wrote my own as a .NET web app since I found them
> lacking.
> > Yet as I said if I want to go global,  I don't know if I want to
> > position what I wrote without some major changes. :)
> >
> > J
> >
> >
> >
> >
> >
> > Subject: RE: Re: [ActiveDir] Internet Authentication Concepts:
> Pointers?
> > Date: Fri, 28 Apr 2006 09:44:55 -0400
> > From: [EMAIL PROTECTED]
> > To: [email protected]
> >
> >
> > That's a very good point.  Does anyone know of any 3rd parties which
> > improve the ADAM administrative UI "experience"?
> >
> >
> > J. Fitzgerald (Fitz) Stewart
> > Systems Architect
> > IRM/OPS/ENM
> > Worldwide Information Network Systems
> > USAID/DoS IT Infrastructure Collaboration Program
> > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > 703-866-7473
> > 703-626-5741 (cell)
> >
> >
> >
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Jef Kazimer
> > Sent: Friday, April 28, 2006 9:27 AM
> > To: [email protected]
> > Subject: RE: Re: [ActiveDir] Internet Authentication Concepts:
> Pointers?
> >
> > Mylo,
> >
> > Thanks for the information!
> >
> > I have setup ADAM utilizing a custom web UI utilizing AZman for a
> > small project before, but I have concerns about scalabilty.  The
> > issues are not with the ADAM instance at all, but the UI that is
> needed to manage ADAM.
> > ADSIedit is great for someone who understands the directory, but it's
> > not that user friendly for web application owners, helpdesk, etc.
> > This was for a simple application of about 500 users, and it met
> their
> > needs but I don't see this as a scalable solution from a global
> perspective.
> >
> > This will be a backend data store that contains the user identity,
> but
> > the applications that utilize it will be of different flavors from
> DMZ hosted
> > web apps, to externally hosted apps.   The flavors of web apps will
> range
> > from websphere, ColdFusion,  .NET and I suspect some PHP apps.
> >
> > With AD,  I guess I was thinking it has a well known support
> interface
> > (though I am sure I would need to customize anyway...so I'm not sure
> that
> > value is really there).   So I was expecting to maybe find 3rd
> parties that
> > do sit in front of this to manage the IDs stored. Though this could
> be AD or
> > ADAM with ADAM being the most cost effective.   This looks like
> siteMinder
> > might be a good solution to manage all of these environments but I
> > will need to look into that.
> >
> >
> >  I suppose I am getting ahead of myself, because I do not know the
> > requirements as of yet, and I'm making assumptions that could be
> totally off
> > the mark here.   I guess it's a new environment and wanted to get
> some info
> > ahead of before it was needed. :)
> >
> > Thanks again!
> >
> > Jef
> >
> >
> >
> > > Date: Fri, 28 Apr 2006 01:40:09 +0200
> > > From: [EMAIL PROTECTED]
> > > To: [email protected]
> > > Subject: Re: [ActiveDir] Internet Authentication Concepts:
> Pointers?
> > >
> > > Jef,
> > >
> > > As Al pointed out, there are numerous products from vendors such as
> > > IBM/BEA/Oracle/RSA/Netegrity/Entrust/Baltimore Labs (RIP) etc
> > > providing web-based authentication/authorisation in front of AD.
> > > Since from a design point-of-view it's generally not a good idea to
> > > stick AD too close to the Internet, often these solutions comprise
> a
> > > presentation tier, e.g. with  IIS (using&n bsp; some sort of ISAPI
> plugins)  that th!
> > > en hooks
> > > into your business&n bsp;logic (e.g. middleware) or your data tier
> (e.g.
> > > LDAP/AD/SQL) ... if you want to look at this from an MS purist
> > > perspective then I'd suggest having a look at n-Tier solutions
> > > within the MSDN area. Although, this has a more developer emphasis
> > > than you'll probably want, it gives a good insight into how
> Internet
> > > authentication works, particularly .NET as well as older products
> > > such as Site Server/Commerce..
> > >
> > > Try googling on Authorization Manager (AZMan) to give  a good
> > > example of how a & nbsp;role-based mana! gement approach (assuming
> a
> > > web t ier) with an AD backend would work..... Also look at ADAM as
> > > an initial 'point' solution for Internet usag rather than AD alone.
> > >
> > > You also mentioned self-registration and this kicks off an entirely
> > > different thread (in my mind anyway)...
> > >
> > > 1. What are you providing access to?
> > > 2. Whom are you registering and for what ?
> > > 3. What authentication mechanism do you wish to use
> > > (username/password, certs, OTP).
> > > 4. Do you need to provide some form of au thorisation once
> authenticated
> > > as   well? What form&nb! sp;does this need to take?
> > > &nb sp;
> > > Hope this helps.
> > >
> > > Regards,
> > > Mylo
> > >
> > > if you need an initial
> > >
> > > Jef Kazimer wrote:
> > >
> > > >Al,
> > > >
> > > >I apologize,  as I am going only on what little information I
> have.
> > > >I guess I was trying to do some pre-meeting recon work since I had
> > > >seen it metioned here about 25mil internet users for some people.
> > > >I had assumed there might be some scenario documentation for such
> a thing.
> > > >
> > > >I will know more after the meeting of  course, so I'll see if I&n
> > > >bsp;can explain myself better.> > I understand dire ctory design
> > > >for an enterprise, but have never done so for a internet instance
> > > >that would have self registration.  I suspect there are some
> > > >different lessons learned from that scenario so was curious.
> > > >
> > > >Thanks,
> > > >
> > > >Jef
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >>Date: Thu, 27 Apr 2006 15:31:33 -0400> From: [EMAIL PROTECTED]>
> To:
> > > >>[email protected]> Subject: Re: [ActiveDir] Internet
> > > >>Authentication Concepts: Pointers?> > That's not a lot to go on,
> > > >>Jef. &n bsp;Can you give some more infor mation?& gt; > For
> > > >>example,!  these public internet sites? Are  they web only? What
> > > >>type> of authentication is needed? What were your plans for
> > > >>authorization?> Are you planning to use something like SiteMinder
> > > >>or Tivoli or ?? to> help you deal with authorization if using web
> > > >>sites?> > Al> > On 4/26/06, Jef Kazimer <[EMAIL PROTECTED]> wrote:>
> > > >>>> >> > Ok, here is something I'm just starting to research, and
> I
> > > >>thought maybe> > someone here has some pointers or a direction
> > > >>they can steer me in.> >>&n bsp;>> >> > We are&nbs p;looking&nbs
> > > >>p;at a potential consoli! dated directory/database to
> > > >>contain>&nbs p;> user registrations (Self registration and
> > > >>contain>possible bulk
> > > >>load) for multiple> > public internet sites for products of our
> > > >>company.> >> >> >> >> >> >> >> > I was wondering if there are any
> > > >>published scenarios that addess this> > solution as
> > > >>
> > > >>
> > > >a starting point for consideration.  We are thinking of using a> >
> > > >public AD forest as the potential repository, but I am curious if
> > > >there ar e> > any lessons learned w hen designed& nbsp;such a
> > > >scenario.> >&! gt; >> >>
> > > > > Thanks,>  >> >> >> > Jef> >> >> >> >> >> >> >
> > > >________________________________> > Upgrade for free to Windows
> > > >Live Mail beta and you could win an African> > Safari Learn more>
> [1]ا~m
> > > >List info   : http://www.activedir.org/List.aspx
> > > >List FAQ    : http://www.activedir.org/ListFAQ.aspx
> > > >List archive:
> > > >http://www.mail-archive.com/activedir%40mail.activedir.org/
> > > >
> > > >
> > > >-----------------
> > > >------------------------------------------------------->
> > > > >
> > > > ;No virus found in this incoming message.
> > > >Checked by AVG Free Edition.
> > > >! Version: 7.1.385 / Virus Database:&nbs p;268.5.1/326 - Release
> Date:
> > > >27/04/2006
> > > >
> > > >
> > >
> > >
> > > List info   : http://www.activedir.org/List.aspx
> > > List FAQ    : http://www.activedir.org/ListFAQ.aspx
> > > List archive:
> > > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> >
> >
> >
> > Join the next generation of Hotmail and you could win a trip to
> Africa
> > Upgrade today
> >
> >
> >
> > Join the next generation of Hotmail and you could win the adventure
> of
> > a lifetime Learn More.
> >
> >
> >
> > Join the next generation of Hotmail and you could win a trip to
> Africa
> > Upgrade today
> >
> > List info   : http://www.activedir.org/List.aspx
> > List FAQ    : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> .+w֧B+v*rz   Vryi˽箊
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ    : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-
> archive.com/activedir%40mail.activedir.org/
[EMAIL PROTECTED]  Vry&-4ibb

Reply via email to